Skip to content
Snippets Groups Projects
Commit 69006d64 authored by Marcela Ribeiro de Oliveira's avatar Marcela Ribeiro de Oliveira
Browse files

only supervisor can see a list of submitter requests

parent 0f0520e9
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
app/controllers/v1/users_controller.rb
+ 7
2
View file @ 69006d64
......@@ -6,8 +6,9 @@ class V1::UsersController < ApplicationController
include ::SubjectableController
before_action :set_user, only: [:show, :update, :destroy, :following, :own_reviews, :received_reviews, :followers]
before_action :authenticate_user!, only: [:create, :update, :destroy, :following, :own_reviews, :received_reviews, :followers, :submitter_request]
before_action :authorize_user, only: [:own_reviews, :received_reviews, :update, :destroy]
before_action :set_new_user, only: [:upload_requests]
before_action :authenticate_user!, only: [:create, :update, :destroy, :following, :own_reviews, :received_reviews, :followers, :submitter_request, :upload_requests]
before_action :authorize_user, only: [:own_reviews, :received_reviews, :update, :destroy, :upload_requests]
# GET /v1/users
# GET /v1/users.json
......@@ -113,6 +114,10 @@ class V1::UsersController < ApplicationController
@user = User.find(params[:id])
end
def set_new_user
@user ||= User.new
end
# Never trust parameters from the scary internet, only allow the white list through.
def user_params
params.require(:user).permit(
......
app/policies/user_policy.rb
+ 4
0
View file @ 69006d64
......@@ -28,6 +28,10 @@ class UserPolicy < ApplicationPolicy
record if same_user? || user_can_edit?
end
def upload_requests?
record if user.is_supervisor?
end
def authorized_user?
return false if ( record.is_admin? && !user.is_admin? )
if ( record.is_editor? )
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment