security improved

2011-10-17 13:39:03 +03:00 · 2011-10-17 13:39:03 +03:00 · 783ca89796
commit 783ca89796
parent b08e4074b4
9 changed files with 74 additions and 26 deletions
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@ -2,6 +2,9 @@ class Ability
  def self.allowed(object, subject)
    case subject.class.name
    when "Project" then project_abilities(object, subject)
+    when "Issue" then issue_abilities(object, subject)
+    when "Note" then note_abilities(object, subject)
+    when "Snippet" then snippet_abilities(object, subject)
    else []
    end
  end
@ -34,4 +37,21 @@ class Ability

    rules.flatten
  end
+
+  class << self 
+    [:issue, :note, :snippet].each do |name|
+      define_method "#{name}_abilities" do |user, subject|
+        if subject.author == user
+          [
+            :"read_#{name}",
+            :"write_#{name}",
+            :"admin_#{name}"
+          ]
+        else
+          subject.respond_to?(:project) ? 
+            project_abilities(user, subject.project) : []
+        end
+      end
+    end
+  end
 end