Lock down the controllers

This commit is contained in:
Martin Lensment 2014-12-19 13:45:17 +02:00
parent 3045c08b3e
commit 3b1e632ab7
36 changed files with 166 additions and 97 deletions

View file

@ -26,21 +26,22 @@
%li= link_to t('shared.domains'), admin_domains_path
%li= link_to t('shared.contacts'), admin_contacts_path
%li= link_to t('shared.registrars'), admin_registrars_path
%li.dropdown
%a.dropdown-toggle{"data-toggle" => "dropdown", href: "#"}
= t('shared.settings')
%span.caret
%ul.dropdown-menu{role: "menu"}
%li.dropdown-header= t('shared.system')
%li= link_to t('shared.settings'), admin_settings_path
%li= link_to t('zonefile'), admin_zonefile_settings_path
%li= link_to t(:domains_history), admin_domain_versions_path
%li= link_to t(:background_jobs), admin_delayed_jobs_path
- if can?(:access, :settings_menu)
%li.dropdown
%a.dropdown-toggle{"data-toggle" => "dropdown", href: "#"}
= t('shared.settings')
%span.caret
%ul.dropdown-menu{role: "menu"}
%li.dropdown-header= t('shared.system')
%li= link_to t('shared.settings'), admin_settings_path
%li= link_to t('zonefile'), admin_zonefile_settings_path
%li= link_to t(:domains_history), admin_domain_versions_path
%li= link_to t(:background_jobs), admin_delayed_jobs_path
%li.divider
%li.dropdown-header= t('shared.users')
%li= link_to t(:admin_users), admin_users_path
%li= link_to t(:epp_users), admin_epp_users_path
%li.divider
%li.dropdown-header= t('shared.users')
%li= link_to t(:admin_users), admin_users_path
%li= link_to t(:epp_users), admin_epp_users_path
%ul.nav.navbar-nav.navbar-right
%li= link_to t('shared.log_out', user: current_user), '/logout'

View file

@ -21,9 +21,8 @@
%h2.form-signin-heading.text-center Eesti Interneti SA
%hr
/ TODO: Refactor this when ID card login is done
- if can? :create, :admin_session
= button_to 'ID card (user1)', 'sessions',
class: 'btn btn-lg btn-primary btn-block', name: 'user1'
= button_to 'ID card (user2)', 'sessions',
class: 'btn btn-lg btn-primary btn-block', name: 'user2'
= button_to 'ID card (user1)', 'sessions',
class: 'btn btn-lg btn-primary btn-block', name: 'user1'
= button_to 'ID card (user2)', 'sessions',
class: 'btn btn-lg btn-primary btn-block', name: 'user2'