cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Convert various administator? tests to use cancancan permissions checks

Browse source
This commit is contained in:
Andy Allan 2019-10-23 10:52:12 +02:00
parent edd49e8582
commit 60ecfde65c
3 changed files with 30 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

6
app/controllers/diary_entries_controller.rb
View file

@ -158,7 +158,7 @@ class DiaryEntriesController < ApplicationController
@page = (params[:page] || 1).to_i @page = (params[:page] || 1).to_i
@page_size = 20 @page_size = 20
@entries = @entries.visible unless current_user&.administrator? @entries = @entries.visible unless can? :unhide, DiaryEntry
@entries = @entries.order("created_at DESC") @entries = @entries.order("created_at DESC")
@entries = @entries.offset((@page - 1) * @page_size) @entries = @entries.offset((@page - 1) * @page_size)
@entries = @entries.limit(@page_size) @entries = @entries.limit(@page_size)
@ -203,7 +203,7 @@ class DiaryEntriesController < ApplicationController
@entry = @user.diary_entries.visible.where(:id => params[:id]).first @entry = @user.diary_entries.visible.where(:id => params[:id]).first
if @entry if @entry
@title = t "diary_entries.show.title", :user => params[:display_name], :title => @entry.title @title = t "diary_entries.show.title", :user => params[:display_name], :title => @entry.title
@comments = current_user&.administrator? ? @entry.comments : @entry.visible_comments @comments = can?(:unhidecomment, DiaryEntry) ? @entry.comments : @entry.visible_comments
else else
@title = t "diary_entries.no_such_entry.title", :id => params[:id] @title = t "diary_entries.no_such_entry.title", :id => params[:id]
render :action => "no_such_entry", :status => :not_found render :action => "no_such_entry", :status => :not_found
@ -237,7 +237,7 @@ class DiaryEntriesController < ApplicationController
def comments def comments
conditions = { :user_id => @user } conditions = { :user_id => @user }
conditions[:visible] = true unless current_user&.administrator? conditions[:visible] = true unless can? :unhidecomment, DiaryEntry
@comment_pages, @comments = paginate(:diary_comments, @comment_pages, @comments = paginate(:diary_comments,
:conditions => conditions, :conditions => conditions,

2
app/views/layouts/_header.html.erb
View file

@ -40,7 +40,7 @@
</nav> </nav>
<nav class='secondary'> <nav class='secondary'>
<ul> <ul>
<% if current_user and ( current_user.administrator? or current_user.moderator? ) %> <% if can? :index, Issue %>
<li class="compact-hide <%= current_page_class(issues_path) %>"> <li class="compact-hide <%= current_page_class(issues_path) %>">
<%= link_to issues_path(:status => "open") do %> <%= link_to issues_path(:status => "open") do %>
<%= t("layouts.issues") %> <%= t("layouts.issues") %>

6
app/views/users/show.html.erb
View file

@ -111,9 +111,10 @@
<% end %> <% end %>
<% if current_user and current_user.administrator? %> <% if can?(:set_status, User) || can?(:delete, User) %>
<ul class='secondary-actions clearfix'> <ul class='secondary-actions clearfix'>
<% if can? :set_status, User %>
<% if ["active", "confirmed"].include? @user.status %> <% if ["active", "confirmed"].include? @user.status %>
<li> <li>
<%= link_to t(".deactivate_user"), set_status_user_path(:status => "pending", :display_name => @user.display_name), :data => { :confirm => t(".confirm") } %> <%= link_to t(".deactivate_user"), set_status_user_path(:status => "pending", :display_name => @user.display_name), :data => { :confirm => t(".confirm") } %>
@ -136,9 +137,12 @@
<%= link_to t(".unhide_user"), set_status_user_path(:status => "active", :display_name => @user.display_name), :data => { :confirm => t(".confirm") } %> <%= link_to t(".unhide_user"), set_status_user_path(:status => "active", :display_name => @user.display_name), :data => { :confirm => t(".confirm") } %>
</li> </li>
<% end %> <% end %>
<% end %>
<% if can? :delete, User %>
<li> <li>
<%= link_to t(".delete_user"), delete_user_path(:display_name => @user.display_name), :data => { :confirm => t(".confirm") } %> <%= link_to t(".delete_user"), delete_user_path(:display_name => @user.display_name), :data => { :confirm => t(".confirm") } %>
</li> </li>
<% end %>
</ul> </ul>
<% end %> <% end %>