fixed typos

Update auth_helper.rb
Added before filters add_customer, view_customer
2025-11-08 17:04:23 -05:00 · 2017-03-23 05:56:26 -04:00 · 2017-03-23 05:50:31 -04:00 · 2017-03-23 05:47:37 -04:00 · 2017-03-23 05:45:45 -04:00 · 2017-03-23 05:42:54 -04:00
4 changed files with 64 additions and 12 deletions
--- a/app/controllers/customers_controller.rb
+++ b/app/controllers/customers_controller.rb
@@ -27,7 +27,8 @@ class CustomersController < ApplicationController
  include SortHelper
  helper :timelog
  
-  before_filter :require_user, :except => :view
+  before_filter :add_customer, :only => :new
+  before_filter :view_customer, :except => :new
  skip_before_filter :verify_authenticity_token, :check_if_login_required, :only => [:view]
  
  default_search_scope :names
@@ -144,6 +145,14 @@ class CustomersController < ApplicationController
  
  private
  
+  def add_customer
+    global_check_permission(:add_customers)
+  end
+  
+  def view_customer
+    global_check_permission(:view_customers)
+  end
+  
  def only_one_non_zero?( array )
    found_non_zero = false
    array.each do |val|
--- a/app/controllers/payments_controller.rb
+++ b/app/controllers/payments_controller.rb
@@ -12,8 +12,8 @@ class PaymentsController < ApplicationController
  
  include AuthHelper
  
-  before_filter :require_user
-
+  before_filter :check_permissions
+  
  def new
    @payment = Payment.new
    
@@ -32,10 +32,16 @@ class PaymentsController < ApplicationController
    else
      flash[:error] = @payment.errors.full_messages.to_sentence 
      redirect_to new_customer_path
-end
+    end
  end
  
  private
+
+  def check_permissions
+    if !allowed_to?(:add_payments)
+      render :file => "public/401.html.erb", :status => :unauthorized, :layout =>true 
+    end
+  end
  
  def only_one_non_zero?( array )
    found_non_zero = false
--- a/app/helpers/auth_helper.rb
+++ b/app/helpers/auth_helper.rb
@@ -16,4 +16,38 @@ module AuthHelper
      render :file => "public/401.html.erb", :status => :unauthorized, :layout =>true
    end
  end
+  
+  def allowed_to?(action)
+    return false if User.current.nil?
+    project = Project.find(params[:project_id])
+    return false if project.nil?
+    return true if User.current.allowed_to?(action, project)
+    false
+  end
+  
+  def check_permission(permission)
+    if !allowed_to?(permission)
+      render :file => "public/401.html.erb", :status => :unauthorized, :layout =>true 
+    end
+  end
+  
+  
+  def global_check_permission(permission)
+    if !globaly_allowed_to?(permission)
+      render :file => "public/401.html.erb", :status => :unauthorized, :layout =>true 
+    end
+  end
+  
+  def globaly_allowed_to?( action)
+    return false if User.current.nil?
+
+    projects = Project.all
+    projects.each { |p|
+      if User.current.allowed_to?(action, p)
+        return true
+      end
+    }
+    false
+  end
+    
 end
--- a/init.rb
+++ b/init.rb
@@ -47,18 +47,21 @@ Redmine::Plugin.register :redmine_qbo do

    # set per_page globally
    WillPaginate.per_page = 10
-
+  
+    permission :view_customers, :customers => :index, :public => false
+    permission :add_customers, :customers => :new, :public => false
+    permission :view_payments, :payments => :index, :public => false
+    permission :add_payments, :payments => :new, :public => false
+    permission :view_vehicles, :payments => :new, :public => false
+  
    # Register QBO top menu item
    #menu :top_menu, :qbo, { :controller => :qbo, :action => :index }, :caption => 'Quickbooks', :if => Proc.new { User.current.admin? }
-    menu :top_menu, :customers, { :controller => :customers, :action => :index }, :caption => 'Customers', :if => Proc.new { User.current.logged? }
-    menu :top_menu, :vehicles, { :controller => :vehicles, :action => :index }, :caption => 'Vehicles', :if => Proc.new { User.current.logged? }
+    menu :top_menu, :customers, { :controller => :customers, :action => :index }, :caption => 'Customers', :if => Proc.new {User.current.logged?}
+    menu :top_menu, :vehicles, { :controller => :vehicles, :action => :index }, :caption => 'Vehicles', :if => Proc.new { User.current.allowed_to?(:view_vehicles, @project) }
    
-    menu :application_menu, :new_customer, { :controller => :customers, :action => :new }, :caption => 'New Customer', :if => Proc.new { User.current.logged? }
-    menu :application_menu, :new_payment, { :controller => :payments, :action => :new }, :caption => 'New Payment', :if => Proc.new { User.current.logged? }
+    menu :application_menu, :new_customer, { :controller => :customers, :action => :new }, :caption => 'New Customer', :if => Proc.new { User.current.allowed_to?(:add_customers, @project) }
+    menu :application_menu, :new_payment, { :controller => :payments, :action => :new }, :caption => 'New Payment', :if => Proc.new { User.current.allowed_to?(:add_payments, @project)}
    
-    permission :customers, { :customers => [:index, :new] }, :public => false
    menu :project_menu, :customers, { :controller => 'customers', :action => 'new' }, :caption => 'New Customer', :after => :new_issue, :param => :project_id
-    
-    permission :payments, { :payments => [:index, :new] }, :public => false
    menu :project_menu, :payments, { :controller => 'payments', :action => 'new' }, :caption => 'New Payment', :after => :customers, :param => :project_id
 end
Author	SHA1	Message	Date
Rick Barrette	a34b6a07fc	fixed typos	2017-03-23 05:56:26 -04:00
Rick Barrette	2ce811bbbf	Update auth_helper.rb	2017-03-23 05:50:31 -04:00
Rick Barrette	02153de8b0	Added before filters add_customer, view_customer	2017-03-23 05:47:37 -04:00
Rick Barrette	68be20459b	Added global_check_permission	2017-03-23 05:45:45 -04:00
Rick Barrette	bbd03cc337	Update init.rb	2017-03-23 05:42:54 -04:00
Rick Barrette	4fc71a93f2	Update init.rb	2017-03-23 05:42:09 -04:00
Rick Barrette	8e7e1908e4	Update customers_controller.rb	2017-03-23 05:39:55 -04:00
Rick Barrette	89fba883ef	Update customers_controller.rb	2017-03-23 05:38:06 -04:00
Rick Barrette	15f317fba1	Update customers_controller.rb	2017-03-23 05:36:51 -04:00
Rick Barrette	894ee9abfd	added check_permission	2017-03-23 05:33:58 -04:00
Rick Barrette	ca17807117	Update payments_controller.rb	2017-03-23 05:29:54 -04:00
Rick Barrette	a70ba2f164	Update payments_controller.rb	2017-03-23 05:27:38 -04:00
Rick Barrette	78ac97298c	Update payments_controller.rb	2017-03-23 05:25:57 -04:00
Rick Barrette	72cd349c1b	Update payments_controller.rb	2017-03-23 05:23:44 -04:00
Rick Barrette	6fc1d27dca	Update auth_helper.rb	2017-03-23 05:21:56 -04:00
Rick Barrette	525c6b99d6	Update auth_helper.rb	2017-03-23 05:19:13 -04:00
Rick Barrette	3eaff0ab30	Update auth_helper.rb	2017-03-23 05:14:47 -04:00
Rick Barrette	85b40bc9cf	Update payments_controller.rb	2017-03-23 05:11:15 -04:00
Rick Barrette	37a2b95447	Update payments_controller.rb	2017-03-23 05:10:05 -04:00
Rick Barrette	33feb91713	added permission_checker	2017-03-23 05:08:33 -04:00
Rick Barrette	f7357f30ce	Update payments_controller.rb	2017-03-23 05:03:58 -04:00
Rick Barrette	c0ae01018b	Update payments_controller.rb	2017-03-23 05:01:01 -04:00
Rick Barrette	4353e910c8	Update payments_controller.rb	2017-03-23 04:57:22 -04:00
Rick Barrette	bef9774c4e	Update payments_controller.rb	2017-03-23 04:52:19 -04:00
Rick Barrette	863437b1b7	Added before filter to check permissions	2017-03-23 04:50:17 -04:00
Rick Barrette	7cfa15910a	Update init.rb	2017-03-23 04:41:31 -04:00
Rick Barrette	2154a3d001	Update init.rb	2017-03-22 23:09:05 -04:00
Rick Barrette	fdab090a3d	Update init.rb	2017-03-22 23:06:12 -04:00
Rick Barrette	3f32b7fef1	Update init.rb	2017-03-22 22:53:21 -04:00
Rick Barrette	14422bc549	Update init.rb	2017-03-22 22:52:24 -04:00
Rick Barrette	6bb66597e8	Added some permissions view_customers, add_customers, view_payments, add_payments	2017-03-22 22:44:09 -04:00