Ajout de politiques d'accès
This commit is contained in:
parent
17c08306b3
commit
dfb2ba87c9
|
@ -1,4 +1,13 @@
|
||||||
class ApplicationController < ActionController::Base
|
class ApplicationController < ActionController::Base
|
||||||
include Authentication
|
include Authentication
|
||||||
include Pundit
|
include Pundit
|
||||||
|
|
||||||
|
rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
|
||||||
|
|
||||||
|
private
|
||||||
|
|
||||||
|
def user_not_authorized
|
||||||
|
flash[:alert] = "You are not authorized to perform this action."
|
||||||
|
redirect_to(request.referrer || root_path)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -3,12 +3,14 @@ class UsersController < ApplicationController
|
||||||
|
|
||||||
# GET /users or /users.json
|
# GET /users or /users.json
|
||||||
def index
|
def index
|
||||||
@users = policy_scope(User)
|
authorize User
|
||||||
# @users = User.all
|
# @users = policy_scope(User)
|
||||||
|
@users = User.all
|
||||||
end
|
end
|
||||||
|
|
||||||
# GET /users/1 or /users/1.json
|
# GET /users/1 or /users/1.json
|
||||||
def show
|
def show
|
||||||
|
authorize @user
|
||||||
end
|
end
|
||||||
|
|
||||||
# GET /users/new
|
# GET /users/new
|
||||||
|
@ -18,12 +20,15 @@ class UsersController < ApplicationController
|
||||||
|
|
||||||
# GET /users/1/edit
|
# GET /users/1/edit
|
||||||
def edit
|
def edit
|
||||||
|
authorize @user
|
||||||
end
|
end
|
||||||
|
|
||||||
# POST /users or /users.json
|
# POST /users or /users.json
|
||||||
def create
|
def create
|
||||||
@user = User.new(user_params)
|
@user = User.new(user_params)
|
||||||
|
|
||||||
|
authorize @user
|
||||||
|
|
||||||
respond_to do |format|
|
respond_to do |format|
|
||||||
if @user.save
|
if @user.save
|
||||||
format.html { redirect_to user_url(@user), notice: "User was successfully created." }
|
format.html { redirect_to user_url(@user), notice: "User was successfully created." }
|
||||||
|
@ -37,6 +42,8 @@ class UsersController < ApplicationController
|
||||||
|
|
||||||
# PATCH/PUT /users/1 or /users/1.json
|
# PATCH/PUT /users/1 or /users/1.json
|
||||||
def update
|
def update
|
||||||
|
authorize @user
|
||||||
|
|
||||||
respond_to do |format|
|
respond_to do |format|
|
||||||
if @user.update(user_params)
|
if @user.update(user_params)
|
||||||
if @user.unconfirmed? && params.fetch(:user, {}).fetch(:confirm, "0") == "1"
|
if @user.unconfirmed? && params.fetch(:user, {}).fetch(:confirm, "0") == "1"
|
||||||
|
@ -55,6 +62,8 @@ class UsersController < ApplicationController
|
||||||
def destroy
|
def destroy
|
||||||
@user.destroy
|
@user.destroy
|
||||||
|
|
||||||
|
authorize @user
|
||||||
|
|
||||||
respond_to do |format|
|
respond_to do |format|
|
||||||
format.html { redirect_to users_url, notice: "User was successfully destroyed." }
|
format.html { redirect_to users_url, notice: "User was successfully destroyed." }
|
||||||
format.json { head :no_content }
|
format.json { head :no_content }
|
||||||
|
|
29
app/policies/check_policy.rb
Normal file
29
app/policies/check_policy.rb
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
class CheckPolicy < ApplicationPolicy
|
||||||
|
def index?
|
||||||
|
true
|
||||||
|
end
|
||||||
|
|
||||||
|
def show?
|
||||||
|
true
|
||||||
|
end
|
||||||
|
|
||||||
|
def create?
|
||||||
|
false
|
||||||
|
end
|
||||||
|
|
||||||
|
def new?
|
||||||
|
create?
|
||||||
|
end
|
||||||
|
|
||||||
|
def update?
|
||||||
|
user.admin?
|
||||||
|
end
|
||||||
|
|
||||||
|
def edit?
|
||||||
|
update?
|
||||||
|
end
|
||||||
|
|
||||||
|
def destroy?
|
||||||
|
user.admin?
|
||||||
|
end
|
||||||
|
end
|
|
@ -8,4 +8,32 @@ class UserPolicy < ApplicationPolicy
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def index?
|
||||||
|
user.admin?
|
||||||
|
end
|
||||||
|
|
||||||
|
def show?
|
||||||
|
user.admin?
|
||||||
|
end
|
||||||
|
|
||||||
|
def create?
|
||||||
|
user.admin?
|
||||||
|
end
|
||||||
|
|
||||||
|
def new?
|
||||||
|
create?
|
||||||
|
end
|
||||||
|
|
||||||
|
def update?
|
||||||
|
user.admin?
|
||||||
|
end
|
||||||
|
|
||||||
|
def edit?
|
||||||
|
update?
|
||||||
|
end
|
||||||
|
|
||||||
|
def destroy?
|
||||||
|
user.admin?
|
||||||
|
end
|
||||||
end
|
end
|
|
@ -77,7 +77,9 @@
|
||||||
|
|
||||||
<div>
|
<div>
|
||||||
Controller: <%= controller_name %>
|
Controller: <%= controller_name %>
|
||||||
User: <%= current_user.email %>
|
<% if current_user %>
|
||||||
|
<br>User: <%= current_user.email %>
|
||||||
|
<% end %>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</body>
|
</body>
|
||||||
|
|
|
@ -1,11 +1,19 @@
|
||||||
<% if controller_name == "checks" %>
|
<% if policy(Check).index? %>
|
||||||
<%= link_to "Checks", checks_path, class: common_classes + " " + active_classes %>
|
<% if controller_name == "checks" %>
|
||||||
|
<%= link_to "Checks", checks_path, class: common_classes + " " + active_classes %>
|
||||||
|
<% else %>
|
||||||
|
<%= link_to "Checks", checks_path, class: common_classes + " " + inactive_classes %>
|
||||||
|
<% end %>
|
||||||
<% else %>
|
<% else %>
|
||||||
<%= link_to "Checks", checks_path, class: common_classes + " " + inactive_classes %>
|
<%= content_tag :span, "Checks", class: common_classes + " " + inactive_classes %>
|
||||||
<% end %>
|
<% end %>
|
||||||
|
|
||||||
<% if controller_name == "users" %>
|
<% if policy(User).index? %>
|
||||||
<%= link_to "Users", users_path, class: common_classes + " " + active_classes %>
|
<% if controller_name == "users" %>
|
||||||
|
<%= link_to "Users", users_path, class: common_classes + " " + active_classes %>
|
||||||
|
<% else %>
|
||||||
|
<%= link_to "Users", users_path, class: common_classes + " " + inactive_classes %>
|
||||||
|
<% end %>
|
||||||
<% else %>
|
<% else %>
|
||||||
<%= link_to "Users", users_path, class: common_classes + " " + inactive_classes %>
|
<%= content_tag :span, "Users", class: common_classes + " " + inactive_classes %>
|
||||||
<% end %>
|
<% end %>
|
Loading…
Reference in a new issue