Lock down the controllers

This commit is contained in:
Martin Lensment 2014-12-19 13:45:17 +02:00
parent 3045c08b3e
commit 3b1e632ab7
36 changed files with 166 additions and 97 deletions

View file

@ -1,4 +1,5 @@
class Admin::ContactsController < AdminController
load_and_authorize_resource
before_action :set_contact, only: [:show]
def index

View file

@ -0,0 +1,5 @@
class Admin::DashboardsController < AdminController
authorize_resource class: false
def show; end
end

View file

@ -1,4 +1,6 @@
class Admin::DelayedJobsController < AdminController
authorize_resource class: false
def index
@jobs = Delayed::Job.all
end

View file

@ -1,4 +1,6 @@
class Admin::DomainVersionsController < AdminController
load_and_authorize_resource
def index
@q = DomainVersion.deleted.search(params[:q])
@domains = @q.result.page(params[:page])

View file

@ -1,4 +1,5 @@
class Admin::DomainsController < AdminController
load_and_authorize_resource
before_action :set_domain, only: [:show, :edit, :update, :zonefile]
def index

View file

@ -1,4 +1,5 @@
class Admin::EppUsersController < AdminController
load_and_authorize_resource
before_action :set_epp_user, only: [:show, :edit, :update, :destroy]
def index

View file

@ -1,4 +1,5 @@
class Admin::RegistrarsController < AdminController
load_and_authorize_resource
before_action :set_registrar, only: [:show, :edit, :update, :destroy]
def search
render json: Registrar.search_by_query(params[:q])

View file

@ -1,4 +1,5 @@
class Admin::SettingsController < AdminController
load_and_authorize_resource
before_action :set_setting_group, only: [:show, :update]
def index

View file

@ -1,4 +1,5 @@
class Admin::UsersController < AdminController
load_and_authorize_resource
before_action :set_user, only: [:show, :edit, :update, :destroy]
def index
@ -54,6 +55,6 @@ class Admin::UsersController < AdminController
def user_params
params.require(:user).permit(:username, :password, :identity_code, :email,
:admin, :country_id)
:role_id, :country_id)
end
end

View file

@ -1,4 +1,5 @@
class Admin::ZonefileSettingsController < ApplicationController
load_and_authorize_resource
before_action :set_zonefile_setting, only: [:update, :edit]
def index
@zonefile_settings = ZonefileSetting.all

View file

@ -1,8 +1,7 @@
class Admin::ZonefilesController < ApplicationController
authorize_resource class: false
# TODO: Refactor this
# rubocop:disable Metrics/MethodLength
def index
end
def create
if ZonefileSetting.pluck(:origin).include?(params[:origin])