diff --git a/app/assets/javascripts/admin/commons/association.js b/app/assets/javascripts/admin/commons/association.js
index b4a0fcd5ef60ab17826587d0d644a773cf68ff86..e93455cbbb97d83a390c2ceac4d2eef0bae9e7ed 100644
--- a/app/assets/javascripts/admin/commons/association.js
+++ b/app/assets/javascripts/admin/commons/association.js
@@ -10,8 +10,8 @@ $(function () {
type: 'POST',
url: target,
data: {
- objectId: id,
- objectType: type
+ 'object_id': id,
+ 'object_type': type
}
}).done(function () {
location.reload();
diff --git a/app/controllers/admin/application_controller.rb b/app/controllers/admin/application_controller.rb
index 5a98ff54f8810af2844520e7a79ce801542235b5..3861751d2ba2c5ac4361da43c00e1cc7be95d286 100644
--- a/app/controllers/admin/application_controller.rb
+++ b/app/controllers/admin/application_controller.rb
@@ -38,6 +38,10 @@ class Admin::ApplicationController < ApplicationController
# If the block doesn't exist anymore
end
+ def model_names_with_blocks
+ @model_names_with_blocks ||= ApplicationRecord.descendants.select { |model| model.included_modules.include?(WithBlocks) }.map(&:name)
+ end
+
private
def redirect_if_context_is_not_an_university!
diff --git a/app/controllers/admin/communication/blocks/headings_controller.rb b/app/controllers/admin/communication/blocks/headings_controller.rb
index 53e597801d721d002943bb1879034058a51121e6..11114a04cb2a80ddb501800ff3864799a65c3c5d 100644
--- a/app/controllers/admin/communication/blocks/headings_controller.rb
+++ b/app/controllers/admin/communication/blocks/headings_controller.rb
@@ -20,7 +20,7 @@ class Admin::Communication::Blocks::HeadingsController < Admin::Communication::B
end
def new
- @heading.about = PolymorphicObjectFinder.find params, :about
+ @heading.about = PolymorphicObjectFinder.find(params, :about, current_university, whitelist: model_names_with_blocks)
breadcrumb
end
diff --git a/app/controllers/admin/communication/blocks_controller.rb b/app/controllers/admin/communication/blocks_controller.rb
index 4baa5141c4484bb4f4cf9ba13cd4047d7201d7cb..e2b24df083d2dc55c4fd666d256b7cbeec79f969 100644
--- a/app/controllers/admin/communication/blocks_controller.rb
+++ b/app/controllers/admin/communication/blocks_controller.rb
@@ -18,7 +18,7 @@ class Admin::Communication::BlocksController < Admin::Communication::Application
end
def new
- @block.about = PolymorphicObjectFinder.find params, :about
+ @block.about = PolymorphicObjectFinder.find(params, :about, current_university, whitelist: model_names_with_blocks)
breadcrumb
end
@@ -61,12 +61,12 @@ class Admin::Communication::BlocksController < Admin::Communication::Application
return unless request.xhr?
cookies.signed[Communication::Block::BLOCK_COPY_COOKIE] = {
value: params[:id],
- path: '/admin'
+ path: '/admin'
}
end
def paste
- about = PolymorphicObjectFinder.find(params, :about)
+ about = PolymorphicObjectFinder.find(params, :about, current_university, whitelist: model_names_with_blocks)
# On réattribue à @block pour bénéficier du calcul dans about_path
@block = @block.paste(about)
cookies.delete(Communication::Block::BLOCK_COPY_COOKIE, path: '/admin')
diff --git a/app/controllers/admin/communication/contents_controller.rb b/app/controllers/admin/communication/contents_controller.rb
index ff344cda5f4cd5c317525ee6fe728c11f649decb..bdd741ef2a1fde38f39564fe3bcc4ce168f4ef29 100644
--- a/app/controllers/admin/communication/contents_controller.rb
+++ b/app/controllers/admin/communication/contents_controller.rb
@@ -13,7 +13,7 @@ class Admin::Communication::ContentsController < Admin::Communication::Applicati
protected
def load_about
- @about = PolymorphicObjectFinder.find(params, :about)
+ @about = PolymorphicObjectFinder.find(params, :about, current_university, whitelist: model_names_with_blocks)
raise_403_unless @about.university == current_university
raise_403_unless can?(:edit, @about)
end
diff --git a/app/controllers/admin/communication/extranets/contacts_controller.rb b/app/controllers/admin/communication/extranets/contacts_controller.rb
index 6283e05b3c111c225d3b8c241221eee617bdec51..417447132da5968bbc89b8468ccd42c57a494d3b 100644
--- a/app/controllers/admin/communication/extranets/contacts_controller.rb
+++ b/app/controllers/admin/communication/extranets/contacts_controller.rb
@@ -53,8 +53,6 @@ class Admin::Communication::Extranets::ContactsController < Admin::Communication
protected
def load_object
- object_type = params[:objectType]
- object_id = params[:objectId]
- @object = object_type.constantize.find object_id
+ @object = PolymorphicObjectFinder.find(params, :object, current_university, whitelist: Communication::Extranet::Connection.connectable_model_names)
end
end
diff --git a/app/controllers/admin/communication/websites/pages_controller.rb b/app/controllers/admin/communication/websites/pages_controller.rb
index f788465d0e79b9c662e1cfc2d37bb8872588ab81..aae55ee3aae02420ec2bd0c26de09bf310277887 100644
--- a/app/controllers/admin/communication/websites/pages_controller.rb
+++ b/app/controllers/admin/communication/websites/pages_controller.rb
@@ -134,9 +134,7 @@ class Admin::Communication::Websites::PagesController < Admin::Communication::We
protected
def load_object
- object_type = params[:objectType]
- object_id = params[:objectId]
- @object = object_type.constantize.find object_id
+ @object = PolymorphicObjectFinder.find(params, :object, current_university, whitelist: @page.connectable_model_names)
end
def breadcrumb
diff --git a/app/controllers/admin/communication/websites/permalinks_controller.rb b/app/controllers/admin/communication/websites/permalinks_controller.rb
index 49a39f0c4d723c22af3f1e60a082819609f8b9ce..28aec9d209a7509dc7b37da118cfafdb9bfed4d8 100644
--- a/app/controllers/admin/communication/websites/permalinks_controller.rb
+++ b/app/controllers/admin/communication/websites/permalinks_controller.rb
@@ -2,7 +2,8 @@ class Admin::Communication::Websites::PermalinksController < Admin::Communicatio
def create
@path = params['communication_website_permalink']['path']
- @about = PolymorphicObjectFinder.find(params, :about)
+ model_names_with_permalinks = ApplicationRecord.descendants.select { |model| model.included_modules.include?(WithPermalink) }.map(&:name)
+ @about = PolymorphicObjectFinder.find(params, :about, current_university, whitelist: model_names_with_permalinks)
@permalink = @about.add_redirection(@path)
end
end
\ No newline at end of file
diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb
index 122be9729080707ea6d0024449d06e01e7e66d6e..3968a1e2a3c97426bcdf880ddef56e24fff24dbf 100644
--- a/app/controllers/admin/users_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@@ -21,9 +21,8 @@ class Admin::UsersController < Admin::ApplicationController
def favorite
operation = params[:operation]
- id = params[:about_id]
- type = params[:about_type]
- about = type.constantize.find id
+ favoritable_model_names = ApplicationRecord.descendants.select { |model| model.included_modules.include?(Favoritable) }.map(&:name)
+ about = PolymorphicObjectFinder.find(params, :about, current_university, whitelist: favoritable_model_names)
if operation == 'add'
current_user.add_favorite(about)
else
diff --git a/app/models/communication/extranet/connection.rb b/app/models/communication/extranet/connection.rb
index 30cc10e73c1a9daca0b247b86939f03094c171fc..9d06bb3c97085f90dcae309cea8d9dd6e6b33612 100644
--- a/app/models/communication/extranet/connection.rb
+++ b/app/models/communication/extranet/connection.rb
@@ -25,4 +25,8 @@ class Communication::Extranet::Connection < ApplicationRecord
belongs_to :university
belongs_to :extranet, class_name: 'Communication::Extranet'
belongs_to :object, polymorphic: true
+
+ def self.connectable_model_names
+ ["University::Organization", "University::Person"]
+ end
end
diff --git a/app/models/communication/website/page.rb b/app/models/communication/website/page.rb
index 6ddca2a2d837f8c13e0f96d7c7052b5d184a7569..82c736ab20a36c1bff95ff1cdee7e4de3470ba36 100644
--- a/app/models/communication/website/page.rb
+++ b/app/models/communication/website/page.rb
@@ -142,6 +142,10 @@ class Communication::Website::Page < ApplicationRecord
.where.not(id: id)
end
+ def connectable_model_names
+ []
+ end
+
protected
def check_accessibility
diff --git a/app/models/communication/website/page/organization.rb b/app/models/communication/website/page/organization.rb
index b17a2c96df03ca8f4819200d84a799838bdfbaef..3b9249339125bde885868687e942f0f2340b09fe 100644
--- a/app/models/communication/website/page/organization.rb
+++ b/app/models/communication/website/page/organization.rb
@@ -57,6 +57,10 @@ class Communication::Website::Page::Organization < Communication::Website::Page
University::Organization.where(id: ids)
end
+ def connectable_model_names
+ ["University::Organization"]
+ end
+
protected
def current_git_path
diff --git a/app/models/communication/website/page/person.rb b/app/models/communication/website/page/person.rb
index 4c11cd187e8f3ffe3983031d02bd4906cf685d39..431a660a3588de37800e7f150254f139f96e7d78 100644
--- a/app/models/communication/website/page/person.rb
+++ b/app/models/communication/website/page/person.rb
@@ -56,6 +56,10 @@ class Communication::Website::Page::Person < Communication::Website::Page
University::Person.where(id: ids)
end
+ def connectable_model_names
+ ["University::Person"]
+ end
+
protected
def current_git_path
diff --git a/app/services/polymorphic_object_finder.rb b/app/services/polymorphic_object_finder.rb
index 47bf78dcc2dc60a45d67211efcac6dc71819e2ff..763cba5a16a898ae170431f0b33d2dbda155c9d6 100644
--- a/app/services/polymorphic_object_finder.rb
+++ b/app/services/polymorphic_object_finder.rb
@@ -1,12 +1,14 @@
class PolymorphicObjectFinder
- # @block.about = Polymorphic.find params, :about
+ # @block.about = Polymorphic.find params, :about, current_university, whitelist: ["Communication::Website::Page"]
# Rails uses ActiveRecord::Inheritance#polymorphic_name to hydrate the about_type.
# Example: A Block for a Communication::Website::Page::Home will have about_type = "Communication::Website::Page"
- def self.find(params, key)
+ def self.find(params, key, university, whitelist: [])
key_id = "#{key}_id".to_sym
key_type = "#{key}_type".to_sym
- klass = params[key_type].constantize
+ model_name = whitelist.detect { |item| item == params[key_type] }
+ return unless model_name.nil?
+ model = model.constantize
id = params[key_id]
- klass.find id
+ model.where(university: university).find(id)
end
end
\ No newline at end of file
diff --git a/app/views/admin/communication/extranets/contacts/_toggle.html.erb b/app/views/admin/communication/extranets/contacts/_toggle.html.erb
index 0d8b6960ef6d6fa5bfe9e930931f478a6d3e5b10..23b704726f1696b33b212dc16db5583359bf4e11 100644
--- a/app/views/admin/communication/extranets/contacts/_toggle.html.erb
+++ b/app/views/admin/communication/extranets/contacts/_toggle.html.erb
@@ -2,8 +2,8 @@
connected = @extranet.connected?(about)
path = toggle_admin_communication_extranet_contacts_path(
extranet_id: @extranet.id,
- objectId: about.id,
- objectType: about.class,
+ object_id: about.id,
+ object_type: about.class,
)
%>
<input class="form-check-input"
diff --git a/app/views/admin/communication/websites/pages/show/special_pages/_organization.html.erb b/app/views/admin/communication/websites/pages/show/special_pages/_organization.html.erb
index 9292423bb3dd199addde2162b44dfc65b95c9e72..232e8ca990df86ef916cc18f3574779d5502ae94 100644
--- a/app/views/admin/communication/websites/pages/show/special_pages/_organization.html.erb
+++ b/app/views/admin/communication/websites/pages/show/special_pages/_organization.html.erb
@@ -22,7 +22,7 @@
<tr>
<td><%= link_to organization, [:admin, organization] %></td>
<td><%= link_to 'Déconnecter',
- disconnect_admin_communication_website_page_path(@page, objectId: organization.id, objectType: organization.class),
+ disconnect_admin_communication_website_page_path(@page, object_id: organization.id, object_type: organization.class),
class: button_classes_danger,
method: :post %></td>
</tr>
diff --git a/app/views/admin/communication/websites/pages/show/special_pages/_person.html.erb b/app/views/admin/communication/websites/pages/show/special_pages/_person.html.erb
index 0c263addfee0e9a659edc838c79bb93bed010ee7..babffb39e1f03431d2e7e2131891f3d9ad331dfd 100644
--- a/app/views/admin/communication/websites/pages/show/special_pages/_person.html.erb
+++ b/app/views/admin/communication/websites/pages/show/special_pages/_person.html.erb
@@ -22,7 +22,7 @@
<tr>
<td><%= link_to person, [:admin, person] %></td>
<td><%= link_to 'Déconnecter',
- disconnect_admin_communication_website_page_path(@page, objectId: person.id, objectType: person.class),
+ disconnect_admin_communication_website_page_path(@page, object_id: person.id, object_type: person.class),
class: button_classes_danger,
method: :post %></td>
</tr>