diff options
Diffstat (limited to 'app/controllers/referentials_controller.rb')
| -rw-r--r-- | app/controllers/referentials_controller.rb | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/app/controllers/referentials_controller.rb b/app/controllers/referentials_controller.rb index 5267c15d8..6e3694547 100644 --- a/app/controllers/referentials_controller.rb +++ b/app/controllers/referentials_controller.rb @@ -7,6 +7,8 @@ class ReferentialsController < ChouetteController respond_to :json, :only => :show respond_to :js, :only => :show + before_action :check_cloning_source_is_accessible, only: %i(new create) + def new new! do build_referential @@ -175,6 +177,12 @@ class ReferentialsController < ChouetteController ) end + def check_cloning_source_is_accessible + return unless params[:from] + source = Referential.find params[:from] + return user_not_authorized unless current_user.organisation.workgroups.include?(source.workbench.workgroup) + end + def load_workbench @workbench ||= Workbench.find(params[:workbench_id]) if params[:workbench_id] @workbench ||= resource&.workbench if params[:id] |