diff --git a/app/controllers/organisations_controller.rb b/app/controllers/organisations_controller.rb index 45121e5..5d5a5cd 100644 --- a/app/controllers/organisations_controller.rb +++ b/app/controllers/organisations_controller.rb @@ -37,54 +37,37 @@ end end - + # GET /organisations/1 # GET /organisations/1.json def admin_show - if user_signed_in? && current_user.is_org_admin? then - @organisation = Organisation.find(params[:id]) - - respond_to do |format| - format.html # show.html.erb - format.json { render json: @organisation } - end - else - render(:file => File.join(Rails.root, 'public/403.html'), :status => 403, :layout => false) - end - + @organisation = authorize Organisation.find(params[:id]) + respond_to do |format| + format.html # show.html.erb + format.json { render json: @organisation } + end end - + # GET /organisations/1/edit def admin_edit - if user_signed_in? && current_user.is_org_admin? then - @organisation = Organisation.find(params[:id]) - - else - render(:file => File.join(Rails.root, 'public/403.html'), :status => 403, :layout => false) - end + @organisation = authorize Organisation.find(params[:id]) end - - + + # PUT /organisations/1 # PUT /organisations/1.json def admin_update - if user_signed_in? && current_user.is_org_admin? then - @organisation = Organisation.find(params[:id]) - @organisation.banner_text = params["org_banner_text"] - - - respond_to do |format| - if @organisation.update_attributes(params[:organisation]) - format.html { redirect_to admin_show_organisation_path(params[:id]), notice: I18n.t("admin.org_updated_message") } - format.json { head :no_content } - else - format.html { render action: "edit" } - format.json { render json: @organisation.errors, status: :unprocessable_entity } - end - end - else - render(:file => File.join(Rails.root, 'public/403.html'), :status => 403, :layout => false) - end + @organisation = authorize Organisation.find(params[:id]) + @organisation.banner_text = params["org_banner_text"] + respond_to do |format| + if @organisation.update_attributes(params[:organisation]) + format.html { redirect_to admin_show_organisation_path(params[:id]), notice: I18n.t("admin.org_updated_message") } + format.json { head :no_content } + else + format.html { render action: "edit" } + format.json { render json: @organisation.errors, status: :unprocessable_entity } + end + end end # DELETE /organisations/1 diff --git a/app/models/user.rb b/app/models/user.rb index eb7fa00..ab2a564 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -174,7 +174,7 @@ ## # checks if the user can add new organisations - # + # # @return [Boolean] true if the user can add new organisations def can_add_orgs? add_orgs = roles.find_by(name: constant("user_role_types.add_organisations")) @@ -183,7 +183,7 @@ ## # checks if the user can change their organisation affiliations - # + # # @return [Boolean] true if the user can change their organisation affiliations def can_change_org? change_org = roles.find_by(name: constant("user_role_types.change_org_affiliation")) @@ -192,7 +192,7 @@ ## # checks if the user can grant their permissions to others - # + # # @return [Boolean] true if the user can grant their permissions to others def can_grant_permissions? grant_perms = roles.find_by(name: constant("user_role_types.grant_permissions")) @@ -201,7 +201,7 @@ ## # checks if the user can modify organisation templates - # + # # @return [Boolean] true if the user can modify organisation templates def can_modify_templates? modify_temp = roles.find_by(name: constant("user_role_types.modify_templates")) @@ -210,7 +210,7 @@ ## # checks if the user can modify organisation guidance - # + # # @return [Boolean] true if the user can modify organistion guidance def can_modify_guidance? modify_guidance = roles.find_by(name: constant("user_role_types.modify_guidance")) @@ -219,13 +219,21 @@ ## # checks if the user can use the api - # + # # @return [Boolean] true if the user can use the api def can_use_api? use_api = roles.find_by(name: constant("user_role_types.use_api")) return !use_api.nil? end + # + # checks if the user can modify their org's details + # + # @return [Boolean] true if the user can modify the org's details + def can_modify_org_details? + modify_org_details = roles.find_by(name: constant("user_role_types.change_org_details")) + return !modify_org_details.nil? + ## # checks what type the user's organisation is # diff --git a/app/policies/organisation_policy.rb b/app/policies/organisation_policy.rb new file mode 100644 index 0000000..cd574bb --- /dev/null +++ b/app/policies/organisation_policy.rb @@ -0,0 +1,21 @@ +class OrganisationPolicy + attr_reader :user, :organisation + + def initialize(user, organisation) + @user = user + @organisation = organisation + end + + def admin_show? + user.can_modify_org_details? + end + + def admin_edit? + user.can_modify_org_details? + end + + def admin_update? + user.can_modify_org_details? + end + +end \ No newline at end of file diff --git a/config/locales/en-UK.yml b/config/locales/en-UK.yml index b5acf40..b657449 100644 --- a/config/locales/en-UK.yml +++ b/config/locales/en-UK.yml @@ -955,6 +955,7 @@ modify_templates: 'modify_templates' modify_guidance: 'modify_guidance' use_api: 'use_api' + change_org_details: 'change_org_details' api_endpoint_types: guidances: 'guidances' plans: 'plans' diff --git a/db/seeds.rb b/db/seeds.rb index 051acbc..02246de 100644 --- a/db/seeds.rb +++ b/db/seeds.rb @@ -200,6 +200,9 @@ }, 'use_api' => { name: 'use_api' + }, + 'change_org_detials' => { + name: 'change_org_detials' } }