From ccc9bed89365fd4a13253d2491ab45345f04a5c3 Mon Sep 17 00:00:00 2001
From: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Date: Thu, 15 Dec 2011 23:57:46 +0200
Subject: Abilities refactoring

---
 app/controllers/snippets_controller.rb | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

(limited to 'app/controllers/snippets_controller.rb')

diff --git a/app/controllers/snippets_controller.rb b/app/controllers/snippets_controller.rb
index 54ad6019f75..45b3f529c4c 100644
--- a/app/controllers/snippets_controller.rb
+++ b/app/controllers/snippets_controller.rb
@@ -5,8 +5,18 @@ class SnippetsController < ApplicationController
 
   # Authorize
   before_filter :add_project_abilities
+
+  # Allow read any snippet
   before_filter :authorize_read_snippet!
-  before_filter :authorize_write_snippet!, :only => [:new, :create, :close, :edit, :update, :sort]
+
+  # Allow write(create) snippet
+  before_filter :authorize_write_snippet!, :only => [:new, :create]
+
+  # Allow modify snippet
+  before_filter :authorize_modify_snippet!, :only => [:edit, :update]
+
+  # Allow destroy snippet
+  before_filter :authorize_admin_snippet!, :only => [:destroy]
 
   respond_to :html
 
@@ -60,4 +70,14 @@ class SnippetsController < ApplicationController
 
     redirect_to project_snippets_path(@project)
   end
+
+  protected
+
+  def authorize_modify_snippet!
+    can?(current_user, :modify_snippet, @snippet)
+  end
+
+  def authorize_admin_snippet!
+    can?(current_user, :admin_snippet, @snippet)
+  end
 end
-- 
cgit v1.2.1