diff options
Diffstat (limited to 'app')
| -rw-r--r-- | app/helpers/newapplication_helper.rb | 5 | ||||
| -rw-r--r-- | app/helpers/table_builder_helper/custom_links.rb | 14 | ||||
| -rw-r--r-- | app/models/chouette/stop_point.rb | 5 | ||||
| -rw-r--r-- | app/models/user.rb | 2 | ||||
| -rw-r--r-- | app/policies/application_policy.rb | 2 | ||||
| -rw-r--r-- | app/policies/boiv_policy.rb | 4 | ||||
| -rw-r--r-- | app/policies/default_policy.rb | 11 | ||||
| -rw-r--r-- | app/policies/line_policy.rb | 5 | ||||
| -rw-r--r-- | app/policies/time_table_policy.rb | 4 |
9 files changed, 41 insertions, 11 deletions
diff --git a/app/helpers/newapplication_helper.rb b/app/helpers/newapplication_helper.rb index edcad76c3..ac57997d1 100644 --- a/app/helpers/newapplication_helper.rb +++ b/app/helpers/newapplication_helper.rb @@ -155,7 +155,10 @@ module NewapplicationHelper content_tag :li, link_to(t("actions.#{action}"), polymorph_url, method: :put) end else - content_tag :li, link_to(t("actions.#{action}"), polymorph_url) + permission = "#{action}?" + if !policy(item).respond_to?(permission) || policy(item).public_send(permission) + content_tag :li, link_to(t("actions.#{action}"), polymorph_url) + end end end.join.html_safe end diff --git a/app/helpers/table_builder_helper/custom_links.rb b/app/helpers/table_builder_helper/custom_links.rb index abb907678..e185bf77b 100644 --- a/app/helpers/table_builder_helper/custom_links.rb +++ b/app/helpers/table_builder_helper/custom_links.rb @@ -40,6 +40,14 @@ module TableBuilderHelper def actions_after_policy_check @actions.select do |action| + # TODO: My idea would be to push authorization logic into policies + # Eventually the code should look like: + # select do |action| + # Pundit.policy(@user_context, @obj).send("#{action}?") + # end + # This puts the responsability where it belongs to and allows + # for easy and fast unit testing of the BL, always a goos sign. + # Has policy and can destroy (action == :delete && Pundit.policy(@user_context, @obj).present? && @@ -64,6 +72,10 @@ module TableBuilderHelper # Object is archived (action == :unarchive && @obj.archived?) || + !Pundit.policy(@user_context, @obj).respond_to?("#{action}?") || + Pundit.policy(@user_context, @obj).public_send("#{action}?") || + + action_is_allowed_regardless_of_policy(action) end end @@ -71,7 +83,7 @@ module TableBuilderHelper private def action_is_allowed_regardless_of_policy(action) - ![:delete, :edit, :archive, :unarchive].include?(action) + ![:delete, :edit, :archive, :unarchive, :duplicate, :actualize].include?(action) end end end diff --git a/app/models/chouette/stop_point.rb b/app/models/chouette/stop_point.rb index e0f947487..1cc1ed7a3 100644 --- a/app/models/chouette/stop_point.rb +++ b/app/models/chouette/stop_point.rb @@ -1,5 +1,10 @@ module Chouette class StopPoint < TridentActiveRecord + + def self.policy_class + DefaultPolicy + end + include ForBoardingEnumerations include ForAlightingEnumerations diff --git a/app/models/user.rb b/app/models/user.rb index 4ba05b164..31fc4ef78 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -31,7 +31,7 @@ class User < ActiveRecord::Base @@edit_offer_permissions = ['routes.create', 'routes.edit', 'routes.destroy', 'journey_patterns.create', 'journey_patterns.edit', 'journey_patterns.destroy', 'vehicle_journeys.create', 'vehicle_journeys.edit', 'vehicle_journeys.destroy', 'time_tables.create', 'time_tables.edit', 'time_tables.destroy', 'footnotes.edit', 'footnotes.create', 'footnotes.destroy', 'routing_constraint_zones.create', 'routing_constraint_zones.edit', - 'routing_constraint_zones.destroy', 'referentials.create', 'referentials.edit', 'referentials.destroy', 'boiv:edit-offer'] + 'routing_constraint_zones.destroy', 'referentials.create', 'referentials.edit', 'referentials.destroy', 'boiv:edit-offer', 'boiv:read-offer'] mattr_reader :edit_offer_permissions def self.all_permissions diff --git a/app/policies/application_policy.rb b/app/policies/application_policy.rb index f2521fa44..e2c0acd8e 100644 --- a/app/policies/application_policy.rb +++ b/app/policies/application_policy.rb @@ -53,7 +53,7 @@ class ApplicationPolicy end def boiv_read_offer? - organisation_match? && user.has_permission?('boiv:read-offer') + organisation_match? && !(user.permissions || []).grep(%r{\Aboiv:.}).empty? end def organisation_match? diff --git a/app/policies/boiv_policy.rb b/app/policies/boiv_policy.rb index 444006aa4..aa3ecc50d 100644 --- a/app/policies/boiv_policy.rb +++ b/app/policies/boiv_policy.rb @@ -1,10 +1,6 @@ class BoivPolicy < ApplicationPolicy - def boiv_read_offer? - organisation_match? && user.has_permission?('boiv:read-offer') - end - def index? boiv_read_offer? end diff --git a/app/policies/default_policy.rb b/app/policies/default_policy.rb new file mode 100644 index 000000000..efdac1575 --- /dev/null +++ b/app/policies/default_policy.rb @@ -0,0 +1,11 @@ +class DefaultPolicy + + def initialize(*args); end + + def create?; true end + def destroy?; true end + def edit?; true end + def index?; true end + def show?; true end + def update?; true end +end diff --git a/app/policies/line_policy.rb b/app/policies/line_policy.rb index b829040af..1b0d00cc5 100644 --- a/app/policies/line_policy.rb +++ b/app/policies/line_policy.rb @@ -6,9 +6,8 @@ class LinePolicy < BoivPolicy end end - def create? - false - end + def show?; true end + def create?; false end def update? ; false end def new? ; create? end def edit? ; false end diff --git a/app/policies/time_table_policy.rb b/app/policies/time_table_policy.rb index e915ede6a..a8f54ad48 100644 --- a/app/policies/time_table_policy.rb +++ b/app/policies/time_table_policy.rb @@ -6,6 +6,10 @@ class TimeTablePolicy < BoivPolicy end end + def actualize? + !archived? && organisation_match? && edit? + end + def create? !archived? && user.has_permission?('time_tables.create') # organisation match via referential is checked in the view end |