diff options
| author | Luke Shumaker <shumakl@purdue.edu> | 2014-04-29 11:25:23 -0400 |
|---|---|---|
| committer | Luke Shumaker <shumakl@purdue.edu> | 2014-04-29 11:25:23 -0400 |
| commit | 0d6f7a3bfbf4c87510a1bcf967b618f98e149d49 (patch) | |
| tree | e3cd7d5329bd3c04a2fbfc766db34766fab12bc3 | |
| parent | 8aefe73872571ac54738bde71d4da5611659a0cc (diff) | |
clean up permission system
| -rw-r--r-- | app/controllers/alerts_controller.rb | 4 | ||||
| -rw-r--r-- | app/controllers/application_controller.rb | 7 | ||||
| -rw-r--r-- | app/controllers/brackets_controller.rb | 4 | ||||
| -rw-r--r-- | app/controllers/sessions_controller.rb | 4 | ||||
| -rw-r--r-- | app/controllers/teams_controller.rb | 4 | ||||
| -rw-r--r-- | app/controllers/tournaments_controller.rb | 4 | ||||
| -rw-r--r-- | app/controllers/users_controller.rb | 4 | ||||
| -rw-r--r-- | app/models/alert.rb | 4 | ||||
| -rw-r--r-- | app/models/bracket.rb | 4 | ||||
| -rw-r--r-- | app/models/session.rb | 4 | ||||
| -rw-r--r-- | app/models/team.rb | 4 | ||||
| -rw-r--r-- | app/models/tournament.rb | 4 | ||||
| -rw-r--r-- | app/models/user.rb | 3 | ||||
| -rw-r--r-- | config/initializers/permissions_system.rb | 11 |
14 files changed, 35 insertions, 30 deletions
diff --git a/app/controllers/alerts_controller.rb b/app/controllers/alerts_controller.rb index b728c7e..8f65f3b 100644 --- a/app/controllers/alerts_controller.rb +++ b/app/controllers/alerts_controller.rb @@ -73,10 +73,6 @@ class AlertsController < ApplicationController @alert = Alert.find(params[:id]) end - def is_owner?(object) - object.author == current_user - end - # Never trust parameters from the scary internet, only allow the white list through. def alert_params params.require(:alert).permit(:author_id, :message) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index d5752aa..d416c94 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -14,7 +14,7 @@ class ApplicationController < ActionController::Base include SimpleCaptcha::ControllerHelpers def check_permission(verb, object=nil) - unless current_user.can?((verb.to_s+"_"+noun).to_sym) or (!object.nil? and is_owner?(object)) + unless current_user.can?("#{verb.to_s}_#{noun}".to_sym) or object.try(:check_permission, current_user, verb) respond_to do |format| format.html do if object.nil? @@ -47,9 +47,4 @@ class ApplicationController < ActionController::Base object = send("set_"+noun) check_permission(:edit, object) end - - # Override this - def is_owner?(object) - return false - end end diff --git a/app/controllers/brackets_controller.rb b/app/controllers/brackets_controller.rb index e202c96..c5dd887 100644 --- a/app/controllers/brackets_controller.rb +++ b/app/controllers/brackets_controller.rb @@ -101,8 +101,4 @@ class BracketsController < ApplicationController puts ">"*80 params.require(:bracket).require(:matches) end - - def is_owner?(bracket) - bracket.user == current_user - end end diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 9f0a8e3..dfaeebc 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -48,8 +48,4 @@ class SessionsController < ApplicationController def session_params params.require(:session).permit(:session_email, :session_user_name, :session_password) end - - def is_owner?(object) - object.user == current_user - end end diff --git a/app/controllers/teams_controller.rb b/app/controllers/teams_controller.rb index 6abc74c..dc85c8e 100644 --- a/app/controllers/teams_controller.rb +++ b/app/controllers/teams_controller.rb @@ -70,8 +70,4 @@ class TeamsController < ApplicationController def team_params params[:team] end - - def is_owner?(object) - object.users.include?(current_user) - end end diff --git a/app/controllers/tournaments_controller.rb b/app/controllers/tournaments_controller.rb index 0b81dd9..c58eb94 100644 --- a/app/controllers/tournaments_controller.rb +++ b/app/controllers/tournaments_controller.rb @@ -210,10 +210,6 @@ class TournamentsController < ApplicationController params.require(:tournament).require(:stages).require(i.to_s).permit(:scheduling_method, :seeding_method) end - def is_owner?(object) - object.hosts.include?(current_user) - end - # Turn of check_edit, since our #update is flexible def check_edit set_tournament diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 767d992..e9efb36 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -93,10 +93,6 @@ class UsersController < ApplicationController @user = User.find(params[:id]) end - def is_owner?(object) - object == current_user - end - # Never trust parameters from the scary internet, only allow the white list through. def user_params permitted = [ :name, :email, :user_name, :password, :password_confirmation ] diff --git a/app/models/alert.rb b/app/models/alert.rb index 9876711..e8a4cf2 100644 --- a/app/models/alert.rb +++ b/app/models/alert.rb @@ -1,3 +1,7 @@ class Alert < ActiveRecord::Base belongs_to :author, class_name: "User" + + def owned_by?(user) + self.author == user + end end diff --git a/app/models/bracket.rb b/app/models/bracket.rb index 48414c3..5aac704 100644 --- a/app/models/bracket.rb +++ b/app/models/bracket.rb @@ -3,6 +3,10 @@ class Bracket < ActiveRecord::Base belongs_to :tournament has_many :bracket_matches + def owned_by?(tuser) + self.user == tuser + end + def create_matches tournament.stages.order(:id).first.matches.order(:id).each do |m| bracket_matches.create(match: m) diff --git a/app/models/session.rb b/app/models/session.rb index f5e642b..27687eb 100644 --- a/app/models/session.rb +++ b/app/models/session.rb @@ -1,6 +1,10 @@ class Session < ActiveRecord::Base belongs_to :user + def owned_by?(tuser) + self.user == tuser + end + ## # Create a random remember token for the user. This will be # changed every time the user creates a new session. diff --git a/app/models/team.rb b/app/models/team.rb index 828d168..90981da 100644 --- a/app/models/team.rb +++ b/app/models/team.rb @@ -3,4 +3,8 @@ class Team < ActiveRecord::Base has_and_belongs_to_many :users alias_attribute :players, :users + + def owned_by?(user) + self.users.include?(user) + end end diff --git a/app/models/tournament.rb b/app/models/tournament.rb index 8a96dcc..854b8c9 100644 --- a/app/models/tournament.rb +++ b/app/models/tournament.rb @@ -55,6 +55,10 @@ class Tournament < ActiveRecord::Base (not self.scoring_method.try(:empty?)) and (scoring_methods.include? scoring_method) end + def owned_by?(user) + self.hosts.include?(user) + end + # Settings ################################################################# def settings diff --git a/app/models/user.rb b/app/models/user.rb index a39037c..ad95683 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -1,4 +1,7 @@ class User < ActiveRecord::Base + def owned_by?(tuser) + self == tuser + end ################################################################## # Relationships # ################################################################## diff --git a/config/initializers/permissions_system.rb b/config/initializers/permissions_system.rb new file mode 100644 index 0000000..9d1de9f --- /dev/null +++ b/config/initializers/permissions_system.rb @@ -0,0 +1,11 @@ +module ActiveRecord + class Base + def check_permission(user, verb) + user.can?("#{verb.to_s}_#{self.class.name.underscore}".to_sym) or self.owned_by?(user) + end + + def owned_by?(user) + return false + end + end +end |