htwkmooc/codeocean
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Ensure views only link to those actions allowed for current user

Browse Source
This commit is contained in:
Sebastian Serth
2018-11-30 13:29:04 +01:00
parent d3f67ab4c7
commit 2125fb1c1d
56 changed files with 128 additions and 264 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
app/views/exercise_collections/index.html.slim
View File

@@ -13,13 +13,13 @@ h1 = ExerciseCollection.model_name.human(count: 2)
- @exercise_collections.each do |collection|
tr
td = collection.id
td = link_to(collection.name, collection)
td = link_to_if(policy(collection).show?, collection.name, collection)
td = collection.updated_at
td = collection.exercises.size
td = link_to(t('shared.show'), collection)
td = link_to(t('shared.edit'), edit_exercise_collection_path(collection))
td = link_to(t('shared.statistics'), statistics_exercise_collection_path(collection))
td = link_to(t('shared.destroy'), collection, data: {confirm: t('shared.confirm_destroy')}, method: :delete)
td = link_to(t('shared.show'), collection) if policy(collection).show?
td = link_to(t('shared.edit'), edit_exercise_collection_path(collection)) if policy(collection).edit?
td = link_to(t('shared.statistics'), statistics_exercise_collection_path(collection)) if policy(collection).statistics?
td = link_to(t('shared.destroy'), collection, data: {confirm: t('shared.confirm_destroy')}, method: :delete) if policy(collection).destroy?
= render('shared/pagination', collection: @exercise_collections)
p = render('shared/new_button', model: ExerciseCollection)

6
app/views/exercise_collections/show.html.slim
View File

@@ -3,7 +3,7 @@ h1
= render('shared/edit_button', object: @exercise_collection)
= row(label: 'exercise_collections.name', value: @exercise_collection.name)
= row(label: 'exercise_collections.user', value: link_to(@exercise_collection.user.name, @exercise_collection.user)) unless @exercise_collection.user.nil?
= row(label: 'exercise_collections.user', value: link_to_if(policy(@exercise_collection.user).show?, @exercise_collection.user.name, @exercise_collection.user)) unless @exercise_collection.user.nil?
= row(label: 'exercise_collections.use_anomaly_detection', value: @exercise_collection.use_anomaly_detection)
= row(label: 'exercise_collections.updated_at', value: @exercise_collection.updated_at)
@@ -22,7 +22,7 @@ h4.mt-4 = t('activerecord.attributes.exercise_collections.exercises')
- exercise = exercise_collection_item.exercise
tr
td = exercise_collection_item.position
td = link_to(exercise.title, exercise)
td = link_to_if(policy(exercise).show?, exercise.title, exercise)
td = link_to_if(exercise.execution_environment && policy(exercise.execution_environment).show?, exercise.execution_environment, exercise.execution_environment)
td = link_to_if(exercise.user && policy(exercise.user).show?, exercise.user.name, exercise.user)
td = link_to(t('shared.statistics'), statistics_exercise_path(exercise), 'data-turbolinks' => "false")
td = link_to(t('shared.statistics'), statistics_exercise_path(exercise), 'data-turbolinks' => "false") if policy(exercise).statistics?