aboutsummaryrefslogtreecommitdiffstats
path: root/app/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers')
-rw-r--r--app/controllers/application_controller.rb8
-rw-r--r--app/controllers/stop_areas_controller.rb9
2 files changed, 17 insertions, 0 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index fa3874632..c2414f5bb 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,9 +1,13 @@
class ApplicationController < ActionController::Base
+ include Pundit
+ rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
+
# TODO : Delete hack to authorize Cross Request for js and json get request from javascript
protect_from_forgery unless: -> { request.get? && (request.format.json? || request.format.js?) }
before_action :authenticate_user!
before_action :set_locale
+
# Load helpers in rails engine
helper LanguageEngine::Engine.helpers
@@ -13,6 +17,10 @@ class ApplicationController < ActionController::Base
protected
+ def user_not_authorized
+ render :file => "#{Rails.root}/public/403.html", :status => :forbidden, :layout => false
+ end
+
def current_organisation
current_user.organisation if current_user
end
diff --git a/app/controllers/stop_areas_controller.rb b/app/controllers/stop_areas_controller.rb
index b37709e84..90820d932 100644
--- a/app/controllers/stop_areas_controller.rb
+++ b/app/controllers/stop_areas_controller.rb
@@ -63,6 +63,7 @@ class StopAreasController < BreadcrumbController
end
def new
+ authorize Chouette::StopArea
@map = StopAreaMap.new( Chouette::StopArea.new).with_helpers(self)
@map.editable = true
new! do
@@ -71,6 +72,7 @@ class StopAreasController < BreadcrumbController
end
def create
+ authorize Chouette::StopArea
@map = StopAreaMap.new( Chouette::StopArea.new).with_helpers(self)
@map.editable = true
@@ -92,6 +94,7 @@ class StopAreasController < BreadcrumbController
end
def edit
+ authorize stop_area
edit! do
stop_area.position ||= stop_area.default_position
map.editable = true
@@ -99,7 +102,13 @@ class StopAreasController < BreadcrumbController
end
end
+ def destroy
+ authorize stop_area
+ super
+ end
+
def update
+ authorize stop_area
stop_area.position ||= stop_area.default_position
map.editable = true
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-01 12:19:09 +0000