Fixing and refactoring project permissions in controllers.

2025-09-05 20:54:27 +08:00 · 2018-01-25 12:55:57 +01:00 · 2018-01-25 12:55:57 +01:00 · a21343a819
commit a21343a819
parent 279da20060
2 changed files with 9 additions and 33 deletions
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@ -8,14 +8,11 @@ class ProjectsController < ApplicationController
                                   :notifications, :reports,
                                   :samples, :experiment_archive,
                                   :delete_samples, :samples_index]
-  before_action :check_view_permissions, only: [:show, :reports,
-                                                :samples, :experiment_archive,
-                                                :samples_index]
-  before_action :check_view_notifications_permissions, only: [ :notifications ]
+  before_action :check_view_permissions, only: %i(show reports notifications
+                                                  samples experiment_archive
+                                                  samples_index)
  before_action :check_create_permissions, only: [ :new, :create ]
  before_action :check_edit_permissions, only: [ :edit ]
-  before_action :check_experiment_archive_permissions,
-                only: [:experiment_archive]

  @filter_by_archived = false

@ -325,18 +322,10 @@ class ProjectsController < ApplicationController
    render_403 unless can_create_projects?(current_team)
  end

-  def check_view_notifications_permissions
-    render_403 unless can_read_project?(@project)
-  end
-
  def check_edit_permissions
    render_403 unless can_update_project?(@project)
  end

-  def check_experiment_archive_permissions
-    render_403 unless can_read_project?(@project)
-  end
-
  def choose_layout
    action_name.in?(['index', 'archive']) ? 'main' : 'fluid'
  end
--- a/app/controllers/user_projects_controller.rb
+++ b/app/controllers/user_projects_controller.rb
@ -3,12 +3,9 @@ class UserProjectsController < ApplicationController
  include InputSanitizeHelper

  before_action :load_vars
-  before_action :check_view_tab_permissions, only: :index
-  before_action :check_view_permissions, only: :index_edit
+  before_action :check_view_permissions, only: %i(index index_edit)
  before_action :check_create_permissions, only: :create
-  # TODO  check update permissions
-  before_action :check_update_permisisons, only: :update
-  before_action :check_delete_permisisons, only: :destroy
+  before_action :check_update_permisisons, only: %i(update destroy)

  def index
    @users = @project.user_projects
@ -180,27 +177,17 @@ class UserProjectsController < ApplicationController
    end
  end

-  def check_view_tab_permissions
+  def check_view_permissions
    render_403 unless can_read_project?(@project)
  end

-  def check_view_permissions
-    render_403 unless can_update_project?(@project)
-  end
-
  def check_create_permissions
-    render_403 unless can_update_project?(@project)
+    render_403 unless can_create_projects?(current_team)
  end

  def check_update_permisisons
-    # TODO: improve permissions for changing your role on project
-    render_403 unless params[:id] != current_user.id
-  end
-
-  def check_delete_permisisons
-    # TODO: improve permissions for remove yourself from project
-    render_403 unless params[:id] != current_user.id
-    render_403 unless can_update_project?(@project)
+    render_403 unless can_update_project?(@project) ||
+                      params[:id] != current_user.id
  end

  def init_gui