Hide actions that are not available to teachers

2016-03-02 11:55:26 +01:00
parent da3339ecbb
commit 7dee100665
4 changed files with 21 additions and 15 deletions
--- a/app/policies/exercise_policy.rb
+++ b/app/policies/exercise_policy.rb
@ -8,7 +8,11 @@ class ExercisePolicy < AdminOrAuthorPolicy
    admin?
  end

-  [:clone?, :destroy?, :edit?, :show?, :statistics?, :update?].each do |action|
+  def show?
+    @user.internal_user?
+  end
+
+  [:clone?, :destroy?, :edit?, :statistics?, :update?].each do |action|
    define_method(action) { admin? || author? || team_member? }
  end

--- a/app/views/exercises/index.html.slim
+++ b/app/views/exercises/index.html.slim
@ -27,17 +27,17 @@ h1 = Exercise.model_name.human(count: 2)
      - @exercises.each do |exercise|
        tr data-id=exercise.id
          td = exercise.title
-          td = link_to(exercise.author, exercise.author)
-          td = link_to(exercise.execution_environment, exercise.execution_environment)
+          td = link_to_if(policy(exercise.author).show?, exercise.author, exercise.author)
+          td = link_to_if(policy(exercise.execution_environment).show?, exercise.execution_environment, exercise.execution_environment)
          td = exercise.files.teacher_defined_tests.count
          td = exercise.maximum_score
          td.public data-value=exercise.public? = symbol_for(exercise.public?)
-          td = link_to(t('shared.show'), exercise)
-          td = link_to(t('shared.edit'), edit_exercise_path(exercise))
-          td = link_to(t('shared.destroy'), exercise, data: {confirm: t('shared.confirm_destroy')}, method: :delete)
-          td = link_to(t('.clone'), clone_exercise_path(exercise), data: {confirm: t('shared.confirm_destroy')}, method: :post)
-          td = link_to(t('.implement'), implement_exercise_path(exercise))
-          td = link_to(t('shared.statistics'), statistics_exercise_path(exercise))
+          td = link_to(t('shared.show'), exercise) if policy(exercise).show?
+          td = link_to(t('shared.edit'), edit_exercise_path(exercise)) if policy(exercise).edit?
+          td = link_to(t('shared.destroy'), exercise, data: {confirm: t('shared.confirm_destroy')}, method: :delete) if policy(exercise).destroy?
+          td = link_to(t('.clone'), clone_exercise_path(exercise), data: {confirm: t('shared.confirm_destroy')}, method: :post) if policy(exercise).clone?
+          td = link_to(t('.implement'), implement_exercise_path(exercise)) if policy(exercise).implement?
+          td = link_to(t('shared.statistics'), statistics_exercise_path(exercise)) if policy(exercise).statistics?

 = render('shared/pagination', collection: @exercises)
-p = render('shared/new_button', model: Exercise)
+p = render('shared/new_button', model: Exercise)
--- a/app/views/exercises/show.html.slim
+++ b/app/views/exercises/show.html.slim
@ -4,12 +4,13 @@

 h1
  = @exercise
-  = render('shared/edit_button', object: @exercise)
+  - if policy(@exercise).edit?
+    = render('shared/edit_button', object: @exercise)

 = row(label: 'exercise.title', value: @exercise.title)
-= row(label: 'exercise.user', value: link_to(@exercise.author, @exercise.author))
+= row(label: 'exercise.user', value: link_to_if(policy(@exercise.author).show?, @exercise.author, @exercise.author))
 = row(label: 'exercise.description', value: @exercise.description)
-= row(label: 'exercise.execution_environment', value: link_to(@exercise.execution_environment, @exercise.execution_environment))
+= row(label: 'exercise.execution_environment', value: link_to_if(policy(@exercise.execution_environment).show?, @exercise.execution_environment, @exercise.execution_environment))
 = row(label: 'exercise.instructions', value: render_markdown(@exercise.instructions))
 = row(label: 'exercise.team', value: @exercise.team ? link_to(@exercise.team, @exercise.team) : nil)
 = row(label: 'exercise.maximum_score', value: @exercise.maximum_score)
@ -26,5 +27,6 @@ ul.list-unstyled
      .panel-heading
        h3.panel-title = file.name_with_extension
      .panel-body
-        .clearfix = link_to(t('shared.destroy'), file, class:'btn btn-warning btn-sm pull-right', data: {confirm: t('shared.confirm_destroy')}, method: :delete)
+        - if policy(file).destroy?
+          .clearfix = link_to(t('shared.destroy'), file, class:'btn btn-warning btn-sm pull-right', data: {confirm: t('shared.confirm_destroy')}, method: :delete)
        = render('shared/file', file: file)
--- a/app/views/shared/_file.html.slim
+++ b/app/views/shared/_file.html.slim
@ -1,6 +1,6 @@
 = row(label: 'file.name', value: file.name)
 = row(label: 'file.path', value: file.path)
-= row(label: 'file.file_type', value: link_to(file.file_type, file.file_type))
+= row(label: 'file.file_type', value: link_to_if(policy(file).show?, file.file_type, file.file_type))
 = row(label: 'file.role', value: file.role? ? t("files.roles.#{file.role}") : '')
 = row(label: 'file.hidden', value: file.hidden)
 = row(label: 'file.read_only', value: file.read_only)