Refactor: create the permission name dynamically to support other classes
This commit is contained in:
parent
97fe88f8d9
commit
ce0c32ea02
|
@ -100,26 +100,22 @@ private
|
|||
end
|
||||
|
||||
def authorize_access_to_object
|
||||
allowed = false
|
||||
permission = ''
|
||||
case params[:action]
|
||||
when 'new'
|
||||
permission << 'add_'
|
||||
when 'destroy'
|
||||
permission << 'delete_'
|
||||
end
|
||||
|
||||
case @watched.class.to_s
|
||||
when "Issue"
|
||||
if params[:action] == 'new'
|
||||
allowed = true if User.current.allowed_to?(:add_issue_watchers, @project)
|
||||
end
|
||||
if params[:action] == 'destroy'
|
||||
allowed = true if User.current.allowed_to?(:delete_issue_watchers, @project)
|
||||
end
|
||||
when "WikiPage"
|
||||
if params[:action] == 'new'
|
||||
allowed = true if User.current.allowed_to?(:add_wiki_page_watchers, @project)
|
||||
end
|
||||
if params[:action] == 'destroy'
|
||||
allowed = true if User.current.allowed_to?(:delete_wiki_page_watchers, @project)
|
||||
# Ends up like: :delete_wiki_page_watchers
|
||||
permission << "#{@watched.class.name.underscore}_watchers"
|
||||
|
||||
if User.current.allowed_to?(permission.to_sym, @project)
|
||||
return true
|
||||
else
|
||||
deny_access
|
||||
end
|
||||
end
|
||||
|
||||
deny_access unless allowed
|
||||
end
|
||||
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue