summaryrefslogtreecommitdiff
path: root/app/controllers/issues_controller.rb
diff options
context:
space:
mode:
authorDmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>2011-12-15 23:57:46 +0200
committerDmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>2011-12-15 23:57:46 +0200
commitccc9bed89365fd4a13253d2491ab45345f04a5c3 (patch)
tree04385f317c24afb920c61135ee54e616cf98343a /app/controllers/issues_controller.rb
parent7a9fc480809ce50fd34456ae22100ffbe2bbb776 (diff)
downloadgitlab-ce-ccc9bed89365fd4a13253d2491ab45345f04a5c3.tar.gz
Abilities refactoring
Diffstat (limited to 'app/controllers/issues_controller.rb')
-rw-r--r--app/controllers/issues_controller.rb21
1 files changed, 20 insertions, 1 deletions
diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb
index daaf8fa2f19..9bf22d8cddc 100644
--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@@ -6,8 +6,18 @@ class IssuesController < ApplicationController
# Authorize
before_filter :add_project_abilities
+
+ # Allow read any issue
before_filter :authorize_read_issue!
- before_filter :authorize_write_issue!, :only => [:new, :create, :close, :edit, :update, :sort]
+
+ # Allow write(create) issue
+ before_filter :authorize_write_issue!, :only => [:new, :create]
+
+ # Allow modify issue
+ before_filter :authorize_modify_issue!, :only => [:close, :edit, :update, :sort]
+
+ # Allow destroy issue
+ before_filter :authorize_admin_issue!, :only => [:destroy]
respond_to :js, :html
@@ -115,4 +125,13 @@ class IssuesController < ApplicationController
def issue
@issue ||= @project.issues.find(params[:id])
end
+
+ def authorize_modify_issue!
+ can?(current_user, :modify_issue, @issue) ||
+ @issue.assignee == current_user
+ end
+
+ def authorize_admin_issue!
+ can?(current_user, :admin_issue, @issue)
+ end
end
View Lorry Controller Status