Sha256: e35ce9505afd5e2193e54a15b9103d4a536c093098f10230b03ece14cb713717
Contents?: true
Size: 1.94 KB
Versions: 1
Compression:
Stored size: 1.94 KB
Contents
module Spotlight
class RolesController < Spotlight::ApplicationController
before_filter :authenticate_user!
load_and_authorize_resource :exhibit, class: Spotlight::Exhibit
load_and_authorize_resource through: :exhibit, except: [:update_all]
def index
# every admin should at least see themseleves
raise CanCan::AccessDenied if @roles.empty?
add_breadcrumb @exhibit.title, @exhibit
add_breadcrumb t(:'spotlight.administration.sidebar.header'), exhibit_dashboard_path(@exhibit)
add_breadcrumb t(:'spotlight.administration.sidebar.users'), exhibit_roles_path(@exhibit)
@exhibit.roles.build
end
def update_all
attrs = params.require(:exhibit).permit(:roles_attributes => [:id, :user_key, :role, :_destroy])
any_deleted = authorize_nested_attributes(attrs[:roles_attributes], Role)
if @exhibit.update(attrs)
notice = any_deleted > 0 ? "User has been removed." : "User has been updated."
redirect_to exhibit_roles_path(@exhibit), notice: notice
else
flash[:alert] = "There was a problem saving the users."
render action: 'index'
end
end
protected
# When nested attributes are passed in, ensure we have authorization to update each row.
# @param attr [Hash,Array] the nested attributes
# @param klass [Class] the class that is getting created
# @return [Integer] a count of the number of deleted records
def authorize_nested_attributes(attrs, klass)
attrs = attrs.values if attrs.is_a? Hash
delete_count = 0
attrs.each do |item|
if item[:id]
if ActiveRecord::ConnectionAdapters::Column.value_to_boolean(item['_destroy'])
authorize! :destroy, klass.find(item[:id])
delete_count += 1
else
authorize! :update, klass.find(item[:id])
end
else
authorize! :create, klass
end
end
delete_count
end
end
end
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| blacklight-spotlight-0.0.3 | app/controllers/spotlight/roles_controller.rb |