Refactor: create the permission name dynamically to support other classes
This commit is contained in:
parent
97fe88f8d9
commit
ce0c32ea02
@ -100,26 +100,22 @@ private
|
|||||||
end
|
end
|
||||||
|
|
||||||
def authorize_access_to_object
|
def authorize_access_to_object
|
||||||
allowed = false
|
permission = ''
|
||||||
|
case params[:action]
|
||||||
case @watched.class.to_s
|
when 'new'
|
||||||
when "Issue"
|
permission << 'add_'
|
||||||
if params[:action] == 'new'
|
when 'destroy'
|
||||||
allowed = true if User.current.allowed_to?(:add_issue_watchers, @project)
|
permission << 'delete_'
|
||||||
end
|
|
||||||
if params[:action] == 'destroy'
|
|
||||||
allowed = true if User.current.allowed_to?(:delete_issue_watchers, @project)
|
|
||||||
end
|
|
||||||
when "WikiPage"
|
|
||||||
if params[:action] == 'new'
|
|
||||||
allowed = true if User.current.allowed_to?(:add_wiki_page_watchers, @project)
|
|
||||||
end
|
|
||||||
if params[:action] == 'destroy'
|
|
||||||
allowed = true if User.current.allowed_to?(:delete_wiki_page_watchers, @project)
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
deny_access unless allowed
|
# Ends up like: :delete_wiki_page_watchers
|
||||||
|
permission << "#{@watched.class.name.underscore}_watchers"
|
||||||
|
|
||||||
|
if User.current.allowed_to?(permission.to_sym, @project)
|
||||||
|
return true
|
||||||
|
else
|
||||||
|
deny_access
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
Loading…
x
Reference in New Issue
Block a user