From 67f70b31bd16b05759e1f8393f077ee17f2c34be Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 14 Jul 2014 15:49:31 +0200 Subject: move fetch_user into module so it can be mixed in We have an ApiController that wants to call #fetch_user. Since we can only inherit from one class i moved fetch_user into an extension. --- app/controllers/controller_extension/fetch_user.rb | 20 ++++++++++++++++++++ app/controllers/users_base_controller.rb | 18 ------------------ app/controllers/users_controller.rb | 3 ++- app/controllers/v1/users_controller.rb | 9 +-------- 4 files changed, 23 insertions(+), 27 deletions(-) create mode 100644 app/controllers/controller_extension/fetch_user.rb delete mode 100644 app/controllers/users_base_controller.rb diff --git a/app/controllers/controller_extension/fetch_user.rb b/app/controllers/controller_extension/fetch_user.rb new file mode 100644 index 0000000..695d723 --- /dev/null +++ b/app/controllers/controller_extension/fetch_user.rb @@ -0,0 +1,20 @@ +# +# fetch the user taking into account permissions. +# While normal users can only change settings for themselves +# admins can change things for all users. +# +module ControllerExtension::FetchUser + extend ActiveSupport::Concern + + protected + + def fetch_user + @user = User.find(params[:user_id] || params[:id]) + if !@user && admin? + redirect_to users_url, :alert => t(:no_such_thing, :thing => 'user') + elsif !admin? && @user != current_user + access_denied + end + end + +end diff --git a/app/controllers/users_base_controller.rb b/app/controllers/users_base_controller.rb deleted file mode 100644 index 9becf0d..0000000 --- a/app/controllers/users_base_controller.rb +++ /dev/null @@ -1,18 +0,0 @@ -# -# common base class for all user related controllers -# - -class UsersBaseController < ApplicationController - - protected - - def fetch_user - @user = User.find(params[:user_id] || params[:id]) - if !@user && admin? - redirect_to users_url, :alert => t(:no_such_thing, :thing => 'user') - elsif !admin? && @user != current_user - access_denied - end - end - -end diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 0f822cb..dcf7607 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -2,7 +2,8 @@ # This is an HTML-only controller. For the JSON-only controller, see v1/users_controller.rb # -class UsersController < UsersBaseController +class UsersController < ApplicationController + include ControllerExtension::FetchUser before_filter :require_login, :except => [:new] before_filter :redirect_if_logged_in, :only => [:new] diff --git a/app/controllers/v1/users_controller.rb b/app/controllers/v1/users_controller.rb index 5c9e33f..bfa04fc 100644 --- a/app/controllers/v1/users_controller.rb +++ b/app/controllers/v1/users_controller.rb @@ -1,5 +1,6 @@ module V1 class UsersController < ApiController + include ControllerExtension::FetchUser before_filter :fetch_user, :only => [:update] before_filter :require_admin, :only => [:index] @@ -35,13 +36,5 @@ module V1 head :forbidden end end - - def fetch_user - @user = User.find(params[:id]) - if @user != current_user - access_denied - end - end - end end -- cgit v1.2.3