authorized_projects and authorized_groups methods for user
This commit is contained in:
parent
83f2a387d6
commit
9df6f7bfad
|
@ -5,8 +5,10 @@ class DashboardController < ApplicationController
|
|||
before_filter :event_filter, only: :index
|
||||
|
||||
def index
|
||||
@groups = current_user.accessed_groups
|
||||
@groups = current_user.authorized_groups
|
||||
|
||||
@projects = @projects.page(params[:page]).per(30)
|
||||
|
||||
@events = Event.in_projects(current_user.project_ids)
|
||||
@events = @event_filter.apply_filter(@events)
|
||||
@events = @events.limit(20).offset(params[:offset] || 0)
|
||||
|
@ -43,7 +45,7 @@ class DashboardController < ApplicationController
|
|||
protected
|
||||
|
||||
def projects
|
||||
@projects = current_user.projects_sorted_by_activity
|
||||
@projects = current_user.authorized_projects.sorted_by_activity
|
||||
end
|
||||
|
||||
def event_filter
|
||||
|
|
|
@ -5,6 +5,9 @@ class GroupsController < ApplicationController
|
|||
before_filter :group
|
||||
before_filter :projects
|
||||
|
||||
# Authorize
|
||||
before_filter :authorize_read_group!
|
||||
|
||||
def show
|
||||
@events = Event.in_projects(project_ids).limit(20).offset(params[:offset] || 0)
|
||||
@last_push = current_user.recent_push
|
||||
|
@ -54,16 +57,17 @@ class GroupsController < ApplicationController
|
|||
end
|
||||
|
||||
def projects
|
||||
@projects ||= begin
|
||||
if can?(current_user, :manage_group, @group)
|
||||
@group.projects
|
||||
else
|
||||
current_user.projects.where(namespace_id: @group.id)
|
||||
end.sorted_by_activity.all
|
||||
end
|
||||
@projects ||= group.projects.authorized_for(current_user).sorted_by_activity
|
||||
end
|
||||
|
||||
def project_ids
|
||||
projects.map(&:id)
|
||||
end
|
||||
|
||||
# Dont allow unauthorized access to group
|
||||
def authorize_read_group!
|
||||
unless projects.present? or can?(current_user, :manage_group, @group)
|
||||
return render_404
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -76,6 +76,11 @@ class Project < ActiveRecord::Base
|
|||
scope :sorted_by_activity, ->() { order("(SELECT max(events.created_at) FROM events WHERE events.project_id = projects.id) DESC") }
|
||||
|
||||
class << self
|
||||
def authorized_for user
|
||||
projects = includes(:users_projects, :namespace)
|
||||
projects = projects.where("users_projects.user_id = :user_id or projects.owner_id = :user_id or namespaces.owner_id = :user_id", user_id: user.id)
|
||||
end
|
||||
|
||||
def active
|
||||
joins(:issues, :notes, :merge_requests).order("issues.created_at, notes.created_at, merge_requests.created_at DESC")
|
||||
end
|
||||
|
@ -285,9 +290,4 @@ class Project < ActiveRecord::Base
|
|||
merge_requests
|
||||
end
|
||||
end
|
||||
|
||||
def self.authorized_for user
|
||||
projects = includes(:users_projects, :namespace)
|
||||
projects = projects.where("users_projects.user_id = :user_id or projects.owner_id = :user_id or namespaces.owner_id = :user_id", user_id: user.id)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -124,11 +124,15 @@ class User < ActiveRecord::Base
|
|||
end
|
||||
end
|
||||
|
||||
def accessed_groups
|
||||
@accessed_groups ||= begin
|
||||
def authorized_groups
|
||||
@authorized_groups ||= begin
|
||||
groups = Group.where(id: self.projects.pluck(:namespace_id)).all
|
||||
groups = groups + self.groups
|
||||
groups.uniq
|
||||
end
|
||||
end
|
||||
|
||||
def authorized_projects
|
||||
Project.authorized_for(self)
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue