diff --git a/Gemfile.lock b/Gemfile.lock index b4c911a..009f630 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -224,6 +224,8 @@ activerecord (>= 3.0) protected_attributes (1.1.3) activemodel (>= 4.0.1, < 5.0) + pundit (1.1.0) + activesupport (>= 3.0.0) rack (1.6.4) rack-test (0.6.3) rack (>= 1.0) @@ -360,6 +362,7 @@ omniauth omniauth-shibboleth protected_attributes + pundit rack-test rails (= 4.2.0) rails-observers diff --git a/app/controllers/organisations_controller.rb b/app/controllers/organisations_controller.rb index 355ad7d..5c154db 100644 --- a/app/controllers/organisations_controller.rb +++ b/app/controllers/organisations_controller.rb @@ -41,7 +41,8 @@ # GET /organisations/1 # GET /organisations/1.json def admin_show - @organisation = authorize Organisation.find(params[:id]) + @organisation = Organisation.find(params[:id]) + authorize @organisation respond_to do |format| format.html # show.html.erb format.json { render json: @organisation } diff --git a/app/policies/dmptemplate_policy.rb b/app/policies/dmptemplate_policy.rb index 381111e..ea17c40 100644 --- a/app/policies/dmptemplate_policy.rb +++ b/app/policies/dmptemplate_policy.rb @@ -2,6 +2,7 @@ attr_reader :user, :dmptemplate def initialize(user, dmptemplate) + raise Pundit::NotAuthorizedError, "must be logged in" unless user @user = user @dmptemplate = dmptemplate end diff --git a/app/policies/guidance_group_policy.rb b/app/policies/guidance_group_policy.rb index 682ba39..dd3725f 100644 --- a/app/policies/guidance_group_policy.rb +++ b/app/policies/guidance_group_policy.rb @@ -2,6 +2,7 @@ attr_reader :user, :guidance_group def initialize(user, guidance_group) + raise Pundit::NotAuthorizedError, "must be logged in" unless user @user = user @guidance_group = guidance_group end diff --git a/app/policies/guidance_policy.rb b/app/policies/guidance_policy.rb index 7efa7ef..2b60f7a 100644 --- a/app/policies/guidance_policy.rb +++ b/app/policies/guidance_policy.rb @@ -2,6 +2,7 @@ attr_reader :user, :guidance def initialize(user, guidance) + raise Pundit::NotAuthorizedError, "must be logged in" unless user @user = user @guidance = guidance end diff --git a/app/policies/organisation_policy.rb b/app/policies/organisation_policy.rb index 12e98eb..4326458 100644 --- a/app/policies/organisation_policy.rb +++ b/app/policies/organisation_policy.rb @@ -2,6 +2,7 @@ attr_reader :user, :organisation def initialize(user, organisation) + raise Pundit::NotAuthorizedError, "must be logged in" unless user @user = user @organisation = organisation end diff --git a/app/policies/token_permission_type_policy.rb b/app/policies/token_permission_type_policy.rb index 513d20e..fb4699e 100644 --- a/app/policies/token_permission_type_policy.rb +++ b/app/policies/token_permission_type_policy.rb @@ -2,6 +2,7 @@ attr_reader :user, :token_permission_type def initialize(user, token_permission_type) + raise Pundit::NotAuthorizedError, "must be logged in" unless user @user = user @token_permission_type = token_permission_type end diff --git a/app/policies/user_policy.rb b/app/policies/user_policy.rb index 071f474..94ee8f6 100644 --- a/app/policies/user_policy.rb +++ b/app/policies/user_policy.rb @@ -2,6 +2,7 @@ attr_reader :user def initialize(user, users) + raise Pundit::NotAuthorizedError, "must be logged in" unless user @user = user end diff --git a/config/locales/en-UK.yml b/config/locales/en-UK.yml index b657449..b443c6d 100644 --- a/config/locales/en-UK.yml +++ b/config/locales/en-UK.yml @@ -955,7 +955,7 @@ modify_templates: 'modify_templates' modify_guidance: 'modify_guidance' use_api: 'use_api' - change_org_details: 'change_org_details' + change_org_details: 'change_org_detials' api_endpoint_types: guidances: 'guidances' plans: 'plans'