authorized_projects and authorized_groups methods for user

2012-11-29 17:17:01 +02:00 · 2012-11-29 17:17:01 +02:00 · 9df6f7bfad
parent 83f2a387d6
commit 9df6f7bfad
4 changed files with 26 additions and 16 deletions
--- a/app/controllers/dashboard_controller.rb
+++ b/app/controllers/dashboard_controller.rb
@ -5,8 +5,10 @@ class DashboardController < ApplicationController
  before_filter :event_filter, only: :index
  def index
-    @groups = current_user.accessed_groups
+    @groups = current_user.authorized_groups
    @projects = @projects.page(params[:page]).per(30)
    @events = Event.in_projects(current_user.project_ids)
    @events = @event_filter.apply_filter(@events)
    @events = @events.limit(20).offset(params[:offset] || 0)
@ -43,7 +45,7 @@ class DashboardController < ApplicationController
  protected
  def projects
-    @projects = current_user.projects_sorted_by_activity
+    @projects = current_user.authorized_projects.sorted_by_activity
  end
  def event_filter
--- a/app/controllers/groups_controller.rb
+++ b/app/controllers/groups_controller.rb
@ -5,6 +5,9 @@ class GroupsController < ApplicationController
  before_filter :group
  before_filter :projects
  # Authorize
  before_filter :authorize_read_group!
  def show
    @events = Event.in_projects(project_ids).limit(20).offset(params[:offset] || 0)
    @last_push = current_user.recent_push
@ -54,16 +57,17 @@ class GroupsController < ApplicationController
  end
  def projects
-    @projects ||= begin
+    @projects ||= group.projects.authorized_for(current_user).sorted_by_activity
                    if can?(current_user, :manage_group, @group)
                      @group.projects
                    else
                      current_user.projects.where(namespace_id: @group.id)
                    end.sorted_by_activity.all
                  end
  end
  def project_ids
    projects.map(&:id)
  end
  # Dont allow unauthorized access to group
  def authorize_read_group!
    unless projects.present? or can?(current_user, :manage_group, @group)
      return render_404
    end
  end
 end
--- a/app/models/project.rb
+++ b/app/models/project.rb
@ -76,6 +76,11 @@ class Project < ActiveRecord::Base
  scope :sorted_by_activity, ->() { order("(SELECT max(events.created_at) FROM events WHERE events.project_id = projects.id) DESC") }
  class << self
    def authorized_for user
      projects = includes(:users_projects, :namespace)
      projects = projects.where("users_projects.user_id = :user_id or projects.owner_id = :user_id or namespaces.owner_id = :user_id", user_id: user.id)
    end
    def active
      joins(:issues, :notes, :merge_requests).order("issues.created_at, notes.created_at, merge_requests.created_at DESC")
    end
@ -285,9 +290,4 @@ class Project < ActiveRecord::Base
      merge_requests
    end
  end
  def self.authorized_for user
    projects = includes(:users_projects, :namespace)
    projects = projects.where("users_projects.user_id = :user_id or projects.owner_id = :user_id or namespaces.owner_id = :user_id", user_id: user.id)
  end
 end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -124,11 +124,15 @@ class User < ActiveRecord::Base
    end
  end
-  def accessed_groups
+  def authorized_groups
-    @accessed_groups ||= begin
+    @authorized_groups ||= begin
                           groups = Group.where(id: self.projects.pluck(:namespace_id)).all
                           groups = groups + self.groups
                           groups.uniq
                         end
  end
  def authorized_projects
    Project.authorized_for(self)
  end
 end