Skip to content

Commit

Permalink
[webui] apply require_login for most patchinfo editor routes
Browse files Browse the repository at this point in the history
  • Loading branch information
@adrianschroeter
adrianschroeter committed Jan 30, 2014
1 parent 29cf604 commit c28452f
Showing 1 changed file with 4 additions and 8 deletions.
12 changes: 4 additions & 8 deletions src/api/app/controllers/webui/patchinfo_controller.rb
View file
@@ -1,9 +1,10 @@
class Webui::PatchinfoController < Webui::WebuiController
include Webui::WebuiHelper
include Webui::PackageHelper
before_filter :require_all
before_filter :require_project
before_filter :get_binaries, :except => [:show, :delete]
before_filter :require_exists, :except => [:new_patchinfo]
before_filter :require_login, :except => [:show]

def new_patchinfo
unless User.current.can_create_package_in? @project.api_obj
Expand Down Expand Up @@ -39,8 +40,6 @@ def updatepatchinfo
end

def edit_patchinfo
require_login

read_patchinfo
@tracker = 'bnc'
@binaries.each do |bin|
Expand Down Expand Up @@ -230,9 +229,6 @@ def save
@block_reason = params[:block_reason]
render :action => 'edit_patchinfo', :project => @project, :package => @package
end
rescue ActiveXML::Transport::UnauthorizedError
flash[:error] = 'Unauthorized Access'
redirect_to :action => 'show', :project => @project.name, :package => @package.name
rescue ActiveXML::Transport::ForbiddenError
flash[:error] = 'No permission to edit the patchinfo-file.'
redirect_to :action => 'show', :project => @project.name, :package => @package.name
Expand Down Expand Up @@ -359,9 +355,9 @@ def get_binaries
@binarylist.delete('updateinfo.xml')
end

def require_all
def require_project
required_parameters :project
Rails.logger.debug "require_all #{params[:project]}"
Rails.logger.debug "require_project #{params[:project]}"
@project = WebuiProject.find( params[:project] )
unless @project
flash[:error] = "Project not found: #{params[:project]}"
Expand Down

0 comments on commit c28452f

Please sign in to comment.