htwkmooc/codeocean
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Ensure views only link to those actions allowed for current user

Browse Source
This commit is contained in:
Sebastian Serth
2018-11-30 13:29:04 +01:00
parent d3f67ab4c7
commit 2125fb1c1d
56 changed files with 128 additions and 264 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/views/error_templates/index.html.slim
View File

@ -11,12 +11,12 @@ h1 = ErrorTemplate.model_name.human(count: 2)
tbody
- @error_templates.each do |error_template|
tr
td = link_to(error_template.name, error_template)
td = link_to_if(policy(error_template).show?, error_template.name, error_template)
td = error_template.description
td = link_to(error_template.execution_environment)
td = link_to(t('shared.show'), error_template)
td = link_to(t('shared.edit'), edit_error_template_path(error_template))
td = link_to(t('shared.destroy'), error_template, data: {confirm: t('shared.confirm_destroy')}, method: :delete)
td = link_to(t('shared.show'), error_template) if policy(error_template).show?
td = link_to(t('shared.edit'), edit_error_template_path(error_template)) if policy(error_template).edit?
td = link_to(t('shared.destroy'), error_template, data: {confirm: t('shared.confirm_destroy')}, method: :delete) if policy(error_template).destroy?
= render('shared/pagination', collection: @error_templates)
p = render('shared/new_button', model: ErrorTemplate)

9
app/views/error_templates/show.html.slim
View File

@ -3,7 +3,7 @@ h1
= render('shared/edit_button', object: @error_template)
= row(label: 'error_template.name', value: @error_template.name)
= row(label: 'exercise.execution_environment', value: link_to(@error_template.execution_environment))
= row(label: 'exercise.execution_environment', value: link_to_if(policy(@error_template.execution_environment).show?, @error_template.execution_environment))
= row(label: "error_template.signature") do
code = @error_template.signature
- [:description, :hint].each do |attribute|
@ -29,12 +29,13 @@ h2.mt-4
span class="fa fa-star" aria-hidden="true"
- else
span class="fa fa-star-o" aria-hidden="true"
td = link_to(attribute.key, attribute)
td = link_to_if(policy(attribute).show?, attribute.key, attribute)
td = attribute.description
td
code = attribute.regex
td = link_to(t('shared.show'), attribute)
td = link_to(t('shared.destroy'), attribute_error_template_url(:error_template_attribute_id => attribute.id), :method => :delete)
td = link_to(t('shared.show'), attribute) if policy(attribute).show?
td = link_to(t('shared.edit'), edit_error_template_attribute_path(attribute)) if policy(attribute).edit?
td = link_to(t('shared.destroy'), attribute_error_template_url(:error_template_attribute_id => attribute.id), :method => :delete) if policy(attribute).destroy?
#add-attribute
= collection_select({}, :error_template_attribute_id,