[phase-8]introduced security and authorization

2018-05-20 22:19:01 +09:00 · 2018-05-20 22:19:01 +09:00 · 3f7c9b0b12
commit 3f7c9b0b12
parent 100ef15246
8 changed files with 45 additions and 14 deletions
--- a/app/views/glossary_categories/index.html.erb
+++ b/app/views/glossary_categories/index.html.erb
@ -1,7 +1,9 @@
 <h2><%=l :label_glossary_categories %></h2>

 <div class="contextual">
-  <%= link_to l(:label_glossary_category_new), new_project_glossary_category_path, class: 'icon icon-add' %>
+  <%= link_to_if_authorized l(:label_glossary_category_new),
+  { controller: :glossary_categories, action: :new, project_id: @project },
+  class: 'icon icon-add' %>
 </div>

 <%= render partial: 'glossary_terms/sidebar' %>
--- a/app/views/glossary_categories/show.html.erb
+++ b/app/views/glossary_categories/show.html.erb
@ -1,7 +1,11 @@
 <div class="contextual">
-  <%= link_to l(:button_edit), edit_project_glossary_category_path, class: 'icon icon-edit' %>
-  <%= link_to l(:button_delete), project_glossary_category_path, method: :delete,
-  data: {confirm: l(:text_are_you_sure)}, class: 'icon icon-del' %>
+  <%= link_to_if_authorized l(:button_edit),
+  { controller: :glossary_categories, action: :edit, project_id: @project },
+  class: 'icon icon-edit' %>
+  <%= link_to_if_authorized l(:button_delete),
+  { controller: :glossary_categories, action: :destroy,
+    id: @category, project_id: @project },
+    method: :delete, data: {confirm: l(:text_are_you_sure)}, class: 'icon icon-del' %>
 </div>

 <%= render partial: 'glossary_terms/sidebar' %>
--- a/app/views/glossary_terms/_sidebar.html.erb
+++ b/app/views/glossary_terms/_sidebar.html.erb
@ -2,12 +2,15 @@
  <h3><%=l :label_view %></h3>

  <h3><%=l :label_glossary_term %></h3>
-  <p><%= link_to l(:label_glossary_term_new), new_project_glossary_term_path,
+  <p><%= link_to_if_authorized l(:label_glossary_term_new),
+     { controller: :glossary_terms, action: :new, project_id: @project },
     class: 'icon icon-add' %></p>

  <h3><%=l :label_glossary_category %></h3>
-  <p><%= link_to l(:label_glossary_category_new),
-     new_project_glossary_category_path, class: 'icon icon-add' %></p>
+  <p><%= link_to_if_authorized l(:label_glossary_category_new),
+     { controller: :glossary_categories, action: :new, project_id: @project},
+     class: 'icon icon-add' %></p>
+  
  <p><%= link_to l(:label_glossary_categories),
     project_glossary_categories_path %></p>

--- a/app/views/glossary_terms/index.html.erb
+++ b/app/views/glossary_terms/index.html.erb
@ -1,7 +1,9 @@
 <h2><%=l :label_glossary_terms %></h2>

 <div class="contextual">
-  <%= link_to l(:label_glossary_term_new), new_project_glossary_term_path, class: 'icon icon-add' %>
+  <%= link_to_if_authorized l(:label_glossary_term_new),
+  { controller: :glossary_terms, action: :new, project_id: @project },
+  class: 'icon icon-add' %>
 </div>

 <%= render partial: 'sidebar' %>
--- a/app/views/glossary_terms/show.html.erb
+++ b/app/views/glossary_terms/show.html.erb
@ -1,7 +1,11 @@
 <div class="contextual">
-  <%= link_to l(:button_edit), edit_project_glossary_term_path, class: 'icon icon-edit' %>
-  <%= link_to l(:button_delete), project_glossary_term_path, method: :delete,
-  data: {confirm: l(:text_are_you_sure)}, class: 'icon icon-del' %>
+  <%= link_to_if_authorized l(:button_edit),
+  { controller: :glossary_terms, action: :edit, project_id: @project },
+  class: 'icon icon-edit' %>
+  <%= link_to_if_authorized l(:button_delete),
+  { controller: :glossary_terms, action: :destroy,
+    id: @term, project_id: @project },
+    method: :delete, data: {confirm: l(:text_are_you_sure)}, class: 'icon icon-del' %>
 </div>

 <%= render partial: 'sidebar' %>
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -8,6 +8,7 @@ en:
  label_glossary_category_new: "New glossary category"

  glossary_title: Glossary
+  project_module_glossary: Glossary

  label_view: View
  label_glossary_index: index
@ -19,3 +20,5 @@ en:
      S T U V W X
      Y Z

+  permission_view_glossary: View glossary
+  permission_manage_glossary: Manage glossary
--- a/config/locales/ja.yml
+++ b/config/locales/ja.yml
@ -5,8 +5,12 @@ ja:
  label_glossary_categories: "用語のカテゴリ一覧"
  label_glossary_category: "用語のカテゴリ"
  label_glossary_category_new: "カテゴリの作成"
+
  glossary_title: 用語集
+  project_module_glossary: 用語集

  label_view: 表示
  label_glossary_index:	索引

+  permission_view_glossary: 用語集の閲覧
+  permission_manage_glossary: 用語集の管理
--- a/init.rb
+++ b/init.rb
@ -8,7 +8,16 @@ Redmine::Plugin.register :redmine_glossary do


  project_module :glossary do
-    permission :all_glossary, glossary_terms: :index
+    permission :view_glossary, {
+                 glossary_terms: [:index, :show],
+                 glossary_categories: [:index, :show]
+               }
+    permission :manage_glossary, {
+                 glossary_terms: [:new, :create, :edit, :update, :destroy],
+                 glossary_categories: [:new, :create, :edit, :update, :destroy],
+               },
+               require: :member
+
  end

  menu :project_menu, :glossary,