From 30e738a2fe2aca50b7ca921aff3fd036a4cb9b29 Mon Sep 17 00:00:00 2001 From: kikito Date: Mon, 10 Aug 2015 14:59:42 +0200 Subject: [PATCH] Add cancan authorization in all main urls --- app/controllers/admin/base_controller.rb | 1 + app/controllers/application_controller.rb | 3 +++ app/controllers/moderation/base_controller.rb | 1 + app/models/ability.rb | 2 +- 4 files changed, 6 insertions(+), 1 deletion(-) diff --git a/app/controllers/admin/base_controller.rb b/app/controllers/admin/base_controller.rb index 4f54aa4b1..d8cbcd6fa 100644 --- a/app/controllers/admin/base_controller.rb +++ b/app/controllers/admin/base_controller.rb @@ -1,5 +1,6 @@ class Admin::BaseController < ApplicationController + skip_authorization_check before_filter :verify_administrator private diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index f896ee1a6..ad69fd511 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,6 +1,9 @@ require "application_responder" class ApplicationController < ActionController::Base + + check_authorization unless: :devise_controller? + self.responder = ApplicationResponder respond_to :html diff --git a/app/controllers/moderation/base_controller.rb b/app/controllers/moderation/base_controller.rb index c8f703225..d2391abd7 100644 --- a/app/controllers/moderation/base_controller.rb +++ b/app/controllers/moderation/base_controller.rb @@ -1,5 +1,6 @@ class Moderation::BaseController < ApplicationController + skip_authorization_check before_filter :verify_moderator private diff --git a/app/models/ability.rb b/app/models/ability.rb index 74c79f472..736e15da2 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -7,7 +7,7 @@ class Ability if user # logged-in users can [:read, :create, :vote], Debate - can :edit, Debate do |debate| + can :update, Debate do |debate| debate.editable_by?(user) end