consul/nairobi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Simplify CKEditor authorization

Browse Source 
We can use the `config.authorize_with` option, so we don't need to copy
the controller in order to load and authorize resource.

Besides, only administrators can upload images, so we don't need to
track the image's user id.
This commit is contained in:
Javi Martín
2018-09-07 14:03:01 +02:00
parent 7347874f4b
commit 43e83889ff
5 changed files with 2 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/controllers/application_controller.rb
View File

@@ -27,16 +27,8 @@ class ApplicationController < ActionController::Base
respond_to :html respond_to :html
helper_method :current_budget helper_method :current_budget
before_action :set_user_for_ckeditor_pictures
private private
def set_user_for_ckeditor_pictures
if request.path == '/ckeditor/pictures' && request.request_method == 'POST'
params['user_id'] = current_user.id
end
end
def authenticate_http_basic def authenticate_http_basic
authenticate_or_request_with_http_basic do |username, password| authenticate_or_request_with_http_basic do |username, password|
username == Rails.application.secrets.http_basic_username && password == Rails.application.secrets.http_basic_password username == Rails.application.secrets.http_basic_username && password == Rails.application.secrets.http_basic_password

38
app/controllers/ckeditor/pictures_controller.rb
View File

@@ -1,38 +0,0 @@
class Ckeditor::PicturesController < Ckeditor::ApplicationController
load_and_authorize_resource
def index
@pictures = Ckeditor.picture_adapter.find_all(ckeditor_pictures_scope)
@pictures = Ckeditor::Paginatable.new(@pictures).page(params[:page])
respond_to do |format|
format.html { render :layout => @pictures.first_page? }
end
end
def create
@picture = Ckeditor.picture_model.new(user_id: current_user.id)
respond_with_asset(@picture)
end
def destroy
@picture.destroy
respond_to do |format|
format.html { redirect_to pictures_path }
format.json { render :nothing => true, :status => 204 }
end
end
protected
def find_asset
@picture = Ckeditor.picture_adapter.get!(params[:id])
end
def authorize_resource
model = @picture || Ckeditor.picture_model
@authorization_adapter.try(:authorize, params[:action], model)
end
end

4
config/initializers/ckeditor.rb
View File

@@ -5,8 +5,8 @@ Ckeditor.setup do |config|
# available as additional gems. # available as additional gems.
require 'ckeditor/orm/active_record' require 'ckeditor/orm/active_record'
config.authorize_with :cancan
config.assets_languages = Rails.application.config.i18n.available_locales.map{|l| l.to_s.downcase} config.assets_languages = Rails.application.config.i18n.available_locales.map{|l| l.to_s.downcase}
config.assets_plugins = %w[copyformatting tableselection scayt wsc] config.assets_plugins = %w[copyformatting tableselection scayt wsc]
end end
Ckeditor::PicturesController.send(:load_and_authorize_resource)

2
db/migrate/20180813141443_create_ckeditor_assets.rb
View File

@@ -10,8 +10,6 @@ class CreateCkeditorAssets < ActiveRecord::Migration
t.integer :width t.integer :width
t.integer :height t.integer :height
t.integer :user_id
t.timestamps null: false t.timestamps null: false
end end

1
db/schema.rb
View File

@@ -302,7 +302,6 @@ ActiveRecord::Schema.define(version: 20180813141443) do
t.string "type", limit: 30 t.string "type", limit: 30
t.integer "width" t.integer "width"
t.integer "height" t.integer "height"
t.integer "user_id"
t.datetime "created_at", null: false t.datetime "created_at", null: false
t.datetime "updated_at", null: false t.datetime "updated_at", null: false
end end