From 43e83889ff59e6bd4f754aacadbf0f2ba29eb24a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javi=20Mart=C3=ADn?= Date: Fri, 7 Sep 2018 14:03:01 +0200 Subject: [PATCH] Simplify CKEditor authorization We can use the `config.authorize_with` option, so we don't need to copy the controller in order to load and authorize resource. Besides, only administrators can upload images, so we don't need to track the image's user id. --- app/controllers/application_controller.rb | 8 ---- .../ckeditor/pictures_controller.rb | 38 ------------------- config/initializers/ckeditor.rb | 4 +- .../20180813141443_create_ckeditor_assets.rb | 2 - db/schema.rb | 1 - 5 files changed, 2 insertions(+), 51 deletions(-) delete mode 100644 app/controllers/ckeditor/pictures_controller.rb diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 06e0c79d8..e97b87cd3 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -27,16 +27,8 @@ class ApplicationController < ActionController::Base respond_to :html helper_method :current_budget - before_action :set_user_for_ckeditor_pictures - private - def set_user_for_ckeditor_pictures - if request.path == '/ckeditor/pictures' && request.request_method == 'POST' - params['user_id'] = current_user.id - end - end - def authenticate_http_basic authenticate_or_request_with_http_basic do |username, password| username == Rails.application.secrets.http_basic_username && password == Rails.application.secrets.http_basic_password diff --git a/app/controllers/ckeditor/pictures_controller.rb b/app/controllers/ckeditor/pictures_controller.rb deleted file mode 100644 index 4cdb9f1ea..000000000 --- a/app/controllers/ckeditor/pictures_controller.rb +++ /dev/null @@ -1,38 +0,0 @@ -class Ckeditor::PicturesController < Ckeditor::ApplicationController - - load_and_authorize_resource - - def index - @pictures = Ckeditor.picture_adapter.find_all(ckeditor_pictures_scope) - @pictures = Ckeditor::Paginatable.new(@pictures).page(params[:page]) - - respond_to do |format| - format.html { render :layout => @pictures.first_page? } - end - end - - def create - @picture = Ckeditor.picture_model.new(user_id: current_user.id) - respond_with_asset(@picture) - end - - def destroy - @picture.destroy - - respond_to do |format| - format.html { redirect_to pictures_path } - format.json { render :nothing => true, :status => 204 } - end - end - - protected - - def find_asset - @picture = Ckeditor.picture_adapter.get!(params[:id]) - end - - def authorize_resource - model = @picture || Ckeditor.picture_model - @authorization_adapter.try(:authorize, params[:action], model) - end -end diff --git a/config/initializers/ckeditor.rb b/config/initializers/ckeditor.rb index 5b6589f95..1e173cca8 100644 --- a/config/initializers/ckeditor.rb +++ b/config/initializers/ckeditor.rb @@ -5,8 +5,8 @@ Ckeditor.setup do |config| # available as additional gems. require 'ckeditor/orm/active_record' + config.authorize_with :cancan + config.assets_languages = Rails.application.config.i18n.available_locales.map{|l| l.to_s.downcase} config.assets_plugins = %w[copyformatting tableselection scayt wsc] end - -Ckeditor::PicturesController.send(:load_and_authorize_resource) diff --git a/db/migrate/20180813141443_create_ckeditor_assets.rb b/db/migrate/20180813141443_create_ckeditor_assets.rb index ee857cfd0..f7b5b85f4 100644 --- a/db/migrate/20180813141443_create_ckeditor_assets.rb +++ b/db/migrate/20180813141443_create_ckeditor_assets.rb @@ -10,8 +10,6 @@ class CreateCkeditorAssets < ActiveRecord::Migration t.integer :width t.integer :height - t.integer :user_id - t.timestamps null: false end diff --git a/db/schema.rb b/db/schema.rb index 3f7771736..e03b22ac7 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -302,7 +302,6 @@ ActiveRecord::Schema.define(version: 20180813141443) do t.string "type", limit: 30 t.integer "width" t.integer "height" - t.integer "user_id" t.datetime "created_at", null: false t.datetime "updated_at", null: false end