rooty/fab-manager
1
0
Fork 0
mirror of https://github.com/LaCasemate/fab-manager.git synced 2025-01-29 18:52:22 +01:00
Code Issues Releases Activity

basic access to members management for managers

Browse Source
This commit is contained in:
Sylvain 2020-04-27 17:48:13 +02:00
parent 8c610ea336
commit 102709246f
6 changed files with 25 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/controllers/api/members_controller.rb
View File

@ -222,7 +222,7 @@ class API::MembersController < API::ApiController
], ],
statistic_profile_attributes: %i[id gender birthday]) statistic_profile_attributes: %i[id gender birthday])
elsif current_user.admin? elsif current_user.admin? || current_user.manager?
params.require(:user).permit(:username, :email, :password, :password_confirmation, :is_allow_contact, :is_allow_newsletter, :group_id, params.require(:user).permit(:username, :email, :password, :password_confirmation, :is_allow_contact, :is_allow_newsletter, :group_id,
tag_ids: [], tag_ids: [],
profile_attributes: [:id, :first_name, :last_name, :phone, :interest, :software_mastered, :website, :job, profile_attributes: [:id, :first_name, :last_name, :phone, :interest, :software_mastered, :website, :job,

4
app/controllers/api/users_controller.rb
View File

@ -6,7 +6,9 @@ class API::UsersController < API::ApiController
before_action :set_user, only: %i[destroy] before_action :set_user, only: %i[destroy]
def index def index
if current_user.admin? && %w[partner manager].include?(params[:role]) authorize User
if %w[partner manager].include?(params[:role])
@users = User.with_role(params[:role].to_sym).includes(:profile) @users = User.with_role(params[:role].to_sym).includes(:profile)
else else
head 403 head 403

2
app/policies/admin_policy.rb
View File

@ -1,6 +1,6 @@
class AdminPolicy < ApplicationPolicy class AdminPolicy < ApplicationPolicy
def index? def index?
user.admin? user.admin? || user.manager?
end end
def create? def create?

6
app/policies/availability_policy.rb
View File

@ -2,9 +2,13 @@
# Check the access policies for API::AvailabilitiesController # Check the access policies for API::AvailabilitiesController
class AvailabilityPolicy < ApplicationPolicy class AvailabilityPolicy < ApplicationPolicy
%w[index? show? create? update? destroy? reservations? export? lock?].each do |action| %w[index? show? create? update? destroy? reservations? lock?].each do |action|
define_method action do define_method action do
user.admin? || user.manager? user.admin? || user.manager?
end end
end end
def export?
user.admin?
end
end end

18
app/policies/user_policy.rb
View File

@ -16,26 +16,30 @@ class UserPolicy < ApplicationPolicy
end end
def show? def show?
user.admin? || (record.is_allow_contact && record.member?) || (user.id == record.id) user.admin? || user.manager? || (record.is_allow_contact && record.member?) || (user.id == record.id)
end end
def update? def update?
user.admin? || (user.id == record.id) user.admin? || user.manager? || (user.id == record.id)
end end
def destroy? def destroy?
user.admin? || (user.id == record.id) user.admin? || (user.id == record.id)
end end
def merge? %w[merge complete_tour].each do |action|
user.id == record.id define_method "#{action}?" do
user.id == record.id
end
end end
def complete_tour? %w[list index].each do |action|
user.id == record.id define_method "#{action}?" do
user.admin? || user.manager?
end
end end
%w[list create mapping].each do |action| %w[create mapping].each do |action|
define_method "#{action}?" do define_method "#{action}?" do
user.admin? user.admin?
end end

10
app/policies/wallet_policy.rb
View File

@ -2,12 +2,10 @@
# Check the access policies for API::WalletController # Check the access policies for API::WalletController
class WalletPolicy < ApplicationPolicy class WalletPolicy < ApplicationPolicy
def by_user? %w[by_user transactions].each do |action|
user.admin? || user.manager? || user == record.user define_method "#{action}?" do
end user.admin? || user.manager? || user == record.user
end
def transactions?
user.admin? || user == record.user
end end
def credit? def credit?