Ensure views only link to those actions allowed for current user

This commit is contained in:
Sebastian Serth
2018-11-30 13:29:04 +01:00
parent d3f67ab4c7
commit 2125fb1c1d
56 changed files with 128 additions and 264 deletions

View File

@@ -1,10 +1,9 @@
h1
= @user
- if policy(@user).edit?
= render('shared/edit_button', object: @user)
= render('shared/edit_button', object: @user)
= row(label: 'internal_user.email', value: @user.email)
= row(label: 'internal_user.name', value: @user.name)
= row(label: 'internal_user.consumer', value: @user.consumer ? link_to(@user.consumer, @user.consumer) : nil)
= row(label: 'internal_user.consumer', value: @user.consumer ? link_to_if(policy(@user.consumer).show?, @user.consumer, @user.consumer) : nil)
= row(label: 'internal_user.role', value: t("users.roles.#{@user.role}"))
= row(label: 'internal_user.activated', value: @user.activated?)