Convert various administator? tests to use cancancan permissions checks

2019-10-23 10:52:12 +02:00 · 2019-10-23 10:52:12 +02:00 · 60ecfde65c
commit 60ecfde65c
parent edd49e8582
3 changed files with 30 additions and 26 deletions
--- a/app/controllers/diary_entries_controller.rb
+++ b/app/controllers/diary_entries_controller.rb
@ -158,7 +158,7 @@ class DiaryEntriesController < ApplicationController
    @page = (params[:page] || 1).to_i
    @page_size = 20

-    @entries = @entries.visible unless current_user&.administrator?
+    @entries = @entries.visible unless can? :unhide, DiaryEntry
    @entries = @entries.order("created_at DESC")
    @entries = @entries.offset((@page - 1) * @page_size)
    @entries = @entries.limit(@page_size)
@ -203,7 +203,7 @@ class DiaryEntriesController < ApplicationController
    @entry = @user.diary_entries.visible.where(:id => params[:id]).first
    if @entry
      @title = t "diary_entries.show.title", :user => params[:display_name], :title => @entry.title
-      @comments = current_user&.administrator? ? @entry.comments : @entry.visible_comments
+      @comments = can?(:unhidecomment, DiaryEntry) ? @entry.comments : @entry.visible_comments
    else
      @title = t "diary_entries.no_such_entry.title", :id => params[:id]
      render :action => "no_such_entry", :status => :not_found
@ -237,7 +237,7 @@ class DiaryEntriesController < ApplicationController
  def comments
    conditions = { :user_id => @user }

-    conditions[:visible] = true unless current_user&.administrator?
+    conditions[:visible] = true unless can? :unhidecomment, DiaryEntry

    @comment_pages, @comments = paginate(:diary_comments,
                                         :conditions => conditions,
--- a/app/views/layouts/_header.html.erb
+++ b/app/views/layouts/_header.html.erb
@ -40,7 +40,7 @@
  </nav>
  <nav class='secondary'>
    <ul>
-      <% if current_user and ( current_user.administrator? or current_user.moderator? ) %>
+      <% if can? :index, Issue %>
        <li class="compact-hide <%= current_page_class(issues_path) %>">
          <%= link_to issues_path(:status => "open") do %>
            <%= t("layouts.issues") %>
--- a/app/views/users/show.html.erb
+++ b/app/views/users/show.html.erb
@ -111,34 +111,38 @@

      <% end %>

-      <% if current_user and current_user.administrator? %>
+      <% if can?(:set_status, User) || can?(:delete, User) %>

        <ul class='secondary-actions clearfix'>
-          <% if ["active", "confirmed"].include? @user.status %>
-            <li>
-              <%= link_to t(".deactivate_user"), set_status_user_path(:status => "pending", :display_name => @user.display_name), :data => { :confirm => t(".confirm") } %>
-            </li>
-          <% elsif ["pending"].include? @user.status %>
-            <li>
-              <%= link_to t(".activate_user"), set_status_user_path(:status => "active", :display_name => @user.display_name), :data => { :confirm => t(".confirm") } %>
-            </li>
-          <% end %>
+          <% if can? :set_status, User %>
+            <% if ["active", "confirmed"].include? @user.status %>
+              <li>
+                <%= link_to t(".deactivate_user"), set_status_user_path(:status => "pending", :display_name => @user.display_name), :data => { :confirm => t(".confirm") } %>
+              </li>
+            <% elsif ["pending"].include? @user.status %>
+              <li>
+                <%= link_to t(".activate_user"), set_status_user_path(:status => "active", :display_name => @user.display_name), :data => { :confirm => t(".confirm") } %>
+              </li>
+            <% end %>

-          <% if ["active", "suspended"].include? @user.status %>
+            <% if ["active", "suspended"].include? @user.status %>
+              <li>
+                <%= link_to t(".confirm_user"), set_status_user_path(:status => "confirmed", :display_name => @user.display_name), :data => { :confirm => t(".confirm") } %>
+              </li>
+            <% end %>
+              <li>
+                <% if ["pending", "active", "confirmed", "suspended"].include? @user.status %>
+                  <%= link_to t(".hide_user"), set_status_user_path(:status => "deleted", :display_name => @user.display_name), :data => { :confirm => t(".confirm") } %>
+              <% else %>
+                <%= link_to t(".unhide_user"), set_status_user_path(:status => "active", :display_name => @user.display_name), :data => { :confirm => t(".confirm") } %>
+              </li>
+            <% end %>
+          <% end %>
+          <% if can? :delete, User %>
            <li>
-              <%= link_to t(".confirm_user"), set_status_user_path(:status => "confirmed", :display_name => @user.display_name), :data => { :confirm => t(".confirm") } %>
+              <%= link_to t(".delete_user"), delete_user_path(:display_name => @user.display_name), :data => { :confirm => t(".confirm") } %>
            </li>
          <% end %>
-            <li>
-              <% if ["pending", "active", "confirmed", "suspended"].include? @user.status %>
-                <%= link_to t(".hide_user"), set_status_user_path(:status => "deleted", :display_name => @user.display_name), :data => { :confirm => t(".confirm") } %>
-            <% else %>
-              <%= link_to t(".unhide_user"), set_status_user_path(:status => "active", :display_name => @user.display_name), :data => { :confirm => t(".confirm") } %>
-            </li>
-          <% end %>
-          <li>
-            <%= link_to t(".delete_user"), delete_user_path(:display_name => @user.display_name), :data => { :confirm => t(".confirm") } %>
-          </li>
        </ul>

        <% end %>