diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 56dff68..a21e331 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -68,7 +68,8 @@ end def authenticate_admin! - redirect_to root_path unless user_signed_in? && current_user.is_admin? + # currently if admin has any super-admin task, they can view the super-admin + redirect_to root_path unless user_signed_in? && (current_user.can_add_orgs? || current_user.can_change_org? || current_user.is_admin?) end def get_plan_list_columns diff --git a/app/controllers/token_permission_types_controller.rb b/app/controllers/token_permission_types_controller.rb index bdb6b58..d4b7470 100644 --- a/app/controllers/token_permission_types_controller.rb +++ b/app/controllers/token_permission_types_controller.rb @@ -2,14 +2,12 @@ def index - if user_signed_in? && current_user.organisation.token_permission_types.count > 0 - @user = current_user - respond_to do |format| - format.html - end - else - render(file: File.join(Rails.root, 'public/403.html'),status: 403, layout: false) - end + logger.debug "#{current_user}" + authorize TokenPermissionType.first + @user = current_user + respond_to do |format| + format.html + end end end \ No newline at end of file diff --git a/app/models/user.rb b/app/models/user.rb index 099e682..eb7fa00 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -177,7 +177,7 @@ # # @return [Boolean] true if the user can add new organisations def can_add_orgs? - add_orgs = roles.find_by(name: constant("add_organisations")) + add_orgs = roles.find_by(name: constant("user_role_types.add_organisations")) return !add_orgs.nil? end @@ -186,7 +186,7 @@ # # @return [Boolean] true if the user can change their organisation affiliations def can_change_org? - change_org = roles.find_by(name: constant("change_org_affiliation")) + change_org = roles.find_by(name: constant("user_role_types.change_org_affiliation")) return !change_org.nil? end @@ -195,7 +195,7 @@ # # @return [Boolean] true if the user can grant their permissions to others def can_grant_permissions? - grant_perms = roles.find_by(name: constant("grant_permissions")) + grant_perms = roles.find_by(name: constant("user_role_types.grant_permissions")) return !grant_perms.nil? end @@ -204,7 +204,7 @@ # # @return [Boolean] true if the user can modify organisation templates def can_modify_templates? - modify_temp = roles.find_by(name: constant("modify_templates")) + modify_temp = roles.find_by(name: constant("user_role_types.modify_templates")) return !modify_temp.nil? end @@ -213,7 +213,7 @@ # # @return [Boolean] true if the user can modify organistion guidance def can_modify_guidance? - modify_guidance = roles.find_by(name: constant("modify_guidance")) + modify_guidance = roles.find_by(name: constant("user_role_types.modify_guidance")) return !modify_guidance.nil? end @@ -222,7 +222,7 @@ # # @return [Boolean] true if the user can use the api def can_use_api? - use_api = roles.find_by(name: constant("use_api")) + use_api = roles.find_by(name: constant("user_role_types.use_api")) return !use_api.nil? end diff --git a/app/policies/token_permission_type_policy.rb b/app/policies/token_permission_type_policy.rb new file mode 100644 index 0000000..a8767c9 --- /dev/null +++ b/app/policies/token_permission_type_policy.rb @@ -0,0 +1,14 @@ +class TokenPermissionTypePolicy + attr_reader :user, :token_permission_type + + def initialize(user, token_permission_type) + @user = user + @token_permission_type = token_permission_type + end + + def index? + user.can_use_api? && (user.organisation.token_permission_types.count > 0) + end + + +end \ No newline at end of file