From 7a63a9c1c11da6dfb7ea4da7c173ab70224cec55 Mon Sep 17 00:00:00 2001 From: Sebastian Serth Date: Thu, 22 Nov 2018 19:11:40 +0100 Subject: [PATCH] Hide navigation elements in the UI based on policies --- app/policies/code_ocean/file_policy.rb | 8 ++++++++ .../application/_navigation_submenu.html.slim | 13 +++++++------ app/views/execution_environments/index.html.slim | 14 +++++++------- 3 files changed, 22 insertions(+), 13 deletions(-) diff --git a/app/policies/code_ocean/file_policy.rb b/app/policies/code_ocean/file_policy.rb index 8cf6d890..e8d7b5a8 100644 --- a/app/policies/code_ocean/file_policy.rb +++ b/app/policies/code_ocean/file_policy.rb @@ -4,6 +4,14 @@ module CodeOcean @user == @record.context.author end + def show? + if @record.context.is_a?(Exercise) + admin? || author? || !@record.hidden + else + admin? || author? + end + end + def create? if @record.context.is_a?(Exercise) admin? || author? diff --git a/app/views/application/_navigation_submenu.html.slim b/app/views/application/_navigation_submenu.html.slim index 047955d7..fc4c9dec 100644 --- a/app/views/application/_navigation_submenu.html.slim +++ b/app/views/application/_navigation_submenu.html.slim @@ -1,6 +1,7 @@ -li.dropdown-submenu - - link = link.nil? ? "#" : link - a.dropdown-item.dropdown-toggle href=link data-toggle="dropdown" = title - ul.dropdown-menu.p-0 - - models.each do |model| - = render('navigation_collection_link', model: model, cached: true) +- if models.any? { |model| policy(model).index? } + li.dropdown-submenu + - link = link.nil? ? "#" : link + a.dropdown-item.dropdown-toggle href=link data-toggle="dropdown" = title + ul.dropdown-menu.p-0 + - models.each do |model| + = render('navigation_collection_link', model: model, cached: true) diff --git a/app/views/execution_environments/index.html.slim b/app/views/execution_environments/index.html.slim index a749df7c..10501911 100644 --- a/app/views/execution_environments/index.html.slim +++ b/app/views/execution_environments/index.html.slim @@ -14,17 +14,17 @@ h1 = ExecutionEnvironment.model_name.human(count: 2) tbody - @execution_environments.each do |execution_environment| tr - td = link_to(execution_environment.name, execution_environment) - td = link_to(execution_environment.author, execution_environment.author) + td = link_to_if(policy(execution_environment).show?, execution_environment.name, execution_environment) + td = link_to_if(policy(execution_environment.author).show?, execution_environment.author, execution_environment.author) td = execution_environment.pool_size td = execution_environment.memory_limit td = symbol_for(execution_environment.network_enabled) td = execution_environment.permitted_execution_time - td = link_to(t('shared.show'), execution_environment) - td = link_to(t('shared.edit'), edit_execution_environment_path(execution_environment)) - td = link_to(t('shared.destroy'), execution_environment, data: {confirm: t('shared.confirm_destroy')}, method: :delete) - td = link_to(t('.shell'), shell_execution_environment_path(execution_environment)) - td = link_to(t('shared.statistics'), statistics_execution_environment_path(execution_environment)) + td = link_to(t('shared.show'), execution_environment) if policy(execution_environment).show? + td = link_to(t('shared.edit'), edit_execution_environment_path(execution_environment)) if policy(execution_environment).edit? + td = link_to(t('shared.destroy'), execution_environment, data: {confirm: t('shared.confirm_destroy')}, method: :delete) if policy(execution_environment).destroy? + td = link_to(t('.shell'), shell_execution_environment_path(execution_environment)) if policy(execution_environment).shell? + td = link_to(t('shared.statistics'), statistics_execution_environment_path(execution_environment)) if policy(execution_environment).statistics? = render('shared/pagination', collection: @execution_environments) p = render('shared/new_button', model: ExecutionEnvironment)