From 3f7c9b0b120b66d9a2f7d49cedcf70e8a2b35e07 Mon Sep 17 00:00:00 2001 From: Toru Takahashi Date: Sun, 20 May 2018 22:19:01 +0900 Subject: [PATCH] [phase-8]introduced security and authorization --- app/views/glossary_categories/index.html.erb | 4 +++- app/views/glossary_categories/show.html.erb | 10 +++++++--- app/views/glossary_terms/_sidebar.html.erb | 9 ++++++--- app/views/glossary_terms/index.html.erb | 4 +++- app/views/glossary_terms/show.html.erb | 10 +++++++--- config/locales/en.yml | 5 ++++- config/locales/ja.yml | 6 +++++- init.rb | 11 ++++++++++- 8 files changed, 45 insertions(+), 14 deletions(-) diff --git a/app/views/glossary_categories/index.html.erb b/app/views/glossary_categories/index.html.erb index 8742aa0..2dc9c5d 100644 --- a/app/views/glossary_categories/index.html.erb +++ b/app/views/glossary_categories/index.html.erb @@ -1,7 +1,9 @@

<%=l :label_glossary_categories %>

- <%= link_to l(:label_glossary_category_new), new_project_glossary_category_path, class: 'icon icon-add' %> + <%= link_to_if_authorized l(:label_glossary_category_new), + { controller: :glossary_categories, action: :new, project_id: @project }, + class: 'icon icon-add' %>
<%= render partial: 'glossary_terms/sidebar' %> diff --git a/app/views/glossary_categories/show.html.erb b/app/views/glossary_categories/show.html.erb index 1521a1c..abea1a7 100644 --- a/app/views/glossary_categories/show.html.erb +++ b/app/views/glossary_categories/show.html.erb @@ -1,7 +1,11 @@
- <%= link_to l(:button_edit), edit_project_glossary_category_path, class: 'icon icon-edit' %> - <%= link_to l(:button_delete), project_glossary_category_path, method: :delete, - data: {confirm: l(:text_are_you_sure)}, class: 'icon icon-del' %> + <%= link_to_if_authorized l(:button_edit), + { controller: :glossary_categories, action: :edit, project_id: @project }, + class: 'icon icon-edit' %> + <%= link_to_if_authorized l(:button_delete), + { controller: :glossary_categories, action: :destroy, + id: @category, project_id: @project }, + method: :delete, data: {confirm: l(:text_are_you_sure)}, class: 'icon icon-del' %>
<%= render partial: 'glossary_terms/sidebar' %> diff --git a/app/views/glossary_terms/_sidebar.html.erb b/app/views/glossary_terms/_sidebar.html.erb index 57dd03c..dda5e16 100644 --- a/app/views/glossary_terms/_sidebar.html.erb +++ b/app/views/glossary_terms/_sidebar.html.erb @@ -2,12 +2,15 @@

<%=l :label_view %>

<%=l :label_glossary_term %>

-

<%= link_to l(:label_glossary_term_new), new_project_glossary_term_path, +

<%= link_to_if_authorized l(:label_glossary_term_new), + { controller: :glossary_terms, action: :new, project_id: @project }, class: 'icon icon-add' %>

<%=l :label_glossary_category %>

-

<%= link_to l(:label_glossary_category_new), - new_project_glossary_category_path, class: 'icon icon-add' %>

+

<%= link_to_if_authorized l(:label_glossary_category_new), + { controller: :glossary_categories, action: :new, project_id: @project}, + class: 'icon icon-add' %>

+

<%= link_to l(:label_glossary_categories), project_glossary_categories_path %>

diff --git a/app/views/glossary_terms/index.html.erb b/app/views/glossary_terms/index.html.erb index 7df779e..a9d6326 100644 --- a/app/views/glossary_terms/index.html.erb +++ b/app/views/glossary_terms/index.html.erb @@ -1,7 +1,9 @@

<%=l :label_glossary_terms %>

- <%= link_to l(:label_glossary_term_new), new_project_glossary_term_path, class: 'icon icon-add' %> + <%= link_to_if_authorized l(:label_glossary_term_new), + { controller: :glossary_terms, action: :new, project_id: @project }, + class: 'icon icon-add' %>
<%= render partial: 'sidebar' %> diff --git a/app/views/glossary_terms/show.html.erb b/app/views/glossary_terms/show.html.erb index f28673f..97d1807 100644 --- a/app/views/glossary_terms/show.html.erb +++ b/app/views/glossary_terms/show.html.erb @@ -1,7 +1,11 @@
- <%= link_to l(:button_edit), edit_project_glossary_term_path, class: 'icon icon-edit' %> - <%= link_to l(:button_delete), project_glossary_term_path, method: :delete, - data: {confirm: l(:text_are_you_sure)}, class: 'icon icon-del' %> + <%= link_to_if_authorized l(:button_edit), + { controller: :glossary_terms, action: :edit, project_id: @project }, + class: 'icon icon-edit' %> + <%= link_to_if_authorized l(:button_delete), + { controller: :glossary_terms, action: :destroy, + id: @term, project_id: @project }, + method: :delete, data: {confirm: l(:text_are_you_sure)}, class: 'icon icon-del' %>
<%= render partial: 'sidebar' %> diff --git a/config/locales/en.yml b/config/locales/en.yml index 969663e..de59059 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -8,6 +8,7 @@ en: label_glossary_category_new: "New glossary category" glossary_title: Glossary + project_module_glossary: Glossary label_view: View label_glossary_index: index @@ -18,4 +19,6 @@ en: M N O P Q R S T U V W X Y Z - \ No newline at end of file + + permission_view_glossary: View glossary + permission_manage_glossary: Manage glossary diff --git a/config/locales/ja.yml b/config/locales/ja.yml index 7128d78..d2a9073 100644 --- a/config/locales/ja.yml +++ b/config/locales/ja.yml @@ -5,8 +5,12 @@ ja: label_glossary_categories: "用語のカテゴリ一覧" label_glossary_category: "用語のカテゴリ" label_glossary_category_new: "カテゴリの作成" + glossary_title: 用語集 + project_module_glossary: 用語集 label_view: 表示 label_glossary_index: 索引 - \ No newline at end of file + + permission_view_glossary: 用語集の閲覧 + permission_manage_glossary: 用語集の管理 diff --git a/init.rb b/init.rb index 64a28fc..3ecc3c6 100644 --- a/init.rb +++ b/init.rb @@ -8,7 +8,16 @@ Redmine::Plugin.register :redmine_glossary do project_module :glossary do - permission :all_glossary, glossary_terms: :index + permission :view_glossary, { + glossary_terms: [:index, :show], + glossary_categories: [:index, :show] + } + permission :manage_glossary, { + glossary_terms: [:new, :create, :edit, :update, :destroy], + glossary_categories: [:new, :create, :edit, :update, :destroy], + }, + require: :member + end menu :project_menu, :glossary,