diff --git a/Gemfile.lock b/Gemfile.lock index 29d2181..f28c04c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -226,6 +226,8 @@ pundit (1.1.0) activesupport (>= 3.0.0) rack (1.6.4) + rack-mini-profiler (0.10.1) + rack (>= 1.2.0) rack-test (0.6.3) rack (>= 1.0) rails (4.2.0) @@ -360,6 +362,7 @@ omniauth-shibboleth protected_attributes pundit + rack-mini-profiler rack-test rails (= 4.2.0) rails-observers diff --git a/app/controllers/organisations_controller.rb b/app/controllers/organisations_controller.rb index 93fbfe6..f8a0c1c 100644 --- a/app/controllers/organisations_controller.rb +++ b/app/controllers/organisations_controller.rb @@ -1,100 +1,48 @@ class OrganisationsController < ApplicationController - #after_action :verify_authorized - - # GET /organisations - # GET /organisations.json - def index - #authorize Organisation - @organisations = Organisation.all - - respond_to do |format| - format.html # index.html.erb - format.json { render json: @organisations } - end - end - - # GET /organisations/new - # GET /organisations/new.json - def new - @organisation = Organisation.new - #authorize @organisation - - respond_to do |format| - format.html # new.html.erb - format.json { render json: @organisation } - end - end - - # POST /organisations - # POST /organisations.json - def create - @organisation = Organisation.new(params[:organisation]) - - respond_to do |format| - if @organisation.save - format.html { redirect_to @organisation, notice: I18n.t("admin.org_created_message") } - format.json { render json: @organisation, status: :created, location: @organisation } - else - format.html { render action: "new" } - format.json { render json: @organisation.errors, status: :unprocessable_entity } - end - end - end - + after_action :verify_authorized # GET /organisations/1 - # GET /organisations/1.json def admin_show @organisation = Organisation.find(params[:id]) authorize @organisation respond_to do |format| format.html # show.html.erb - format.json { render json: @organisation } end end # GET /organisations/1/edit def admin_edit - @organisation = authorize Organisation.find(params[:id]) + @organisation = Organisation.find(params[:id]) + authorize @organisation end # PUT /organisations/1 - # PUT /organisations/1.json def admin_update - @organisation = authorize Organisation.find(params[:id]) + @organisation = Organisation.find(params[:id]) + authorize @organisation @organisation.banner_text = params["org_banner_text"] respond_to do |format| if @organisation.update_attributes(params[:organisation]) format.html { redirect_to admin_show_organisation_path(params[:id]), notice: I18n.t("admin.org_updated_message") } - format.json { head :no_content } else format.html { render action: "edit" } - format.json { render json: @organisation.errors, status: :unprocessable_entity } end end end - # DELETE /organisations/1 - # DELETE /organisations/1.json - def destroy - @organisation = Organisation.find(params[:id]) - @organisation.destroy - - respond_to do |format| - format.html { redirect_to organisations_url } - format.json { head :no_content } - end - end - + #TODO: see if this is used by the ajax... otherwise lock it down def parent @organisation = Organisation.find(params[:id]) + authorize @organisation parent_org = @organisation.find_by {|o| o.parent_id } return parent_org end + #TODO: see is this is used by the ajax... otherwise lock it down def children @organisation = Organisation.find(params[:id]) + authorize @organisation #if user_signed_in? then children = {} @organisation.children.each do |child| @@ -108,8 +56,10 @@ # end end + #TODO: see if this is used by the ajax... otherwise lock it down def templates @organisation = Organisation.find(params[:id]) + authorize @organisation #if user_signed_in? then templates = {} @organisation.dmptemplates.each do |template| diff --git a/app/policies/organisation_policy.rb b/app/policies/organisation_policy.rb index 4326458..677912c 100644 --- a/app/policies/organisation_policy.rb +++ b/app/policies/organisation_policy.rb @@ -19,4 +19,16 @@ user.can_modify_org_details? && (user.organisaiton_id == organisation.id) end + def parent? + true + end + + def children? + true + end + + def templates? + true + end + end \ No newline at end of file