htwkmooc/codeocean
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Require authorization for RfCs and remove obsolete routes

Browse Source
This commit is contained in:
Sebastian Serth
2020-10-28 13:24:44 +01:00
parent e8d274a4a4
commit 4d5e00fde5
2 changed files with 5 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
app/controllers/request_for_comments_controller.rb
View File

@ -2,7 +2,7 @@ class RequestForCommentsController < ApplicationController
include SubmissionScoring include SubmissionScoring
before_action :set_request_for_comment, only: [:show, :edit, :update, :destroy, :mark_as_solved, :set_thank_you_note] before_action :set_request_for_comment, only: [:show, :edit, :update, :destroy, :mark_as_solved, :set_thank_you_note]
skip_after_action :verify_authorized before_action :require_user!
def authorize! def authorize!
authorize(@request_for_comments || @request_for_comment) authorize(@request_for_comments || @request_for_comment)
@ -26,11 +26,12 @@ class RequestForCommentsController < ApplicationController
def get_my_comment_requests def get_my_comment_requests
@search = RequestForComment @search = RequestForComment
.with_last_activity .with_last_activity
.where(user_id: current_user.id) .where(user_id: current_user&.id)
.ransack(params[:q]) .ransack(params[:q])
@request_for_comments = @search.result @request_for_comments = @search.result
.order('created_at DESC') .order('created_at DESC')
.paginate(page: params[:page]) .paginate(page: params[:page])
authorize!
render 'index' render 'index'
end end
@ -44,6 +45,7 @@ class RequestForCommentsController < ApplicationController
@request_for_comments = @search.result @request_for_comments = @search.result
.order('last_comment DESC') .order('last_comment DESC')
.paginate(page: params[:page]) .paginate(page: params[:page])
authorize!
render 'index' render 'index'
end end
@ -83,10 +85,6 @@ class RequestForCommentsController < ApplicationController
authorize! authorize!
end end
# GET /request_for_comments/1/edit
def edit
end
# POST /request_for_comments.json # POST /request_for_comments.json
def create def create
# Consider all requests as JSON # Consider all requests as JSON
@ -111,17 +109,6 @@ class RequestForCommentsController < ApplicationController
authorize! authorize!
end end
# DELETE /request_for_comments/1
# DELETE /request_for_comments/1.json
def destroy
@request_for_comment.destroy
respond_to do |format|
format.html { redirect_to request_for_comments_url, notice: 'Request for comment was successfully destroyed.' }
format.json { head :no_content }
end
authorize!
end
private private
# Use callbacks to share common setup or constraints between actions. # Use callbacks to share common setup or constraints between actions.
def set_request_for_comment def set_request_for_comment

2
config/routes.rb
View File

@ -14,7 +14,7 @@ Rails.application.routes.draw do
end end
end end
resources :codeharbor_links, only: %i[new create edit update destroy] resources :codeharbor_links, only: %i[new create edit update destroy]
resources :request_for_comments do resources :request_for_comments, except: %i[edit destroy] do
member do member do
get :mark_as_solved, defaults: { format: :json } get :mark_as_solved, defaults: { format: :json }
post :set_thank_you_note, defaults: { format: :json } post :set_thank_you_note, defaults: { format: :json }