Ajout de politiques d'accès
This commit is contained in:
parent
17c08306b3
commit
dfb2ba87c9
|
@ -1,4 +1,13 @@
|
|||
class ApplicationController < ActionController::Base
|
||||
include Authentication
|
||||
include Pundit
|
||||
|
||||
rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
|
||||
|
||||
private
|
||||
|
||||
def user_not_authorized
|
||||
flash[:alert] = "You are not authorized to perform this action."
|
||||
redirect_to(request.referrer || root_path)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -3,12 +3,14 @@ class UsersController < ApplicationController
|
|||
|
||||
# GET /users or /users.json
|
||||
def index
|
||||
@users = policy_scope(User)
|
||||
# @users = User.all
|
||||
authorize User
|
||||
# @users = policy_scope(User)
|
||||
@users = User.all
|
||||
end
|
||||
|
||||
# GET /users/1 or /users/1.json
|
||||
def show
|
||||
authorize @user
|
||||
end
|
||||
|
||||
# GET /users/new
|
||||
|
@ -18,12 +20,15 @@ class UsersController < ApplicationController
|
|||
|
||||
# GET /users/1/edit
|
||||
def edit
|
||||
authorize @user
|
||||
end
|
||||
|
||||
# POST /users or /users.json
|
||||
def create
|
||||
@user = User.new(user_params)
|
||||
|
||||
authorize @user
|
||||
|
||||
respond_to do |format|
|
||||
if @user.save
|
||||
format.html { redirect_to user_url(@user), notice: "User was successfully created." }
|
||||
|
@ -37,6 +42,8 @@ class UsersController < ApplicationController
|
|||
|
||||
# PATCH/PUT /users/1 or /users/1.json
|
||||
def update
|
||||
authorize @user
|
||||
|
||||
respond_to do |format|
|
||||
if @user.update(user_params)
|
||||
if @user.unconfirmed? && params.fetch(:user, {}).fetch(:confirm, "0") == "1"
|
||||
|
@ -55,6 +62,8 @@ class UsersController < ApplicationController
|
|||
def destroy
|
||||
@user.destroy
|
||||
|
||||
authorize @user
|
||||
|
||||
respond_to do |format|
|
||||
format.html { redirect_to users_url, notice: "User was successfully destroyed." }
|
||||
format.json { head :no_content }
|
||||
|
|
29
app/policies/check_policy.rb
Normal file
29
app/policies/check_policy.rb
Normal file
|
@ -0,0 +1,29 @@
|
|||
class CheckPolicy < ApplicationPolicy
|
||||
def index?
|
||||
true
|
||||
end
|
||||
|
||||
def show?
|
||||
true
|
||||
end
|
||||
|
||||
def create?
|
||||
false
|
||||
end
|
||||
|
||||
def new?
|
||||
create?
|
||||
end
|
||||
|
||||
def update?
|
||||
user.admin?
|
||||
end
|
||||
|
||||
def edit?
|
||||
update?
|
||||
end
|
||||
|
||||
def destroy?
|
||||
user.admin?
|
||||
end
|
||||
end
|
|
@ -8,4 +8,32 @@ class UserPolicy < ApplicationPolicy
|
|||
end
|
||||
end
|
||||
end
|
||||
|
||||
def index?
|
||||
user.admin?
|
||||
end
|
||||
|
||||
def show?
|
||||
user.admin?
|
||||
end
|
||||
|
||||
def create?
|
||||
user.admin?
|
||||
end
|
||||
|
||||
def new?
|
||||
create?
|
||||
end
|
||||
|
||||
def update?
|
||||
user.admin?
|
||||
end
|
||||
|
||||
def edit?
|
||||
update?
|
||||
end
|
||||
|
||||
def destroy?
|
||||
user.admin?
|
||||
end
|
||||
end
|
|
@ -77,7 +77,9 @@
|
|||
|
||||
<div>
|
||||
Controller: <%= controller_name %>
|
||||
User: <%= current_user.email %>
|
||||
<% if current_user %>
|
||||
<br>User: <%= current_user.email %>
|
||||
<% end %>
|
||||
</div>
|
||||
</div>
|
||||
</body>
|
||||
|
|
|
@ -1,11 +1,19 @@
|
|||
<% if controller_name == "checks" %>
|
||||
<%= link_to "Checks", checks_path, class: common_classes + " " + active_classes %>
|
||||
<% if policy(Check).index? %>
|
||||
<% if controller_name == "checks" %>
|
||||
<%= link_to "Checks", checks_path, class: common_classes + " " + active_classes %>
|
||||
<% else %>
|
||||
<%= link_to "Checks", checks_path, class: common_classes + " " + inactive_classes %>
|
||||
<% end %>
|
||||
<% else %>
|
||||
<%= link_to "Checks", checks_path, class: common_classes + " " + inactive_classes %>
|
||||
<%= content_tag :span, "Checks", class: common_classes + " " + inactive_classes %>
|
||||
<% end %>
|
||||
|
||||
<% if controller_name == "users" %>
|
||||
<%= link_to "Users", users_path, class: common_classes + " " + active_classes %>
|
||||
<% if policy(User).index? %>
|
||||
<% if controller_name == "users" %>
|
||||
<%= link_to "Users", users_path, class: common_classes + " " + active_classes %>
|
||||
<% else %>
|
||||
<%= link_to "Users", users_path, class: common_classes + " " + inactive_classes %>
|
||||
<% end %>
|
||||
<% else %>
|
||||
<%= link_to "Users", users_path, class: common_classes + " " + inactive_classes %>
|
||||
<%= content_tag :span, "Users", class: common_classes + " " + inactive_classes %>
|
||||
<% end %>
|
Loading…
Reference in a new issue