htwkmooc/codeocean
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Ensure views only link to those actions allowed for current user

Browse Source
This commit is contained in:
Sebastian Serth
2018-11-30 13:29:04 +01:00
parent d3f67ab4c7
commit 2125fb1c1d
56 changed files with 128 additions and 264 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/views/proxy_exercises/_form.html.slim
View File

@@ -18,7 +18,7 @@
= collection_check_boxes :proxy_exercise, :exercise_ids, @exercises, :id, :title do |b|
tr
td = b.check_box
td = link_to(b.object, b.object)
td = link_to_if(policy(b.object).show?, b.object, b.object)
td = l(b.object.created_at, format: :short)
.actions = render('shared/submit_button', f: f, object: @proxy_exercise)

4
app/views/proxy_exercises/index.html.slim
View File

@@ -12,11 +12,11 @@ h1 = ProxyExercise.model_name.human(count: 2)
th.p-1 = sort_link(@search, :title, t('activerecord.attributes.proxy_exercise.title'))
th.p-1 = t('activerecord.attributes.exercise.token')
th.p-1 = t('activerecord.attributes.proxy_exercise.files_count')
th.p-1 colspan=6 = t('shared.actions')
th.p-1 colspan=2 = t('shared.actions')
tbody
- @proxy_exercises.each do |proxy_exercise|
tr data-id=proxy_exercise.id
td.p-1.pt-2 = link_to(proxy_exercise.title,proxy_exercise)
td.p-1.pt-2 = link_to_if(policy(proxy_exercise).show?, proxy_exercise.title, proxy_exercise)
td.p-1.pt-2 = proxy_exercise.token
td.p-1.pt-2 = proxy_exercise.count_files
td.p-1.pt-2 = link_to(t('shared.edit'), edit_proxy_exercise_path(proxy_exercise)) if policy(proxy_exercise).edit?

5
app/views/proxy_exercises/show.html.slim
View File

@@ -7,8 +7,7 @@
h1
= @proxy_exercise.title
- if policy(@proxy_exercise).edit?
= render('shared/edit_button', object: @proxy_exercise)
= render('shared/edit_button', object: @proxy_exercise)
= row(label: 'exercise.title', value: @proxy_exercise.title)
= row(label: 'proxy_exercise.files_count', value: @exercises.count)
@@ -24,5 +23,5 @@ h2.mt-4 Exercises
th = sort_link(@search, :created_at, t('shared.created_at'))
- @proxy_exercise.exercises.each do |exercise|
tr
td = link_to(exercise.title, exercise)
td = link_to_if(policy(exercise).show?, exercise.title, exercise)
td = l(exercise.created_at, format: :short)