scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2025-03-10 14:46:42 +08:00
Code Issues Projects Releases Packages Wiki Activity

check the permissions in before action

Browse source
This commit is contained in:
Miha Mencin 2019-11-22 13:23:02 +01:00
parent 04a6645cfc
commit 1bf6663196
1 changed files with 7 additions and 2 deletions

9
app/controllers/repository_rows_controller.rb
View file

@ -12,8 +12,9 @@ class RepositoryRowsController < ApplicationController
copy_records copy_records
available_rows) available_rows)
before_action :check_create_permissions, only: :create before_action :check_create_permissions, only: :create
before_action :check_delete_permissions, only: :delete_records
before_action :check_manage_permissions, before_action :check_manage_permissions,
only: %i(edit update delete_records copy_records) only: %i(edit update copy_records)
def index def index
@draw = params[:draw].to_i @draw = params[:draw].to_i
@ -270,7 +271,6 @@ class RepositoryRowsController < ApplicationController
end end
def delete_records def delete_records
render_403 unless can_delete_repository_rows?(@repository)
deleted_count = 0 deleted_count = 0
if selected_params if selected_params
selected_params.each do |row_id| selected_params.each do |row_id|
@ -373,6 +373,11 @@ class RepositoryRowsController < ApplicationController
render_403 unless can_manage_repository_rows?(@repository) render_403 unless can_manage_repository_rows?(@repository)
end end
def check_delete_permissions
render_403 unless can_delete_repository_rows?(@repository)
end
def record_params def record_params
params.permit(:repository_row_name).to_h params.permit(:repository_row_name).to_h
end end