evolix/evodata
21
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Ajout de politiques d'accès

Browse source
This commit is contained in:
Jérémy Lecour 2022-01-23 16:42:00 +01:00 committed by Jérémy Lecour
parent 17c08306b3
commit dfb2ba87c9
6 changed files with 94 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
app/controllers/application_controller.rb
View file

@ -1,4 +1,13 @@
class ApplicationController < ActionController::Base
include Authentication
include Pundit
rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
private
def user_not_authorized
flash[:alert] = "You are not authorized to perform this action."
redirect_to(request.referrer || root_path)
end
end

13
app/controllers/users_controller.rb
View file

@ -3,12 +3,14 @@ class UsersController < ApplicationController
# GET /users or /users.json
def index
@users = policy_scope(User)
# @users = User.all
authorize User
# @users = policy_scope(User)
@users = User.all
end
# GET /users/1 or /users/1.json
def show
authorize @user
end
# GET /users/new
@ -18,12 +20,15 @@ class UsersController < ApplicationController
# GET /users/1/edit
def edit
authorize @user
end
# POST /users or /users.json
def create
@user = User.new(user_params)
authorize @user
respond_to do |format|
if @user.save
format.html { redirect_to user_url(@user), notice: "User was successfully created." }
@ -37,6 +42,8 @@ class UsersController < ApplicationController
# PATCH/PUT /users/1 or /users/1.json
def update
authorize @user
respond_to do |format|
if @user.update(user_params)
if @user.unconfirmed? && params.fetch(:user, {}).fetch(:confirm, "0") == "1"
@ -55,6 +62,8 @@ class UsersController < ApplicationController
def destroy
@user.destroy
authorize @user
respond_to do |format|
format.html { redirect_to users_url, notice: "User was successfully destroyed." }
format.json { head :no_content }

29
app/policies/check_policy.rb Normal file
View file

@ -0,0 +1,29 @@
class CheckPolicy < ApplicationPolicy
def index?
true
end
def show?
true
end
def create?
false
end
def new?
create?
end
def update?
user.admin?
end
def edit?
update?
end
def destroy?
user.admin?
end
end

28
app/policies/user_policy.rb
View file

@ -8,4 +8,32 @@ class UserPolicy < ApplicationPolicy
end
end
end
def index?
user.admin?
end
def show?
user.admin?
end
def create?
user.admin?
end
def new?
create?
end
def update?
user.admin?
end
def edit?
update?
end
def destroy?
user.admin?
end
end

4
app/views/layouts/application.html.erb
View file

@ -77,7 +77,9 @@
<div>
Controller: <%= controller_name %>
User: <%= current_user.email %>
<% if current_user %>
<br>User: <%= current_user.email %>
<% end %>
</div>
</div>
</body>

20
app/views/shared/_main_menu.html.erb
View file

@ -1,11 +1,19 @@
<% if controller_name == "checks" %>
<%= link_to "Checks", checks_path, class: common_classes + " " + active_classes %>
<% if policy(Check).index? %>
<% if controller_name == "checks" %>
<%= link_to "Checks", checks_path, class: common_classes + " " + active_classes %>
<% else %>
<%= link_to "Checks", checks_path, class: common_classes + " " + inactive_classes %>
<% end %>
<% else %>
<%= link_to "Checks", checks_path, class: common_classes + " " + inactive_classes %>
<%= content_tag :span, "Checks", class: common_classes + " " + inactive_classes %>
<% end %>
<% if controller_name == "users" %>
<%= link_to "Users", users_path, class: common_classes + " " + active_classes %>
<% if policy(User).index? %>
<% if controller_name == "users" %>
<%= link_to "Users", users_path, class: common_classes + " " + active_classes %>
<% else %>
<%= link_to "Users", users_path, class: common_classes + " " + inactive_classes %>
<% end %>
<% else %>
<%= link_to "Users", users_path, class: common_classes + " " + inactive_classes %>
<%= content_tag :span, "Users", class: common_classes + " " + inactive_classes %>
<% end %>