Sha256: e2007d6cff28fa1ec3b009d10c1bd9da411341fefded42ee039a466a09b0d335
Contents?: true
Size: 1.9 KB
Versions: 4
Compression:
Stored size: 1.9 KB
Contents
module Spotlight
class RolesController < Spotlight::ApplicationController
before_filter :authenticate_user!
load_and_authorize_resource :exhibit, class: Spotlight::Exhibit
load_and_authorize_resource through: :exhibit, except: [:update_all]
def index
role = @exhibit.roles.build
authorize! :edit, role
add_breadcrumb t(:'spotlight.exhibits.breadcrumb', title: @exhibit.title), @exhibit
add_breadcrumb t(:'spotlight.administration.sidebar.header'), exhibit_dashboard_path(@exhibit)
add_breadcrumb t(:'spotlight.administration.sidebar.users'), exhibit_roles_path(@exhibit)
end
def update_all
attrs = params.require(:exhibit).permit(:roles_attributes => [:id, :user_key, :role, :_destroy])
any_deleted = authorize_nested_attributes(attrs[:roles_attributes], Role)
if @exhibit.update(attrs)
notice = any_deleted > 0 ? t(:'helpers.submit.role.destroyed') : t(:'helpers.submit.role.updated')
redirect_to exhibit_roles_path(@exhibit), notice: notice
else
flash[:alert] = t(:'helpers.submit.role.batch_error')
render action: 'index'
end
end
protected
# When nested attributes are passed in, ensure we have authorization to update each row.
# @param attr [Hash,Array] the nested attributes
# @param klass [Class] the class that is getting created
# @return [Integer] a count of the number of deleted records
def authorize_nested_attributes(attrs, klass)
attrs = attrs.values if attrs.is_a? Hash
delete_count = 0
attrs.each do |item|
if item[:id]
if item['_destroy'].present?
authorize! :destroy, klass.find(item[:id])
delete_count += 1
else
authorize! :update, klass.find(item[:id])
end
else
authorize! :create, klass
end
end
delete_count
end
end
end
Version data entries
4 entries across 4 versions & 1 rubygems