From bf2b03bb96744674efa452b4cb4349c0446c261e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Gaya?= <sebastien.gaya@gmail.com>
Date: Thu, 20 Oct 2022 11:52:37 +0200
Subject: [PATCH] ensure extranet access
---
app/controllers/extranet/academic_years_controller.rb | 5 +----
app/controllers/extranet/application_controller.rb | 8 ++++++++
app/controllers/extranet/cohorts_controller.rb | 5 +----
app/controllers/extranet/experiences_controller.rb | 9 +++++----
app/controllers/extranet/organizations_controller.rb | 5 +----
app/controllers/extranet/persons_controller.rb | 5 +----
db/schema.rb | 2 +-
7 files changed, 18 insertions(+), 21 deletions(-)
diff --git a/app/controllers/extranet/academic_years_controller.rb b/app/controllers/extranet/academic_years_controller.rb
index 8fe001a2b..27e47ab98 100644
--- a/app/controllers/extranet/academic_years_controller.rb
+++ b/app/controllers/extranet/academic_years_controller.rb
@@ -1,8 +1,4 @@
class Extranet::AcademicYearsController < Extranet::ApplicationController
- load_and_authorize_resource class: Education::AcademicYear,
- through: :about,
- through_association: :education_academic_years
-
def index
@academic_years = about&.education_academic_years
.ordered
@@ -13,6 +9,7 @@ class Extranet::AcademicYearsController < Extranet::ApplicationController
end
def show
+ @academic_year = about.education_academic_years.find(params[:id])
@cohorts = @academic_year.cohorts_in_context(current_context.about)
@alumni = @academic_year.alumni_in_context(current_context.about)
breadcrumb
diff --git a/app/controllers/extranet/application_controller.rb b/app/controllers/extranet/application_controller.rb
index 493ed64fb..ae11faacb 100644
--- a/app/controllers/extranet/application_controller.rb
+++ b/app/controllers/extranet/application_controller.rb
@@ -1,6 +1,8 @@
class Extranet::ApplicationController < ApplicationController
layout 'extranet/layouts/application'
+ before_action :authorize_extranet_access!
+
def breadcrumb
add_breadcrumb t('home'), root_path
end
@@ -8,4 +10,10 @@ class Extranet::ApplicationController < ApplicationController
def about
current_extranet.about || current_university
end
+
+ private
+
+ def authorize_extranet_access!
+ raise CanCan::AccessDenied if current_user.visitor? && about.alumni.find_by(id: current_user.person&.id).nil?
+ end
end
diff --git a/app/controllers/extranet/cohorts_controller.rb b/app/controllers/extranet/cohorts_controller.rb
index b249e48a3..f4174abc4 100644
--- a/app/controllers/extranet/cohorts_controller.rb
+++ b/app/controllers/extranet/cohorts_controller.rb
@@ -1,8 +1,4 @@
class Extranet::CohortsController < Extranet::ApplicationController
- load_and_authorize_resource class: Education::Cohort,
- through: :about,
- through_association: :education_cohorts
-
def index
@facets = Education::Cohort::Facets.new params[:facets], {
model: about.education_cohorts,
@@ -17,6 +13,7 @@ class Extranet::CohortsController < Extranet::ApplicationController
end
def show
+ @cohort = about.education_cohorts.find(params[:id])
breadcrumb
end
diff --git a/app/controllers/extranet/experiences_controller.rb b/app/controllers/extranet/experiences_controller.rb
index 72a2538af..e7c16fae0 100644
--- a/app/controllers/extranet/experiences_controller.rb
+++ b/app/controllers/extranet/experiences_controller.rb
@@ -1,16 +1,16 @@
class Extranet::ExperiencesController < Extranet::ApplicationController
- load_and_authorize_resource class: University::Person::Experience,
- through: :current_user,
- through_association: :experiences
def new
+ @experience = current_user.experiences.new
breadcrumb
end
-
+
def edit
+ @experience = current_user.experiences.find(params[:id])
breadcrumb
end
def create
+ @experience = current_user.experiences.new(experience_params)
@experience.university = current_university
if @experience.save
redirect_to account_path, notice: 'Ok'
@@ -21,6 +21,7 @@ class Extranet::ExperiencesController < Extranet::ApplicationController
end
def update
+ @experience = current_user.experiences.find(params[:id])
if @experience.update experience_params
redirect_to account_path, notice: 'Ok'
else
diff --git a/app/controllers/extranet/organizations_controller.rb b/app/controllers/extranet/organizations_controller.rb
index ec718d441..0d0f30d64 100644
--- a/app/controllers/extranet/organizations_controller.rb
+++ b/app/controllers/extranet/organizations_controller.rb
@@ -1,8 +1,4 @@
class Extranet::OrganizationsController < Extranet::ApplicationController
- load_and_authorize_resource class: University::Organization,
- through: :about,
- through_association: :university_person_alumni_organizations
-
def index
@facets = University::Organization::Facets.new params[:facets], {
model: about&.university_person_alumni_organizations,
@@ -17,6 +13,7 @@ class Extranet::OrganizationsController < Extranet::ApplicationController
end
def show
+ @organization = about.university_person_alumni_organizations.find(params[:id])
breadcrumb
end
diff --git a/app/controllers/extranet/persons_controller.rb b/app/controllers/extranet/persons_controller.rb
index b94f7ad99..73df7551c 100644
--- a/app/controllers/extranet/persons_controller.rb
+++ b/app/controllers/extranet/persons_controller.rb
@@ -1,8 +1,4 @@
class Extranet::PersonsController < Extranet::ApplicationController
- load_and_authorize_resource class: University::Person::Alumnus,
- through: :about,
- through_association: :university_person_alumni
-
def index
@facets = University::Person::Alumnus::Facets.new params[:facets], {
model: about&.university_person_alumni,
@@ -17,6 +13,7 @@ class Extranet::PersonsController < Extranet::ApplicationController
end
def show
+ @person = about.university_person_alumni.find(params[:id])
breadcrumb
end
diff --git a/db/schema.rb b/db/schema.rb
index 5876144fc..e38bdcdde 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -44,7 +44,7 @@ ActiveRecord::Schema.define(version: 2022_10_17_142108) do
t.text "metadata"
t.string "service_name", null: false
t.bigint "byte_size", null: false
- t.string "checksum", null: false
+ t.string "checksum"
t.datetime "created_at", null: false
t.uuid "university_id"
t.index ["key"], name: "index_active_storage_blobs_on_key", unique: true
--
GitLab