Simplify CKEditor authorization

We can use the `config.authorize_with` option, so we don't need to copy the controller in order to load and authorize resource. Besides, only administrators can upload images, so we don't need to track the image's user id.
2018-09-07 14:03:01 +02:00
parent 7347874f4b
commit 43e83889ff
5 changed files with 2 additions and 51 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -27,16 +27,8 @@ class ApplicationController < ActionController::Base
  respond_to :html
  helper_method :current_budget

-  before_action :set_user_for_ckeditor_pictures
-
  private

-    def set_user_for_ckeditor_pictures
-      if request.path == '/ckeditor/pictures' && request.request_method == 'POST'
-        params['user_id'] = current_user.id
-      end
-    end
-
    def authenticate_http_basic
      authenticate_or_request_with_http_basic do |username, password|
        username == Rails.application.secrets.http_basic_username && password == Rails.application.secrets.http_basic_password
--- a/app/controllers/ckeditor/pictures_controller.rb
+++ b/app/controllers/ckeditor/pictures_controller.rb
@@ -1,38 +0,0 @@
-class Ckeditor::PicturesController < Ckeditor::ApplicationController
-
-  load_and_authorize_resource
-
-  def index
-    @pictures = Ckeditor.picture_adapter.find_all(ckeditor_pictures_scope)
-    @pictures = Ckeditor::Paginatable.new(@pictures).page(params[:page])
-
-    respond_to do |format|
-      format.html { render :layout => @pictures.first_page? }
-    end
-  end
-
-  def create
-    @picture = Ckeditor.picture_model.new(user_id: current_user.id)
-    respond_with_asset(@picture)
-  end
-
-  def destroy
-    @picture.destroy
-
-    respond_to do |format|
-      format.html { redirect_to pictures_path }
-      format.json { render :nothing => true, :status => 204 }
-    end
-  end
-
-  protected
-
-    def find_asset
-      @picture = Ckeditor.picture_adapter.get!(params[:id])
-    end
-
-    def authorize_resource
-      model = @picture || Ckeditor.picture_model
-      @authorization_adapter.try(:authorize, params[:action], model)
-    end
-end
--- a/config/initializers/ckeditor.rb
+++ b/config/initializers/ckeditor.rb
@@ -5,8 +5,8 @@ Ckeditor.setup do |config|
  # available as additional gems.
  require 'ckeditor/orm/active_record'

+  config.authorize_with :cancan
+
  config.assets_languages = Rails.application.config.i18n.available_locales.map{|l| l.to_s.downcase}
  config.assets_plugins = %w[copyformatting tableselection scayt wsc]
 end
-
-Ckeditor::PicturesController.send(:load_and_authorize_resource)
--- a/db/migrate/20180813141443_create_ckeditor_assets.rb
+++ b/db/migrate/20180813141443_create_ckeditor_assets.rb
@@ -10,8 +10,6 @@ class CreateCkeditorAssets < ActiveRecord::Migration
      t.integer :width
      t.integer :height

-      t.integer :user_id
-
      t.timestamps null: false
    end

--- a/db/schema.rb
+++ b/db/schema.rb
@@ -302,7 +302,6 @@ ActiveRecord::Schema.define(version: 20180813141443) do
    t.string   "type",              limit: 30
    t.integer  "width"
    t.integer  "height"
-    t.integer  "user_id"
    t.datetime "created_at",                   null: false
    t.datetime "updated_at",                   null: false
  end