FeenixMakers/hubfeenix.fi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add pundir style authorization

Browse Source
This commit is contained in:
Torsten
2023-01-15 21:50:58 +02:00
parent d815488b92
commit 485c0475b7
6 changed files with 74 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Gemfile
View File

@ -20,7 +20,7 @@ gem 'kaminari'
gem "ruby2js" , git: "https://github.com/ruby2js/ruby2js/" , branch: "haml_fix" gem "ruby2js" , git: "https://github.com/ruby2js/ruby2js/" , branch: "haml_fix"
gem 'thredded', '~> 1.0' gem 'thredded', '~> 1.0'
gem "rest-client" gem "rest-client"
gem "pundit"
gem "simple_form" , "5.1.0" gem "simple_form" , "5.1.0"
gem "simple_form_tailwind_css" gem "simple_form_tailwind_css"

1
Gemfile.lock
View File

@ -443,6 +443,7 @@ DEPENDENCIES
mina mina
passenger passenger
pg (~> 1.1) pg (~> 1.1)
pundit
rails (~> 7.0) rails (~> 7.0)
rest-client rest-client
ruby2js! ruby2js!

4
app/controllers/application_controller.rb
View File

@ -1,6 +1,10 @@
class ApplicationController < ActionController::Base class ApplicationController < ActionController::Base
before_action :configure_permitted_parameters, if: :devise_controller? before_action :configure_permitted_parameters, if: :devise_controller?
include Pundit::Authorization
alias :current_user :current_member #for pundit
protected protected
def configure_permitted_parameters def configure_permitted_parameters

3
app/controllers/teachers_controller.rb
View File

@ -17,6 +17,7 @@ class TeachersController < ApplicationController
# GET /teachers/1/edit # GET /teachers/1/edit
def edit def edit
authorize @teacher
end end
# POST /teachers # POST /teachers
@ -33,6 +34,7 @@ class TeachersController < ApplicationController
# PATCH/PUT /teachers/1 # PATCH/PUT /teachers/1
def update def update
authorize @teacher
if @teacher.update(teacher_params) if @teacher.update(teacher_params)
redirect_to @teacher, notice: "Teacher Profile was updated." redirect_to @teacher, notice: "Teacher Profile was updated."
else else
@ -42,6 +44,7 @@ class TeachersController < ApplicationController
# DELETE /teachers/1 # DELETE /teachers/1
def destroy def destroy
authorize @teacher
@teacher.destroy @teacher.destroy
redirect_to teachers_url, notice: "Teacher was successfully destroyed." redirect_to teachers_url, notice: "Teacher was successfully destroyed."
end end

53
app/policies/application_policy.rb Normal file
View File

@ -0,0 +1,53 @@
# frozen_string_literal: true
class ApplicationPolicy
attr_reader :member, :record
def initialize(member, record)
@member = member
@record = record
end
def index?
false
end
def show?
false
end
def create?
false
end
def new?
create?
end
def update?
false
end
def edit?
update?
end
def destroy?
false
end
class Scope
def initialize(member, scope)
@member = member
@scope = scope
end
def resolve
raise NotImplementedError, "You must define #resolve in #{self.class}"
end
private
attr_reader :member, :scope
end
end

9
app/policies/teacher_policy.rb Normal file
View File

@ -0,0 +1,9 @@
class TeacherPolicy < ApplicationPolicy
def edit?
(member == record.member) or member.admin?
end
alias :update? :edit?
alias :destroy? :edit?
end