diff options
Diffstat (limited to 'app')
48 files changed, 216 insertions, 159 deletions
diff --git a/app/controllers/access_links_controller.rb b/app/controllers/access_links_controller.rb index d590aba00..fbf6d2c5c 100644 --- a/app/controllers/access_links_controller.rb +++ b/app/controllers/access_links_controller.rb @@ -9,6 +9,8 @@ class AccessLinksController < ChouetteController respond_to :html, :xml, :json respond_to :kml, :only => :show + include PolicyChecker + def index request.format.kml? ? @per_page = nil : @per_page = 12 index! @@ -86,7 +88,6 @@ class AccessLinksController < ChouetteController end end - private def access_link_params diff --git a/app/controllers/access_points_controller.rb b/app/controllers/access_points_controller.rb index 534b0c835..2cef90a28 100644 --- a/app/controllers/access_points_controller.rb +++ b/app/controllers/access_points_controller.rb @@ -7,7 +7,9 @@ class AccessPointsController < ChouetteController respond_to :html, :kml, :xml, :json - def index + include PolicyChecker + + def index request.format.kml? ? @per_page = nil : @per_page = 12 index! do |format| @@ -16,7 +18,7 @@ class AccessPointsController < ChouetteController redirect_to params.merge(:page => 1) end } - end + end end def show @@ -26,14 +28,14 @@ class AccessPointsController < ChouetteController show! do |format| unless access_point.position or params[:default] format.kml { - render :nothing => true, :status => :not_found + render :nothing => true, :status => :not_found } - + end format.html {build_breadcrumb :show} end end - + def edit access_point.position ||= access_point.default_position @@ -45,7 +47,7 @@ class AccessPointsController < ChouetteController protected - + alias_method :access_point, :resource def map @@ -54,7 +56,7 @@ class AccessPointsController < ChouetteController def collection @q = parent.access_points.search(params[:q]) - @access_points ||= + @access_points ||= begin access_points = @q.result(:distinct => true).order(:name) access_points = access_points.paginate(:page => params[:page]) if @per_page.present? @@ -62,7 +64,6 @@ class AccessPointsController < ChouetteController end end - private def access_point_params diff --git a/app/controllers/calendars_controller.rb b/app/controllers/calendars_controller.rb index 9784820f9..3e7a05231 100644 --- a/app/controllers/calendars_controller.rb +++ b/app/controllers/calendars_controller.rb @@ -1,6 +1,6 @@ class CalendarsController < BreadcrumbController + include PolicyChecker defaults resource_class: Calendar - before_action :check_policy, only: [:edit, :update, :destroy] respond_to :html respond_to :js, only: :index @@ -39,9 +39,5 @@ class CalendarsController < BreadcrumbController calendars = calendars.order(sort_column + ' ' + sort_direction) if sort_column && sort_direction @calendars = calendars.paginate(page: params[:page]) end - - def check_policy - authorize resource - end end diff --git a/app/controllers/chouette_controller.rb b/app/controllers/chouette_controller.rb index 074fc0515..dd1002fd8 100644 --- a/app/controllers/chouette_controller.rb +++ b/app/controllers/chouette_controller.rb @@ -10,9 +10,9 @@ class ChouetteController < BreadcrumbController end def referential - @referential ||= current_organisation.referentials.find params[:referential_id] + @referential ||= Referential.find params[:referential_id] end - + alias_method :current_referential, :referential helper_method :current_referential diff --git a/app/controllers/companies_controller.rb b/app/controllers/companies_controller.rb index bf298786a..a8701d227 100644 --- a/app/controllers/companies_controller.rb +++ b/app/controllers/companies_controller.rb @@ -1,6 +1,6 @@ class CompaniesController < BreadcrumbController include ApplicationHelper - before_action :check_policy, :only => [:edit, :update, :destroy] + include PolicyChecker defaults :resource_class => Chouette::Company respond_to :html respond_to :xml @@ -53,10 +53,6 @@ class CompaniesController < BreadcrumbController alias_method :line_referential, :parent - def check_policy - authorize resource - end - alias_method :current_referential, :line_referential helper_method :current_referential diff --git a/app/controllers/concerns/policy_checker.rb b/app/controllers/concerns/policy_checker.rb new file mode 100644 index 000000000..72c18c64f --- /dev/null +++ b/app/controllers/concerns/policy_checker.rb @@ -0,0 +1,12 @@ +module PolicyChecker + extend ActiveSupport::Concern + + included do + before_action :check_policy, only: [:edit, :update, :destroy] + end + + protected + def check_policy + authorize resource + end +end diff --git a/app/controllers/connection_links_controller.rb b/app/controllers/connection_links_controller.rb index ca36a999f..abeb9dd6a 100644 --- a/app/controllers/connection_links_controller.rb +++ b/app/controllers/connection_links_controller.rb @@ -10,7 +10,9 @@ class ConnectionLinksController < ChouetteController respond_to :kml, :only => :show respond_to :js, :only => :index - def index + include PolicyChecker + + def index index! do |format| format.html { if collection.out_of_bounds? @@ -18,7 +20,7 @@ class ConnectionLinksController < ChouetteController end build_breadcrumb :index } - end + end end def show @@ -36,10 +38,10 @@ class ConnectionLinksController < ChouetteController end protected - + alias_method :connection_link, :resource - def collection + def collection @q = referential.connection_links.search(params[:q]) @connection_links ||= @q.result(:distinct => true).order(:name).paginate(:page => params[:page]) end @@ -53,7 +55,7 @@ class ConnectionLinksController < ChouetteController end private - + def connection_link_params params.require(:connection_link).permit( :connection_link_type,:departure_id, :arrival_id, :objectid, :object_version, :creation_time, :creator_id, :name, :comment, :link_distance, :link_type, :default_duration, :frequent_traveller_duration, :occasional_traveller_duration, :mobility_restricted_traveller_duration, :mobility_restricted_suitability, :stairs_availability, :lift_availability, :int_user_needs ) end diff --git a/app/controllers/group_of_lines_controller.rb b/app/controllers/group_of_lines_controller.rb index 112ff2dd0..a1cf0d6e4 100644 --- a/app/controllers/group_of_lines_controller.rb +++ b/app/controllers/group_of_lines_controller.rb @@ -1,6 +1,6 @@ class GroupOfLinesController < BreadcrumbController include ApplicationHelper - before_action :check_policy, :only => [:edit, :update, :destroy] + include PolicyChecker defaults :resource_class => Chouette::GroupOfLine respond_to :html respond_to :xml @@ -75,10 +75,6 @@ class GroupOfLinesController < BreadcrumbController private - def check_policy - authorize resource - end - def group_of_line_params params.require(:group_of_line).permit( :objectid, :object_version, :creation_time, :creator_id, :name, :comment, :lines, :registration_number, :line_tokens) end diff --git a/app/controllers/journey_patterns_controller.rb b/app/controllers/journey_patterns_controller.rb index 69f16321e..4b6872a05 100644 --- a/app/controllers/journey_patterns_controller.rb +++ b/app/controllers/journey_patterns_controller.rb @@ -15,7 +15,7 @@ class JourneyPatternsController < ChouetteController alias_method :route, :parent alias_method :journey_pattern, :resource - before_action :check_policy, only: [:edit, :update, :destroy] + include PolicyChecker def index index! do |format| @@ -55,10 +55,6 @@ class JourneyPatternsController < ChouetteController private - def check_policy - authorize resource - end - def journey_pattern_params params.require(:journey_pattern).permit(:route_id, :objectid, :object_version, :creation_time, :creator_id, :name, :comment, :registration_number, :published_name, :departure_stop_point_id, :arrival_stop_point_id, {:stop_point_ids => []}) end diff --git a/app/controllers/line_footnotes_controller.rb b/app/controllers/line_footnotes_controller.rb index 3b44d087c..192f902c8 100644 --- a/app/controllers/line_footnotes_controller.rb +++ b/app/controllers/line_footnotes_controller.rb @@ -1,6 +1,6 @@ class LineFootnotesController < ChouetteController defaults :resource_class => Chouette::Line, :instance_name => 'line' - before_action :check_policy, only: [:edit, :update, :destroy] + include PolicyChecker belongs_to :referential def show @@ -24,6 +24,8 @@ class LineFootnotesController < ChouetteController end protected + + # overrides default def check_policy authorize resource, "#{action_name}_footnote?".to_sym end diff --git a/app/controllers/lines_controller.rb b/app/controllers/lines_controller.rb index 9a0a007aa..bc8852411 100644 --- a/app/controllers/lines_controller.rb +++ b/app/controllers/lines_controller.rb @@ -1,6 +1,6 @@ class LinesController < BreadcrumbController include ApplicationHelper - before_action :check_policy, :only => [:edit, :update, :destroy] + include PolicyChecker defaults :resource_class => Chouette::Line respond_to :html respond_to :xml @@ -98,10 +98,6 @@ class LinesController < BreadcrumbController %w[asc desc].include?(params[:direction]) ? params[:direction] : 'asc' end - def check_policy - authorize resource - end - alias_method :current_referential, :line_referential helper_method :current_referential diff --git a/app/controllers/networks_controller.rb b/app/controllers/networks_controller.rb index d9070e7e8..7249349fc 100644 --- a/app/controllers/networks_controller.rb +++ b/app/controllers/networks_controller.rb @@ -1,6 +1,6 @@ class NetworksController < BreadcrumbController include ApplicationHelper - before_action :check_policy, :only => [:edit, :update, :destroy] + include PolicyChecker defaults :resource_class => Chouette::Network respond_to :html respond_to :xml @@ -58,10 +58,6 @@ class NetworksController < BreadcrumbController alias_method :line_referential, :parent - def check_policy - authorize resource - end - alias_method :current_referential, :line_referential helper_method :current_referential diff --git a/app/controllers/referential_lines_controller.rb b/app/controllers/referential_lines_controller.rb index 4ffee27cb..c0d71d891 100644 --- a/app/controllers/referential_lines_controller.rb +++ b/app/controllers/referential_lines_controller.rb @@ -1,5 +1,5 @@ class ReferentialLinesController < ChouetteController - before_action :check_policy, :only => [:edit, :update, :destroy] + include PolicyChecker defaults :resource_class => Chouette::Line, :collection_name => 'lines', :instance_name => 'line' respond_to :html @@ -95,10 +95,6 @@ class ReferentialLinesController < ChouetteController %w[asc desc].include?(params[:direction]) ? params[:direction] : 'asc' end - def check_policy - authorize resource - end - def line_params params.require(:line).permit( :transport_mode, diff --git a/app/controllers/referentials_controller.rb b/app/controllers/referentials_controller.rb index 6957479df..78d55f94b 100644 --- a/app/controllers/referentials_controller.rb +++ b/app/controllers/referentials_controller.rb @@ -1,6 +1,7 @@ class ReferentialsController < BreadcrumbController defaults :resource_class => Referential - before_action :check_policy, :only => [:edit, :update] + include PolicyChecker + before_action :check_policy, :only => [:edit, :update] # overrides default respond_to :html respond_to :json, :only => :show @@ -117,10 +118,6 @@ class ReferentialsController < BreadcrumbController %w[asc desc].include?(params[:direction]) ? params[:direction] : 'asc' end - def check_policy - authorize resource - end - def referential_params params.require(:referential).permit( :id, diff --git a/app/controllers/routes_controller.rb b/app/controllers/routes_controller.rb index be6329006..59bd22f56 100644 --- a/app/controllers/routes_controller.rb +++ b/app/controllers/routes_controller.rb @@ -1,4 +1,5 @@ class RoutesController < ChouetteController + include PolicyChecker defaults :resource_class => Chouette::Route respond_to :html, :xml, :json @@ -10,7 +11,6 @@ class RoutesController < ChouetteController end before_action :define_candidate_opposite_routes, only: [:new, :edit, :create, :update] - before_action :check_policy, only: [:edit, :update, :destroy] def index index! do |format| @@ -86,10 +86,6 @@ class RoutesController < ChouetteController end end - def check_policy - authorize resource - end - private def route_params diff --git a/app/controllers/routing_constraint_zones_controller.rb b/app/controllers/routing_constraint_zones_controller.rb index cd8cd5aa7..17c7066b9 100644 --- a/app/controllers/routing_constraint_zones_controller.rb +++ b/app/controllers/routing_constraint_zones_controller.rb @@ -7,12 +7,7 @@ class RoutingConstraintZonesController < ChouetteController belongs_to :line, parent_class: Chouette::Line end - before_action :check_policy, only: [:edit, :update, :destroy] - - protected - def check_policy - authorize resource - end + include PolicyChecker private def routing_constraint_zone_params diff --git a/app/controllers/time_tables_controller.rb b/app/controllers/time_tables_controller.rb index ec62dfb98..7f9a95789 100644 --- a/app/controllers/time_tables_controller.rb +++ b/app/controllers/time_tables_controller.rb @@ -8,7 +8,7 @@ class TimeTablesController < ChouetteController belongs_to :referential - before_action :check_policy, only: [:edit, :update, :destroy] + include PolicyChecker def show @year = params[:year] ? params[:year].to_i : Date.today.cwyear @@ -114,10 +114,6 @@ class TimeTablesController < ChouetteController referential_time_tables_path(referential) end - def check_policy - authorize resource - end - private def time_table_params diff --git a/app/controllers/vehicle_journeys_controller.rb b/app/controllers/vehicle_journeys_controller.rb index 9b4c39d2a..3ae278ec1 100644 --- a/app/controllers/vehicle_journeys_controller.rb +++ b/app/controllers/vehicle_journeys_controller.rb @@ -9,7 +9,7 @@ class VehicleJourneysController < ChouetteController end end - before_action :check_policy, only: [:edit, :update, :destroy] + include PolicyChecker def select_journey_pattern if params[:journey_pattern_id] @@ -79,12 +79,6 @@ class VehicleJourneysController < ChouetteController @matrix = resource_class.matrix(@vehicle_journeys) end - protected - - def check_policy - authorize resource - end - private def vehicle_journey_params diff --git a/app/helpers/breadcrumb_helper.rb b/app/helpers/breadcrumb_helper.rb index c973c754c..a382f1926 100644 --- a/app/helpers/breadcrumb_helper.rb +++ b/app/helpers/breadcrumb_helper.rb @@ -86,11 +86,11 @@ module BreadcrumbHelper def network_breadcrumb(action) if @line_referential line_referential_breadcrumb - add_breadcrumb Chouette::Network.model_name.human(:count => 2), line_referential_networks_path(@line_referential) unless action == :index + add_breadcrumb Chouette::Network.model_name.human(:count => 2).capitalize, line_referential_networks_path(@line_referential) unless action == :index add_breadcrumb breadcrumb_label(@network), line_referential_network_path(@line_referential, @network),:title => breadcrumb_tooltip(@network) if action == :edit else referential_breadcrumb - add_breadcrumb Chouette::Network.model_name.human(:count => 2), referential_networks_path(@referential) unless action == :index + add_breadcrumb Chouette::Network.model_name.human(:count => 2).capitalize, referential_networks_path(@referential) unless action == :index add_breadcrumb breadcrumb_label(@network), referential_network_path(@referential, @network),:title => breadcrumb_tooltip(@network) if action == :edit end end @@ -98,18 +98,18 @@ module BreadcrumbHelper def group_of_line_breadcrumb(action) if @line_referential line_referential_breadcrumb - add_breadcrumb Chouette::GroupOfLine.model_name.human(:count => 2), line_referential_group_of_lines_path(@line_referential) unless action == :index + add_breadcrumb Chouette::GroupOfLine.model_name.human(:count => 2).capitalize, line_referential_group_of_lines_path(@line_referential) unless action == :index add_breadcrumb breadcrumb_label(@group_of_line), line_referential_group_of_line_path(@line_referential, @group_of_line),:title => breadcrumb_tooltip(@group_of_line) if action == :edit else referential_breadcrumb - add_breadcrumb Chouette::GroupOfLine.model_name.human(:count => 2), referential_group_of_lines_path(@referential) unless action == :index + add_breadcrumb Chouette::GroupOfLine.model_name.human(:count => 2).capitalize, referential_group_of_lines_path(@referential) unless action == :index add_breadcrumb breadcrumb_label(@group_of_line), referential_group_of_line_path(@referential, @group_of_line),:title => breadcrumb_tooltip(@group_of_line) if action == :edit end end def stop_area_breadcrumb(action) referential_breadcrumb - add_breadcrumb Chouette::StopArea.model_name.human(:count => 2), stop_area_referential_stop_areas_path(@stop_area.stop_area_referential) unless action == :index + add_breadcrumb Chouette::StopArea.model_name.human(:count => 2).capitalize, stop_area_referential_stop_areas_path(@stop_area.stop_area_referential) unless action == :index add_breadcrumb breadcrumb_label(@stop_area), stop_area_referential_stop_area_path(@stop_area.stop_area_referential, @stop_area),:title => breadcrumb_tooltip(@stop_area) if action == :edit end @@ -124,19 +124,19 @@ module BreadcrumbHelper def access_link_breadcrumb(action) access_point_breadcrumb :edit - add_breadcrumb Chouette::AccessLink.model_name.human(:count => 2), access_links_referential_stop_area_path(@referential, @stop_area) + add_breadcrumb Chouette::AccessLink.model_name.human(:count => 2).capitalize.capitalize, access_links_referential_stop_area_path(@referential, @stop_area) add_breadcrumb breadcrumb_label(@access_link), referential_access_point_access_link_path(@referential, @access_point,@access_link),:title => breadcrumb_tooltip(@access_link) if action == :edit end def connection_link_breadcrumb(action) referential_breadcrumb - add_breadcrumb Chouette::ConnectionLink.model_name.human(:count => 2), referential_connection_links_path(@referential) unless action == :index + add_breadcrumb Chouette::ConnectionLink.model_name.human.pluralize.capitalize, referential_connection_links_path(@referential) unless action == :index add_breadcrumb breadcrumb_label(@connection_link), referential_connection_link_path(@referential, @connection_link),:title => breadcrumb_tooltip(@connection_link) if action == :edit end def time_table_breadcrumb(action) referential_breadcrumb - add_breadcrumb Chouette::TimeTable.model_name.human(:count => 2), referential_time_tables_path(@referential) unless action == :index + add_breadcrumb Chouette::TimeTable.model_name.human(:count => 2).capitalize, referential_time_tables_path(@referential) unless action == :index add_breadcrumb breadcrumb_label(@time_table), referential_time_table_path(@referential, @time_table),:title => breadcrumb_tooltip(@time_table) if action == :edit end @@ -148,18 +148,18 @@ module BreadcrumbHelper def timeband_breadcrumb(action) referential_breadcrumb - add_breadcrumb Chouette::Timeband.model_name.human(:count => 2), referential_timebands_path(@referential) unless action == :index + add_breadcrumb Chouette::Timeband.model_name.human(:count => 2).capitalize, referential_timebands_path(@referential) unless action == :index add_breadcrumb breadcrumb_label(@timeband), referential_timeband_path(@referential, @timeband),:title => breadcrumb_tooltip(@timeband) if action == :edit end def line_breadcrumb(action) if @line_referential line_referential_breadcrumb - add_breadcrumb Chouette::Line.model_name.human(:count => 2), line_referential_lines_path(@line_referential) unless action == :index + add_breadcrumb Chouette::Line.model_name.human(:count => 2).capitalize, line_referential_lines_path(@line_referential) unless action == :index add_breadcrumb breadcrumb_label(@line), line_referential_line_path(@line_referential, @line),:title => breadcrumb_tooltip(@line) if action == :edit else referential_breadcrumb - add_breadcrumb Chouette::Line.model_name.human(:count => 2), referential_lines_path(@referential) unless action == :index + add_breadcrumb Chouette::Line.model_name.human(:count => 2).capitalize, referential_lines_path(@referential) unless action == :index add_breadcrumb breadcrumb_label(@line), referential_line_path(@referential, @line),:title => breadcrumb_tooltip(@line) if action == :edit end end @@ -206,11 +206,11 @@ module BreadcrumbHelper def company_breadcrumb (action) if @line_referential line_referential_breadcrumb - add_breadcrumb Chouette::Company.model_name.human(:count => 2), line_referential_companies_path(@line_referential) unless action == :index + add_breadcrumb Chouette::Company.model_name.human(:count => 2).capitalize, line_referential_companies_path(@line_referential) unless action == :index add_breadcrumb breadcrumb_label(@company), line_referential_company_path(@line_referential, @company),:title => breadcrumb_tooltip(@company) if action == :edit else referential_breadcrumb - add_breadcrumb Chouette::Company.model_name.human(:count => 2), referential_companies_path(@referential) unless action == :index + add_breadcrumb Chouette::Company.model_name.human(:count => 2).capitalize, referential_companies_path(@referential) unless action == :index add_breadcrumb breadcrumb_label(@company), referential_company_path(@referential, @company),:title => breadcrumb_tooltip(@company) if action == :edit end end diff --git a/app/models/chouette/access_point.rb b/app/models/chouette/access_point.rb index da1f9524a..3cae07b8e 100644 --- a/app/models/chouette/access_point.rb +++ b/app/models/chouette/access_point.rb @@ -1,3 +1,4 @@ + require 'geokit' require 'geo_ruby' diff --git a/app/policies/acces_point_policy.rb b/app/policies/acces_point_policy.rb new file mode 100644 index 000000000..4f604693c --- /dev/null +++ b/app/policies/acces_point_policy.rb @@ -0,0 +1,22 @@ +class AccessPointPolicy < ApplicationPolicy + class Scope < Scope + def resolve + scope + end + end + + def create? + user.has_permission?('access_points.create') # organisation match via referential is checked in the view + end + + def edit? + organisation_match?(via_referential: true) && user.has_permission?('access_points.edit') + end + + def destroy? + organisation_match?(via_referential: true) && user.has_permission?('access_points.destroy') + end + + def update? ; edit? end + def new? ; create? end +end diff --git a/app/policies/access_link_policy.rb b/app/policies/access_link_policy.rb new file mode 100644 index 000000000..8e7a86490 --- /dev/null +++ b/app/policies/access_link_policy.rb @@ -0,0 +1,22 @@ +class AccessLinkPolicy < ApplicationPolicy + class Scope < Scope + def resolve + scope + end + end + + def create? + user.has_permission?('access_links.create') # organisation match via referential is checked in the view + end + + def edit? + organisation_match?(via_referential: true) && user.has_permission?('access_links.edit') + end + + def destroy? + organisation_match?(via_referential: true) && user.has_permission?('access_links.destroy') + end + + def update? ; edit? end + def new? ; create? end +end diff --git a/app/policies/application_policy.rb b/app/policies/application_policy.rb index 2a0bbc521..07138b38e 100644 --- a/app/policies/application_policy.rb +++ b/app/policies/application_policy.rb @@ -38,6 +38,10 @@ class ApplicationPolicy Pundit.policy_scope!(user, record.class) end + def organisation_match?(via_referential: false) + eval("user.organisation == record#{'.referential' if via_referential}.organisation") + end + class Scope attr_reader :user, :scope diff --git a/app/policies/calendar_policy.rb b/app/policies/calendar_policy.rb index 3b17679f1..4248bccc7 100644 --- a/app/policies/calendar_policy.rb +++ b/app/policies/calendar_policy.rb @@ -24,8 +24,4 @@ class CalendarPolicy < ApplicationPolicy def modify? organisation_match? end - - def organisation_match? - user.organisation == record.organisation - end end diff --git a/app/policies/connection_link_policy.rb b/app/policies/connection_link_policy.rb new file mode 100644 index 000000000..cc49f575f --- /dev/null +++ b/app/policies/connection_link_policy.rb @@ -0,0 +1,22 @@ +class ConnectionLinkPolicy < ApplicationPolicy + class Scope < Scope + def resolve + scope + end + end + + def create? + user.has_permission?('connection_links.create') # organisation match via referential is checked in the view + end + + def edit? + organisation_match?(via_referential: true) && user.has_permission?('connection_links.edit') + end + + def destroy? + organisation_match?(via_referential: true) && user.has_permission?('connection_links.destroy') + end + + def update? ; edit? end + def new? ; create? end +end diff --git a/app/policies/journey_pattern_policy.rb b/app/policies/journey_pattern_policy.rb index 95ab23318..a11fd6bcc 100644 --- a/app/policies/journey_pattern_policy.rb +++ b/app/policies/journey_pattern_policy.rb @@ -6,17 +6,18 @@ class JourneyPatternPolicy < ApplicationPolicy end def create? - user.has_permission?('journey_patterns.create') + user.has_permission?('journey_patterns.create') # organisation match via referential is checked in the view end def edit? - user.has_permission?('journey_patterns.edit') + organisation_match?(via_referential: true) && user.has_permission?('journey_patterns.edit') end def destroy? - user.has_permission?('journey_patterns.destroy') + organisation_match?(via_referential: true) && user.has_permission?('journey_patterns.destroy') end def update? ; edit? end def new? ; create? end end + diff --git a/app/policies/referential_policy.rb b/app/policies/referential_policy.rb index ddf5188a0..074aaec8b 100644 --- a/app/policies/referential_policy.rb +++ b/app/policies/referential_policy.rb @@ -5,9 +5,20 @@ class ReferentialPolicy < ApplicationPolicy end end + def create? + true + end + + def edit? + organisation_match? + end + def update? - !record.archived? + edit? && !record.archived? end - def edit? ; update? end + def new? ; create? end + def destroy? ; edit? end end + + diff --git a/app/policies/route_policy.rb b/app/policies/route_policy.rb index 232706d8f..0f42b7f08 100644 --- a/app/policies/route_policy.rb +++ b/app/policies/route_policy.rb @@ -6,15 +6,15 @@ class RoutePolicy < ApplicationPolicy end def create? - user.has_permission?('routes.create') + user.has_permission?('routes.create') # organisation match via referential is checked in the view end def edit? - user.has_permission?('routes.edit') + organisation_match?(via_referential: true) && user.has_permission?('routes.edit') end def destroy? - user.has_permission?('routes.destroy') + organisation_match?(via_referential: true) && user.has_permission?('routes.destroy') end def update? ; edit? end diff --git a/app/policies/routing_constraint_zone_policy.rb b/app/policies/routing_constraint_zone_policy.rb index 3de5080f6..fbf322066 100644 --- a/app/policies/routing_constraint_zone_policy.rb +++ b/app/policies/routing_constraint_zone_policy.rb @@ -6,15 +6,15 @@ class RoutingConstraintZonePolicy < ApplicationPolicy end def create? - user.has_permission?('routing_constraint_zones.create') + user.has_permission?('routing_constraint_zones.create') # organisation match via referential is checked in the view end def edit? - user.has_permission?('routing_constraint_zones.edit') + organisation_match?(via_referential: true) && user.has_permission?('routing_constraint_zones.edit') end def destroy? - user.has_permission?('routing_constraint_zones.destroy') + organisation_match?(via_referential: true) && user.has_permission?('routing_constraint_zones.destroy') end def update? ; edit? end diff --git a/app/policies/time_table_policy.rb b/app/policies/time_table_policy.rb index 7328748c2..1d14c646a 100644 --- a/app/policies/time_table_policy.rb +++ b/app/policies/time_table_policy.rb @@ -6,15 +6,15 @@ class TimeTablePolicy < ApplicationPolicy end def create? - user.has_permission?('time_tables.create') + user.has_permission?('time_tables.create') # organisation match via referential is checked in the view end def edit? - user.has_permission?('time_tables.edit') + organisation_match?(via_referential: true) && user.has_permission?('time_tables.edit') end def destroy? - user.has_permission?('time_tables.destroy') + organisation_match?(via_referential: true) && user.has_permission?('time_tables.destroy') end def update? ; edit? end diff --git a/app/policies/vehicle_journey_policy.rb b/app/policies/vehicle_journey_policy.rb index 7aa19f1a2..785c2bb1f 100644 --- a/app/policies/vehicle_journey_policy.rb +++ b/app/policies/vehicle_journey_policy.rb @@ -6,15 +6,15 @@ class VehicleJourneyPolicy < ApplicationPolicy end def create? - user.has_permission?('vehicle_journeys.create') + user.has_permission?('vehicle_journeys.create') # organisation match via referential is checked in the view end def edit? - user.has_permission?('vehicle_journeys.edit') + organisation_match?(via_referential: true) && user.has_permission?('vehicle_journeys.edit') end def destroy? - user.has_permission?('vehicle_journeys.destroy') + organisation_match?(via_referential: true) && user.has_permission?('vehicle_journeys.destroy') end def update? ; edit? end diff --git a/app/views/access_link_pairs/_access_link_pair.html.slim b/app/views/access_link_pairs/_access_link_pair.html.slim index 05fdd3446..c313f9044 100644 --- a/app/views/access_link_pairs/_access_link_pair.html.slim +++ b/app/views/access_link_pairs/_access_link_pair.html.slim @@ -12,7 +12,7 @@ tr - if access_link_pair.out_exists? = link_to(referential_access_point_access_link_path(@referential, access_link_pair.access_point, :access_link => {:stop_area_id => access_link_pair.stop_area.id, :link_orientation_type => 'stop_area_to_access_point'})) do = image_tag "icons/green_left_arrow.png" - - else + - elsif policy(Chouette::AccessLink).create && @referential.organisation == current_organisation = link_to(new_referential_access_point_access_link_path(@referential, access_link_pair.access_point, :access_link => {:stop_area_id => access_link_pair.stop_area.id, :link_orientation_type => 'stop_area_to_access_point'})) do = image_tag "icons/gray_left_arrow.png" @@ -24,7 +24,7 @@ tr - if access_link_pair.in_exists? = link_to(referential_access_point_access_link_path(@referential, access_link_pair.access_point, access_link_pair.from_access_point)) do = image_tag "icons/green_right_arrow.png" - - else + - elsif policy(Chouette::AccessLink).create && @referential.organisation == current_organisation = link_to(new_referential_access_point_access_link_path(@referential, access_link_pair.access_point, :access_link => {:stop_area_id => access_link_pair.stop_area.id, :link_orientation_type => 'access_point_to_stop_area'})) do = image_tag "icons/gray_right_arrow.png" @@ -37,4 +37,4 @@ tr = image_tag "map/#{access_link_pair.stop_area.stop_area_type}.png" span = access_link_pair.stop_area.name .info - = t("area_types.label.#{access_link_pair.stop_area.stop_area_type}")
\ No newline at end of file + = t("area_types.label.#{access_link_pair.stop_area.stop_area_type}") diff --git a/app/views/access_links/show.html.slim b/app/views/access_links/show.html.slim index a7e296dde..59f72a55f 100644 --- a/app/views/access_links/show.html.slim +++ b/app/views/access_links/show.html.slim @@ -2,7 +2,7 @@ .access_link_show = @map.to_html - + .summary p label = "#{@access_link.human_attribute_name('access_link_type')} : " @@ -44,12 +44,12 @@ p label = "#{@access_link.human_attribute_name('mobility_restricted_suitability')}: " - - if !@access_link.mobility_restricted_suitability.nil?) + - if !@access_link.mobility_restricted_suitability.nil? = t((@access_link.mobility_restricted_suitability == true).to_s) - else = t('unknown') - p + p label = "#{@access_link.human_attribute_name('stairs_availability')} : " - if !@access_link.stairs_availability.nil? = t((@access_link.stairs_availability == true).to_s) @@ -66,9 +66,11 @@ - content_for :sidebar do ul.actions li - = link_to t('access_links.actions.edit'), edit_referential_access_point_access_link_path(@referential, @access_link.access_point, @access_link), class: 'edit' + - if policy(@access_link).edit? + = link_to t('access_links.actions.edit'), edit_referential_access_point_access_link_path(@referential, @access_link.access_point, @access_link), class: 'edit' li - = link_to t('access_links.actions.destroy'), referential_access_point_access_link_path(@referential, @access_link.access_point, @access_link), method: :delete, data: {:confirm => t('access_links.actions.destroy_confirm')}, class: 'remove' + - if policy(@access_link).destroy? + = link_to t('access_links.actions.destroy'), referential_access_point_access_link_path(@referential, @access_link.access_point, @access_link), method: :delete, data: {:confirm => t('access_links.actions.destroy_confirm')}, class: 'remove' br - = creation_tag(@access_link)
\ No newline at end of file + = creation_tag(@access_link) diff --git a/app/views/connection_links/_connection_link.slim b/app/views/connection_links/_connection_link.slim index cfe84cc53..2ece8ed44 100644 --- a/app/views/connection_links/_connection_link.slim +++ b/app/views/connection_links/_connection_link.slim @@ -2,11 +2,13 @@ .panel-heading .panel-title.clearfix span.pull-right - = link_to edit_referential_connection_link_path(@referential, connection_link), class: 'btn btn-default btn-sm' do + - if policy(connection_link).edit? + = link_to edit_referential_connection_link_path(@referential, connection_link), class: 'btn btn-default btn-sm' do span.fa.fa-pencil - - = link_to referential_connection_link_path(@referential, connection_link), :method => :delete, :data => {:confirm => t('connection_links.actions.destroy_confirm')}, class: 'btn btn-danger btn-sm' do - span.fa.fa-trash-o + + - if policy(connection_link).destroy? + = link_to referential_connection_link_path(@referential, connection_link), :method => :delete, :data => {:confirm => t('connection_links.actions.destroy_confirm')}, class: 'btn btn-danger btn-sm' do + span.fa.fa-trash-o h5 = link_to([@referential, connection_link], class: 'preview', title: "#{Chouette::ConnectionLink.model_name.human.capitalize} #{connection_link.name}") do @@ -21,9 +23,9 @@ = link_to_if connection_link.departure, truncate(connection_link.departure.name, :length => 15) , referential_stop_area_path(@referential, connection_link.departure), :title => "#{connection_link.human_attribute_name('departure')} #{connection_link.departure.name}" - else = connection_link.human_attribute_name('undefined') - + = t('.to') - + - if connection_link.arrival.present? = link_to_if( connection_link.arrival, truncate(connection_link.arrival.name, :length => 15), referential_stop_area_path(@referential, connection_link.arrival), :title => "#{connection_link.human_attribute_name('arrival')} #{connection_link.arrival.name}" ) - else @@ -31,4 +33,4 @@ p = connection_link.human_attribute_name('default_duration').capitalize = " : " - = connection_link.default_duration ? connection_link.default_duration.strftime('%Mm %Ss') : connection_link.human_attribute_name("undefined")
\ No newline at end of file + = connection_link.default_duration ? connection_link.default_duration.strftime('%Mm %Ss') : connection_link.human_attribute_name("undefined") diff --git a/app/views/connection_links/index.html.slim b/app/views/connection_links/index.html.slim index d36c6a125..7651ae340 100644 --- a/app/views/connection_links/index.html.slim +++ b/app/views/connection_links/index.html.slim @@ -20,4 +20,5 @@ - content_for :sidebar do ul.actions li - = link_to t('connection_links.actions.new'), new_referential_connection_link_path(@referential), class: 'add' + - if policy(Chouette::ConnectionLink).create? && @referential.organisation == current_organisation + = link_to t('connection_links.actions.new'), new_referential_connection_link_path(@referential), class: 'add' diff --git a/app/views/connection_links/show.html.slim b/app/views/connection_links/show.html.slim index 263c4c154..5d8864bb5 100644 --- a/app/views/connection_links/show.html.slim +++ b/app/views/connection_links/show.html.slim @@ -2,7 +2,7 @@ .connection_link_show = @map.to_html - + .summary p label = "#{@connection_link.human_attribute_name(:departure)} : " @@ -24,7 +24,7 @@ = t("unknown") - else = t("connection_link_types.label.#{@connection_link.connection_link_type}") - + p label = "#{@connection_link.human_attribute_name('comment')} : " = @connection_link.comment @@ -40,12 +40,12 @@ label.duration = "#{@connection_link.human_attribute_name('default_duration')} : " - if @connection_link.default_duration.present? = @connection_link.default_duration.strftime('%Hh %Mm %Ss') - + p label.duration = "#{@connection_link.human_attribute_name('frequent_traveller_duration')} : " - if @connection_link.frequent_traveller_duration.present? = @connection_link.frequent_traveller_duration.strftime('%Hh %Mm %Ss') - + p label.duration = "#{@connection_link.human_attribute_name('occasional_traveller_duration')} : " - if @connection_link.occasional_traveller_duration.present? @@ -79,14 +79,18 @@ - content_for :sidebar do ul.actions - li - = link_to t('connection_links.actions.new'), new_referential_connection_link_path(@referential), class: 'add' - li - = link_to t('connection_links.actions.edit'), edit_referential_connection_link_path(@referential, @connection_link), class: 'edit' - li - = link_to t('connection_links.actions.destroy'), referential_connection_link_path(@referential, @connection_link), :method => :delete, :data => {:confirm => t('connection_links.actions.destroy_confirm')}, class: 'remove' - li - = link_to t('connection_links.actions.select_areas'), select_areas_referential_connection_link_path(@referential, @connection_link), class: 'select' + - if policy(Chouette::ConnectionLink).create? && @referential.organisation == current_organisation + li + = link_to t('connection_links.actions.new'), new_referential_connection_link_path(@referential), class: 'add' + - if policy(@connection_link).edit? + li + = link_to t('connection_links.actions.edit'), edit_referential_connection_link_path(@referential, @connection_link), class: 'edit' + - if policy(@connection_link).destroy? + li + = link_to t('connection_links.actions.destroy'), referential_connection_link_path(@referential, @connection_link), :method => :delete, :data => {:confirm => t('connection_links.actions.destroy_confirm')}, class: 'remove' + - if policy(@connection_link).edit? + li + = link_to t('connection_links.actions.select_areas'), select_areas_referential_connection_link_path(@referential, @connection_link), class: 'select' br - = creation_tag(@connection_link)
\ No newline at end of file + = creation_tag(@connection_link) diff --git a/app/views/journey_patterns/show.html.slim b/app/views/journey_patterns/show.html.slim index 417e4dc16..85ba4e7a5 100644 --- a/app/views/journey_patterns/show.html.slim +++ b/app/views/journey_patterns/show.html.slim @@ -30,7 +30,7 @@ h3.journey_pattern_stop_points = t('.stop_points') - content_for :sidebar do ul.actions li - - if policy(@journey_pattern).create? + - if policy(@journey_pattern).create? && @journey_pattern.referential.organisation == current_organisation = link_to t('journey_patterns.actions.new'), new_referential_line_route_journey_pattern_path(@referential, @line, @route), class: 'add' li - if policy(@journey_pattern).edit? diff --git a/app/views/lines/index.html.slim b/app/views/lines/index.html.slim index 494958ddb..a51dffb5f 100644 --- a/app/views/lines/index.html.slim +++ b/app/views/lines/index.html.slim @@ -7,7 +7,7 @@ - content_for :sidebar do ul.actions - - if policy(Chouette::Line).create? + - if policy(Chouette::Line).create? && @line_referential.organisations.include?(current_organisation) li = link_to t('lines.actions.new'), new_line_referential_line_path(@line_referential), class: 'add' diff --git a/app/views/lines/show.html.slim b/app/views/lines/show.html.slim index a6e29b88b..2b652754a 100644 --- a/app/views/lines/show.html.slim +++ b/app/views/lines/show.html.slim @@ -121,7 +121,7 @@ - content_for :sidebar do ul.actions - - if policy(Chouette::Line).create? + - if policy(Chouette::Line).create? && @line_referential.organisations.include?(current_organisation) li = link_to t('lines.actions.new'), new_line_referential_line_path(@line_referential), class: 'add' / FIXME #2018 diff --git a/app/views/referential_lines/index.html.slim b/app/views/referential_lines/index.html.slim index 1da5b7e3a..6b4fd5f38 100644 --- a/app/views/referential_lines/index.html.slim +++ b/app/views/referential_lines/index.html.slim @@ -7,7 +7,7 @@ - content_for :sidebar do ul.actions - - if policy(Chouette::Line).create? + - if policy(Chouette::Line).create? && @referential.organisation == current_organisation li = link_to t('lines.actions.new'), new_referential_line_path(@referential), class: 'add' diff --git a/app/views/referential_lines/show.html.slim b/app/views/referential_lines/show.html.slim index 5c8e1b32d..dcd1e587c 100644 --- a/app/views/referential_lines/show.html.slim +++ b/app/views/referential_lines/show.html.slim @@ -126,7 +126,7 @@ p.after_map - content_for :sidebar do ul.actions - - if policy(Chouette::Line).create? + - if policy(Chouette::Line).create? && @referential.organisation == current_organisation li = link_to t('lines.actions.new'), new_referential_line_path(@referential), class: 'add' - if policy(@line).update? @@ -139,7 +139,7 @@ p.after_map - if !@line.hub_restricted? || (@line.hub_restricted? && @line.routes.size < 2) / FIXME #825 li - - if policy(Chouette::Route).create? + - if policy(Chouette::Route).create? && @referential.organisation == current_organisation = link_to t('routes.actions.new'), new_referential_line_route_path(@referential, @line), class: 'add' = creation_tag(@line) diff --git a/app/views/referential_stop_areas/access_links.html.slim b/app/views/referential_stop_areas/access_links.html.slim index 128d1b4b9..6c37dd077 100644 --- a/app/views/referential_stop_areas/access_links.html.slim +++ b/app/views/referential_stop_areas/access_links.html.slim @@ -15,7 +15,7 @@ = render partial: 'access_link_pairs/access_link_pair', collection: access_links_pairs(@generic_access_links) #detail.panel-group - .panel.panel-default + .panel.panel-default .panel-heading h4.panel-title a data-toggle="collapse" data-parent="#detail" href="#detail_access_links @@ -25,4 +25,4 @@ .panel-body .access_link_pairs table - = render partial: 'access_link_pairs/access_link_pair', collection: access_links_pairs(@detail_access_links)
\ No newline at end of file + = render partial: 'access_link_pairs/access_link_pair', collection: access_links_pairs(@detail_access_links) diff --git a/app/views/routes/new.html.slim b/app/views/routes/new.html.slim index 51410a2e5..9907f9b9d 100644 --- a/app/views/routes/new.html.slim +++ b/app/views/routes/new.html.slim @@ -3,3 +3,4 @@ .row .col-lg-8.col-lg-offset-2.col-md-8.col-md-offset-2.col-sm-8.col-sm-offset-2 == render 'form' + diff --git a/app/views/routing_constraint_zones/index.html.slim b/app/views/routing_constraint_zones/index.html.slim index cc1305e95..df52ed987 100644 --- a/app/views/routing_constraint_zones/index.html.slim +++ b/app/views/routing_constraint_zones/index.html.slim @@ -1,6 +1,6 @@ = title_tag Chouette::RoutingConstraintZone.model_name.human.pluralize(:fr) -- if policy(Chouette::RoutingConstraintZone).create? +- if policy(Chouette::RoutingConstraintZone).create? && @referential.organisation == current_organisation = link_to t('routing_constraint_zones.actions.new'), new_referential_line_routing_constraint_zone_path - if @routing_constraint_zones.any? diff --git a/app/views/time_tables/index.html.slim b/app/views/time_tables/index.html.slim index e53e1e3e2..64d2372a5 100644 --- a/app/views/time_tables/index.html.slim +++ b/app/views/time_tables/index.html.slim @@ -32,6 +32,6 @@ - content_for :sidebar do ul.actions li - - if policy(Chouette::TimeTable).create? + - if policy(Chouette::TimeTable).create? && @referential.organisation == current_organisation = link_to t('time_tables.actions.new'), new_referential_time_table_path(@referential), class: "add" br diff --git a/app/views/time_tables/show.html.slim b/app/views/time_tables/show.html.slim index 8154ea8e0..436886faa 100644 --- a/app/views/time_tables/show.html.slim +++ b/app/views/time_tables/show.html.slim @@ -9,7 +9,7 @@ - content_for :sidebar do ul.actions li - - if policy(@time_table).create? + - if policy(@time_table).create? && @referential.organisation == current_organisation = link_to t('time_tables.actions.new'), new_referential_time_table_path(@referential), class: 'add' li - if policy(@time_table).edit? @@ -18,10 +18,10 @@ - if policy(@time_table).destroy? = link_to t('time_tables.actions.destroy'), referential_time_table_path(@referential, @time_table), :method => :delete, :data => {:confirm => t('time_tables.actions.destroy_confirm')}, class: "remove" li - - if policy(@time_table).create? + - if policy(@time_table).create? && @referential.organisation == current_organisation = link_to t('time_tables.actions.duplicate'), duplicate_referential_time_table_path(@referential, @time_table), class: "clone" li - /- if policy(@time_table).create? + /- if policy(@time_table).create? && @referential.organisation == current_organisation = link_to t('time_tables.actions.combine'), new_referential_time_table_time_table_combination_path(@referential, @time_table), {:remote => true, 'data-toggle' => "modal", 'data-target' => '#modal_combine', class: "merge"} = creation_tag(@time_table) diff --git a/app/views/vehicle_journeys/_show_sidebar.html.slim b/app/views/vehicle_journeys/_show_sidebar.html.slim index 44d5f8233..ca7e140bc 100644 --- a/app/views/vehicle_journeys/_show_sidebar.html.slim +++ b/app/views/vehicle_journeys/_show_sidebar.html.slim @@ -1,7 +1,7 @@ - content_for :sidebar do ul.actions li - - if policy(@vehicle_journey).create? + - if policy(@vehicle_journey).create? && @vehicle_journey.referential.organisation == current_organisation = link_to t('vehicle_journeys.actions.new'), new_referential_line_route_vehicle_journey_path(@referential, @line, @route), class: "add" li = link_to t('vehicle_journeys.actions.new_frequency'), new_referential_line_route_vehicle_journey_frequency_path(@referential, @line, @route), class: "add" li diff --git a/app/views/vehicle_journeys/_sidebar.html.slim b/app/views/vehicle_journeys/_sidebar.html.slim index 187de1b08..e0a07d6e4 100644 --- a/app/views/vehicle_journeys/_sidebar.html.slim +++ b/app/views/vehicle_journeys/_sidebar.html.slim @@ -1,6 +1,6 @@ ul.actions li - - if policy(Chouette::VehicleJourney).create? + - if policy(Chouette::VehicleJourney).create? && @referential.organisation == current_organisation = link_to t('vehicle_journeys.actions.new'), new_referential_line_route_vehicle_journey_path(@referential, @line, @route), class: "add" li = link_to t('vehicle_journeys.actions.new_frequency'), new_referential_line_route_vehicle_journey_frequency_path(@referential, @line, @route), class: "add" |