Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

add auth check

  • Loading branch information...
commit 51e49857f5d3c54367dd6a45477624549160af31 1 parent 2502354
@halida authored
View
1  app/controllers/challenges_controller.rb
@@ -1,4 +1,5 @@
class ChallengesController < ApplicationController
+ load_and_authorize_resource
def index
@challenges = Challenge.order('id desc')
View
5 app/controllers/problems_controller.rb
@@ -1,5 +1,6 @@
class ProblemsController < ApplicationController
before_filter :get_challenge
+ before_filter :auth, only: [:new, :edit, :create, :update]
def index
@problems = @challenge.problems.order('id asc')
@@ -80,4 +81,8 @@ def get_challenge
def postparams
params[:problem]
end
+
+ def auth
+ authorize! :manage, @challenge
+ end
end
View
40 app/controllers/solutions_controller.rb
@@ -1,27 +1,5 @@
class SolutionsController < ApplicationController
-
- def tester_get
- @solution = Solution.tester_get
- return render json: {} unless @solution
-
- problem = @solution.problem
- data = {
- code: @solution.code,
- language: @solution.language,
- input: problem.input,
- output: problem.output,
- solution_token: @solution.token,
- time_limit: 3,
- memory_limit: 2000,
- }
- render json: data
- end
-
- def tester_set
- @solution = Solution.find_by_token(params[:solution_token])
- @solution.update_attributes(status: params[:status], result: params[:result])
- render json: {result: 'OK'}
- end
+ before_filter :auth, only: [:new, :create]
def all
@all = true
@@ -65,10 +43,6 @@ def new
end
end
- def edit
- @solution = Solution.find(params[:id])
- end
-
def create
@problem = Problem.find params[:solution][:problem_id]
@solution = @problem.solutions.by_user(current_user).new(params[:solution].slice(:code, :language))
@@ -85,13 +59,9 @@ def create
end
end
- def destroy
- @solution = Solution.find(params[:id])
- @solution.destroy
-
- respond_to do |format|
- format.html { redirect_to solutions_url }
- format.json { head :no_content }
- end
+ private
+ def auth
+ authorize! :create, Solution
end
+
end
View
46 app/lib/ability.rb
@@ -0,0 +1,46 @@
+class Ability
+ include CanCan::Ability
+
+ def initialize(user)
+ can :read, :all
+
+ return unless user
+
+ if user.admin?
+ can :manage, :all
+ return
+ end
+
+ can :create, Challenge
+ can :manage, Challenge, user_id: user.id
+
+ can :create, Solution
+
+ # Define abilities for the passed in user here. For example:
+ #
+ # user ||= User.new # guest user (not logged in)
+ # if user.admin?
+ # can :manage, :all
+ # else
+ # can :read, :all
+ # end
+ #
+ # The first argument to `can` is the action you are giving the user
+ # permission to do.
+ # If you pass :manage it will apply to every action. Other common actions
+ # here are :read, :create, :update and :destroy.
+ #
+ # The second argument is the resource the user can perform the action on.
+ # If you pass :all it will apply to every resource. Otherwise pass a Ruby
+ # class of the resource.
+ #
+ # The third argument is an optional hash of conditions to further filter the
+ # objects.
+ # For example, here the user can only update published articles.
+ #
+ # can :update, Article, :published => true
+ #
+ # See the wiki for details:
+ # https://github.com/ryanb/cancan/wiki/Defining-Abilities
+ end
+end
View
4 app/views/challenges/index.html.haml
@@ -15,7 +15,7 @@
%td= link_to challenge.name, challenge
%td= challenge.user.email
%td= challenge.level
- - if challenge.user == current_user
+ - if can? :manage, challenge
%td= link_to 'Edit', edit_challenge_path(challenge)
%td= link_to 'Destroy', challenge, :method => :delete, :data => { :confirm => 'Are you sure?' }
- else
@@ -24,4 +24,4 @@
%br
-= link_to 'New Challenge', new_challenge_path if user_signed_in?
+= link_to 'New Challenge', new_challenge_path if can? :create, Challenge
View
2  app/views/challenges/show.html.haml
@@ -1,4 +1,4 @@
-- admin = (@challenge.user == current_user)
+- admin = can? :manage, Challenge
%h1= @challenge.name
View
4 app/views/problems/show.html.haml
@@ -1,4 +1,4 @@
-- admin = (user_signed_in? and @problem.user_id == current_user.id)
+- admin = can? :manage, @challenge
%h1= @problem.name
@@ -21,7 +21,7 @@
\|
= link_to 'Back', challenge_path(@challenge)
-- if user_signed_in?
+- if can? :create, Solution
%h3 Solutions
%p= link_to 'New Solution', new_solution_path(problem_id: @problem.id)
Please sign in to comment.
Something went wrong with that request. Please try again.