Commit 7534154b authored by Andrey Kumanyaev's avatar Andrey Kumanyaev Committed by Dmitriy Zaporozhets

Add access control in public section to users teams

parent dcea5220
class Teams::ApplicationController < ApplicationController
before_filter :authorize_manage_user_team!
protected
def user_team
@user_team ||= UserTeam.find_by_path(params[:team_id])
end
def authorize_manage_user_team!
return access_denied! unless can?(current_user, :manage_user_team, user_team)
end
end
class Teams::MembersController < Teams::ApplicationController
# Authorize
before_filter :authorize_manage_user_team!, only: [:new, :edit]
skip_before_filter :authorize_manage_user_team!, only: [:index]
def index
@members = @user_team.members
......
class Teams::ProjectsController < Teams::ApplicationController
skip_before_filter :authorize_manage_user_team!, only: [:index]
def index
@projects = user_team.projects
@avaliable_projects = current_user.admin? ? Project.without_team(user_team) : (Project.personal(current_user) + current_user.projects).uniq
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment