scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2025-03-04 19:53:19 +08:00
Code Issues Projects Releases Packages Wiki Activity

Add permission check for every project

Browse source
This commit is contained in:
Jure Grabnar 2018-09-23 14:34:21 +02:00
parent 6106904460
commit 59169f882d
1 changed files with 14 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
app/controllers/teams_controller.rb
View file

@ -1,9 +1,11 @@
class TeamsController < ApplicationController
before_action :load_vars, only: [:parse_sheet, :import_samples, :export_samples]
before_action :load_vars, only: [:parse_sheet, :import_samples, :export_samples
:export_all]
before_action :check_create_samples_permissions, only: %i(parse_sheet
import_samples)
before_action :check_view_samples_permission, only: [:export_samples]
before_action :check_export_all_permission, only: [:export_all]
def parse_sheet
session[:return_to] ||= request.referer
@ -278,6 +280,17 @@ class TeamsController < ApplicationController
end
end
def check_export_all_permission
render_403 unless can_read_team?(@team)
if export_params[:project_ids]
projects = Project.where(id: export_params[:project_ids])
projects.each do |project|
render_403 unless can_read_project(current_user, project)
end
end
end
def generate_samples_zip
zip = ZipExport.create(user: current_user)
zip.generate_exportable_zip(