[phase-8]introduced security and authorization

2018-05-20 22:19:01 +09:00 · 2018-05-20 22:19:01 +09:00 · 3f7c9b0b12
commit 3f7c9b0b12
parent 100ef15246
8 changed files with 45 additions and 14 deletions
--- a/app/views/glossary_categories/index.html.erb
+++ b/app/views/glossary_categories/index.html.erb
@ -1,7 +1,9 @@
 <h2><%=l :label_glossary_categories %></h2>
 <div class="contextual">
-  <%= link_to l(:label_glossary_category_new), new_project_glossary_category_path, class: 'icon icon-add' %>
+  <%= link_to_if_authorized l(:label_glossary_category_new),
  { controller: :glossary_categories, action: :new, project_id: @project },
  class: 'icon icon-add' %>
 </div>
 <%= render partial: 'glossary_terms/sidebar' %>
--- a/app/views/glossary_categories/show.html.erb
+++ b/app/views/glossary_categories/show.html.erb
@ -1,7 +1,11 @@
 <div class="contextual">
-  <%= link_to l(:button_edit), edit_project_glossary_category_path, class: 'icon icon-edit' %>
+  <%= link_to_if_authorized l(:button_edit),
-  <%= link_to l(:button_delete), project_glossary_category_path, method: :delete,
+  { controller: :glossary_categories, action: :edit, project_id: @project },
-  data: {confirm: l(:text_are_you_sure)}, class: 'icon icon-del' %>
+  class: 'icon icon-edit' %>
  <%= link_to_if_authorized l(:button_delete),
  { controller: :glossary_categories, action: :destroy,
    id: @category, project_id: @project },
    method: :delete, data: {confirm: l(:text_are_you_sure)}, class: 'icon icon-del' %>
 </div>
 <%= render partial: 'glossary_terms/sidebar' %>
--- a/app/views/glossary_terms/_sidebar.html.erb
+++ b/app/views/glossary_terms/_sidebar.html.erb
@ -2,12 +2,15 @@
  <h3><%=l :label_view %></h3>
  <h3><%=l :label_glossary_term %></h3>
-  <p><%= link_to l(:label_glossary_term_new), new_project_glossary_term_path,
+  <p><%= link_to_if_authorized l(:label_glossary_term_new),
     { controller: :glossary_terms, action: :new, project_id: @project },
     class: 'icon icon-add' %></p>
  <h3><%=l :label_glossary_category %></h3>
-  <p><%= link_to l(:label_glossary_category_new),
+  <p><%= link_to_if_authorized l(:label_glossary_category_new),
-     new_project_glossary_category_path, class: 'icon icon-add' %></p>
+     { controller: :glossary_categories, action: :new, project_id: @project},
     class: 'icon icon-add' %></p>
  <p><%= link_to l(:label_glossary_categories),
     project_glossary_categories_path %></p>
--- a/app/views/glossary_terms/index.html.erb
+++ b/app/views/glossary_terms/index.html.erb
@ -1,7 +1,9 @@
 <h2><%=l :label_glossary_terms %></h2>
 <div class="contextual">
-  <%= link_to l(:label_glossary_term_new), new_project_glossary_term_path, class: 'icon icon-add' %>
+  <%= link_to_if_authorized l(:label_glossary_term_new),
  { controller: :glossary_terms, action: :new, project_id: @project },
  class: 'icon icon-add' %>
 </div>
 <%= render partial: 'sidebar' %>
--- a/app/views/glossary_terms/show.html.erb
+++ b/app/views/glossary_terms/show.html.erb
@ -1,7 +1,11 @@
 <div class="contextual">
-  <%= link_to l(:button_edit), edit_project_glossary_term_path, class: 'icon icon-edit' %>
+  <%= link_to_if_authorized l(:button_edit),
-  <%= link_to l(:button_delete), project_glossary_term_path, method: :delete,
+  { controller: :glossary_terms, action: :edit, project_id: @project },
-  data: {confirm: l(:text_are_you_sure)}, class: 'icon icon-del' %>
+  class: 'icon icon-edit' %>
  <%= link_to_if_authorized l(:button_delete),
  { controller: :glossary_terms, action: :destroy,
    id: @term, project_id: @project },
    method: :delete, data: {confirm: l(:text_are_you_sure)}, class: 'icon icon-del' %>
 </div>
 <%= render partial: 'sidebar' %>
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -8,6 +8,7 @@ en:
  label_glossary_category_new: "New glossary category"
  glossary_title: Glossary
  project_module_glossary: Glossary
  label_view: View
  label_glossary_index: index
@ -18,4 +19,6 @@ en:
      M N O P Q R
      S T U V W X
      Y Z
-      
+
  permission_view_glossary: View glossary
  permission_manage_glossary: Manage glossary
--- a/config/locales/ja.yml
+++ b/config/locales/ja.yml
@ -5,8 +5,12 @@ ja:
  label_glossary_categories: "用語のカテゴリ一覧"
  label_glossary_category: "用語のカテゴリ"
  label_glossary_category_new: "カテゴリの作成"
  glossary_title: 用語集
  project_module_glossary: 用語集
  label_view: 表示
  label_glossary_index:	索引
-  
+
  permission_view_glossary: 用語集の閲覧
  permission_manage_glossary: 用語集の管理
--- a/init.rb
+++ b/init.rb
@ -8,7 +8,16 @@ Redmine::Plugin.register :redmine_glossary do
  project_module :glossary do
-    permission :all_glossary, glossary_terms: :index
+    permission :view_glossary, {
                 glossary_terms: [:index, :show],
                 glossary_categories: [:index, :show]
               }
    permission :manage_glossary, {
                 glossary_terms: [:new, :create, :edit, :update, :destroy],
                 glossary_categories: [:new, :create, :edit, :update, :destroy],
               },
               require: :member
  end
  menu :project_menu, :glossary,