mirror of
https://github.com/internetee/registry.git
synced 2025-07-24 19:48:28 +02:00
Lock down the controllers
This commit is contained in:
parent
3045c08b3e
commit
3b1e632ab7
36 changed files with 166 additions and 97 deletions
|
@ -1,4 +1,5 @@
|
|||
class Admin::ContactsController < AdminController
|
||||
load_and_authorize_resource
|
||||
before_action :set_contact, only: [:show]
|
||||
|
||||
def index
|
||||
|
|
5
app/controllers/admin/dashboards_controller.rb
Normal file
5
app/controllers/admin/dashboards_controller.rb
Normal file
|
@ -0,0 +1,5 @@
|
|||
class Admin::DashboardsController < AdminController
|
||||
authorize_resource class: false
|
||||
|
||||
def show; end
|
||||
end
|
|
@ -1,4 +1,6 @@
|
|||
class Admin::DelayedJobsController < AdminController
|
||||
authorize_resource class: false
|
||||
|
||||
def index
|
||||
@jobs = Delayed::Job.all
|
||||
end
|
||||
|
|
|
@ -1,4 +1,6 @@
|
|||
class Admin::DomainVersionsController < AdminController
|
||||
load_and_authorize_resource
|
||||
|
||||
def index
|
||||
@q = DomainVersion.deleted.search(params[:q])
|
||||
@domains = @q.result.page(params[:page])
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
class Admin::DomainsController < AdminController
|
||||
load_and_authorize_resource
|
||||
before_action :set_domain, only: [:show, :edit, :update, :zonefile]
|
||||
|
||||
def index
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
class Admin::EppUsersController < AdminController
|
||||
load_and_authorize_resource
|
||||
before_action :set_epp_user, only: [:show, :edit, :update, :destroy]
|
||||
|
||||
def index
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
class Admin::RegistrarsController < AdminController
|
||||
load_and_authorize_resource
|
||||
before_action :set_registrar, only: [:show, :edit, :update, :destroy]
|
||||
def search
|
||||
render json: Registrar.search_by_query(params[:q])
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
class Admin::SettingsController < AdminController
|
||||
load_and_authorize_resource
|
||||
before_action :set_setting_group, only: [:show, :update]
|
||||
|
||||
def index
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
class Admin::UsersController < AdminController
|
||||
load_and_authorize_resource
|
||||
before_action :set_user, only: [:show, :edit, :update, :destroy]
|
||||
|
||||
def index
|
||||
|
@ -54,6 +55,6 @@ class Admin::UsersController < AdminController
|
|||
|
||||
def user_params
|
||||
params.require(:user).permit(:username, :password, :identity_code, :email,
|
||||
:admin, :country_id)
|
||||
:role_id, :country_id)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
class Admin::ZonefileSettingsController < ApplicationController
|
||||
load_and_authorize_resource
|
||||
before_action :set_zonefile_setting, only: [:update, :edit]
|
||||
def index
|
||||
@zonefile_settings = ZonefileSetting.all
|
||||
|
|
|
@ -1,8 +1,7 @@
|
|||
class Admin::ZonefilesController < ApplicationController
|
||||
authorize_resource class: false
|
||||
# TODO: Refactor this
|
||||
# rubocop:disable Metrics/MethodLength
|
||||
def index
|
||||
end
|
||||
|
||||
def create
|
||||
if ZonefileSetting.pluck(:origin).include?(params[:origin])
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue