Use resourceful routes for granting/revoking user roles

2024-10-28 03:44:10 +03:00 · 2024-10-28 03:44:10 +03:00 · b8247478f4
commit b8247478f4
parent e15a92a302
8 changed files with 59 additions and 58 deletions
--- a/app/abilities/ability.rb
+++ b/app/abilities/ability.rb
@ -68,7 +68,7 @@ class Ability
          can [:index, :show, :resolve, :ignore, :reopen], Issue
          can :create, IssueComment
          can [:set_status, :destroy, :index], User
-          can [:grant, :revoke], UserRole
+          can [:create, :destroy], UserRole
        end
      end
    end
--- a/app/controllers/concerns/user_methods.rb
+++ b/app/controllers/concerns/user_methods.rb
@ -6,9 +6,10 @@ module UserMethods
  ##
  # ensure that there is a "user" instance variable
  def lookup_user
-    @user = User.active.find_by!(:display_name => params[:display_name])
+    display_name = params[:display_name] || params[:user_display_name]
+    @user = User.active.find_by!(:display_name => display_name)
  rescue ActiveRecord::RecordNotFound
-    render_unknown_user params[:display_name]
+    render_unknown_user display_name
  end

  ##
--- a/app/controllers/user_roles_controller.rb
+++ b/app/controllers/user_roles_controller.rb
@ -9,15 +9,15 @@ class UserRolesController < ApplicationController

  before_action :lookup_user
  before_action :require_valid_role
-  before_action :not_in_role, :only => [:grant]
-  before_action :in_role, :only => [:revoke]
+  before_action :not_in_role, :only => :create
+  before_action :in_role, :only => :destroy

-  def grant
+  def create
    @user.roles.create(:role => @role, :granter => current_user)
    redirect_to user_path(@user)
  end

-  def revoke
+  def destroy
    # checks that administrator role is not revoked from current user
    if current_user == @user && @role == "administrator"
      flash[:error] = t("user_role.filter.not_revoke_admin_current_user")
--- a/app/helpers/user_roles_helper.rb
+++ b/app/helpers/user_roles_helper.rb
@ -7,12 +7,12 @@ module UserRolesHelper
    if current_user&.administrator?
      if user.role?(role)
        link_to role_icon_svg_tag(role, false, t("users.show.role.revoke.#{role}")),
-                revoke_role_path(user, role),
-                :method => :post,
+                user_role_path(user, role),
+                :method => :delete,
                :data => { :confirm => t("user_role.revoke.are_you_sure", :name => user.display_name, :role => role) }
      else
        link_to role_icon_svg_tag(role, true, t("users.show.role.grant.#{role}")),
-                grant_role_path(user, role),
+                user_role_path(user, role),
                :method => :post,
                :data => { :confirm => t("user_role.grant.are_you_sure", :name => user.display_name, :role => role) }
      end