Refactor: create the permission name dynamically to support other classes

This commit is contained in:
Eric Davis 2010-12-14 09:16:45 -08:00
parent 97fe88f8d9
commit ce0c32ea02
1 changed files with 14 additions and 18 deletions

View File

@ -100,26 +100,22 @@ private
end
def authorize_access_to_object
allowed = false
permission = ''
case params[:action]
when 'new'
permission << 'add_'
when 'destroy'
permission << 'delete_'
end
case @watched.class.to_s
when "Issue"
if params[:action] == 'new'
allowed = true if User.current.allowed_to?(:add_issue_watchers, @project)
end
if params[:action] == 'destroy'
allowed = true if User.current.allowed_to?(:delete_issue_watchers, @project)
end
when "WikiPage"
if params[:action] == 'new'
allowed = true if User.current.allowed_to?(:add_wiki_page_watchers, @project)
end
if params[:action] == 'destroy'
allowed = true if User.current.allowed_to?(:delete_wiki_page_watchers, @project)
# Ends up like: :delete_wiki_page_watchers
permission << "#{@watched.class.name.underscore}_watchers"
if User.current.allowed_to?(permission.to_sym, @project)
return true
else
deny_access
end
end
deny_access unless allowed
end
end