statuses_controller.rb in decidim-accountability-0.12.0.pre

- old
+ new

@@ -6,14 +6,18 @@
       # This controller allows an admin to manage results from a Participatory Process
       class StatusesController < Admin::ApplicationController
         helper_method :statuses
 
         def new
+          enforce_permission_to :create, :status
+
           @form = form(StatusForm).instance
         end
 
         def create
+          enforce_permission_to :create, :status
+
           @form = form(StatusForm).from_params(params)
 
           CreateStatus.call(@form) do
             on(:ok) do
               flash[:notice] = I18n.t("statuses.create.success", scope: "decidim.accountability.admin")
@@ -26,14 +30,18 @@
             end
           end
         end
 
         def edit
+          enforce_permission_to :update, :status, status: status
+
           @form = form(StatusForm).from_model(status)
         end
 
         def update
+          enforce_permission_to :update, :status, status: status
+
           @form = form(StatusForm).from_params(params)
 
           UpdateStatus.call(@form, status) do
             on(:ok) do
               flash[:notice] = I18n.t("statuses.update.success", scope: "decidim.accountability.admin")
@@ -46,9 +54,11 @@
             end
           end
         end
 
         def destroy
+          enforce_permission_to :destroy, :status, status: status
+
           status.destroy!
 
           flash[:notice] = I18n.t("statuses.destroy.success", scope: "decidim.accountability.admin")
 
           redirect_to statuses_path