diff options
| -rw-r--r-- | app/controllers/time_table_combinations_controller.rb | 4 | ||||
| -rw-r--r-- | app/decorators/time_table_decorator.rb | 14 | ||||
| -rw-r--r-- | app/policies/time_table_combination_policy.rb | 12 |
3 files changed, 24 insertions, 6 deletions
diff --git a/app/controllers/time_table_combinations_controller.rb b/app/controllers/time_table_combinations_controller.rb index 32f1818b0..ba61a2ea4 100644 --- a/app/controllers/time_table_combinations_controller.rb +++ b/app/controllers/time_table_combinations_controller.rb @@ -3,13 +3,17 @@ class TimeTableCombinationsController < ChouetteController belongs_to :time_table, :parent_class => Chouette::TimeTable end + # include PolicyChecker + def new @combination = TimeTableCombination.new(source_id: parent.id) + authorize @combination @combination.combined_type = 'time_table' end def create @combination = TimeTableCombination.new(params[:time_table_combination].merge(source_id: parent.id)) + authorize @combination @combination.valid? ? perform_combination : render(:new) end diff --git a/app/decorators/time_table_decorator.rb b/app/decorators/time_table_decorator.rb index 526537310..c6eeac176 100644 --- a/app/decorators/time_table_decorator.rb +++ b/app/decorators/time_table_decorator.rb @@ -21,13 +21,15 @@ class TimeTableDecorator < Draper::Decorator ) end - links << Link.new( - content: h.t('actions.combine'), - href: h.new_referential_time_table_time_table_combination_path( - context[:referential], - object + if h.policy(object).edit? + links << Link.new( + content: h.t('actions.combine'), + href: h.new_referential_time_table_time_table_combination_path( + context[:referential], + object + ) ) - ) + end if h.policy(object).duplicate? links << Link.new( diff --git a/app/policies/time_table_combination_policy.rb b/app/policies/time_table_combination_policy.rb new file mode 100644 index 000000000..daa6808e4 --- /dev/null +++ b/app/policies/time_table_combination_policy.rb @@ -0,0 +1,12 @@ +class TimeTableCombinationPolicy < ApplicationPolicy + + class Scope < Scope + def resolve + scope + end + end + + def create? + !archived? && organisation_match? && user.has_permission?('time_tables.update') + end +end |