diff options
author | Luke Shumaker <shumakl@purdue.edu> | 2014-04-29 11:25:23 -0400 |
---|---|---|
committer | Luke Shumaker <shumakl@purdue.edu> | 2014-04-29 11:25:23 -0400 |
commit | 0d6f7a3bfbf4c87510a1bcf967b618f98e149d49 (patch) | |
tree | e3cd7d5329bd3c04a2fbfc766db34766fab12bc3 /app/controllers | |
parent | 8aefe73872571ac54738bde71d4da5611659a0cc (diff) |
clean up permission system
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/alerts_controller.rb | 4 | ||||
-rw-r--r-- | app/controllers/application_controller.rb | 7 | ||||
-rw-r--r-- | app/controllers/brackets_controller.rb | 4 | ||||
-rw-r--r-- | app/controllers/sessions_controller.rb | 4 | ||||
-rw-r--r-- | app/controllers/teams_controller.rb | 4 | ||||
-rw-r--r-- | app/controllers/tournaments_controller.rb | 4 | ||||
-rw-r--r-- | app/controllers/users_controller.rb | 4 |
7 files changed, 1 insertions, 30 deletions
diff --git a/app/controllers/alerts_controller.rb b/app/controllers/alerts_controller.rb index b728c7e..8f65f3b 100644 --- a/app/controllers/alerts_controller.rb +++ b/app/controllers/alerts_controller.rb @@ -73,10 +73,6 @@ class AlertsController < ApplicationController @alert = Alert.find(params[:id]) end - def is_owner?(object) - object.author == current_user - end - # Never trust parameters from the scary internet, only allow the white list through. def alert_params params.require(:alert).permit(:author_id, :message) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index d5752aa..d416c94 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -14,7 +14,7 @@ class ApplicationController < ActionController::Base include SimpleCaptcha::ControllerHelpers def check_permission(verb, object=nil) - unless current_user.can?((verb.to_s+"_"+noun).to_sym) or (!object.nil? and is_owner?(object)) + unless current_user.can?("#{verb.to_s}_#{noun}".to_sym) or object.try(:check_permission, current_user, verb) respond_to do |format| format.html do if object.nil? @@ -47,9 +47,4 @@ class ApplicationController < ActionController::Base object = send("set_"+noun) check_permission(:edit, object) end - - # Override this - def is_owner?(object) - return false - end end diff --git a/app/controllers/brackets_controller.rb b/app/controllers/brackets_controller.rb index e202c96..c5dd887 100644 --- a/app/controllers/brackets_controller.rb +++ b/app/controllers/brackets_controller.rb @@ -101,8 +101,4 @@ class BracketsController < ApplicationController puts ">"*80 params.require(:bracket).require(:matches) end - - def is_owner?(bracket) - bracket.user == current_user - end end diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 9f0a8e3..dfaeebc 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -48,8 +48,4 @@ class SessionsController < ApplicationController def session_params params.require(:session).permit(:session_email, :session_user_name, :session_password) end - - def is_owner?(object) - object.user == current_user - end end diff --git a/app/controllers/teams_controller.rb b/app/controllers/teams_controller.rb index 6abc74c..dc85c8e 100644 --- a/app/controllers/teams_controller.rb +++ b/app/controllers/teams_controller.rb @@ -70,8 +70,4 @@ class TeamsController < ApplicationController def team_params params[:team] end - - def is_owner?(object) - object.users.include?(current_user) - end end diff --git a/app/controllers/tournaments_controller.rb b/app/controllers/tournaments_controller.rb index 0b81dd9..c58eb94 100644 --- a/app/controllers/tournaments_controller.rb +++ b/app/controllers/tournaments_controller.rb @@ -210,10 +210,6 @@ class TournamentsController < ApplicationController params.require(:tournament).require(:stages).require(i.to_s).permit(:scheduling_method, :seeding_method) end - def is_owner?(object) - object.hosts.include?(current_user) - end - # Turn of check_edit, since our #update is flexible def check_edit set_tournament diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 767d992..e9efb36 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -93,10 +93,6 @@ class UsersController < ApplicationController @user = User.find(params[:id]) end - def is_owner?(object) - object == current_user - end - # Never trust parameters from the scary internet, only allow the white list through. def user_params permitted = [ :name, :email, :user_name, :password, :password_confirmation ] |