Permalink
Browse files

Cleaned up view and controller authorization

  • Loading branch information...
1 parent 7691dc3 commit b768385ea1a35fa98058b2b137dea4f2aac24df1 @stffn committed Feb 13, 2009
@@ -1,48 +1,26 @@
class ConferenceAttendeesController < ApplicationController
+ before_filter :load_conference
+ before_filter :new_conference_attendee_from_params, :only => :create
# See ConferenceController for comments on the most common use of
# filter_access_to
- filter_access_to :all
- filter_access_to :destroy, :attribute_check => true
-
- def index
- @conference = Conference.find(params[:conference_id])
- @attendees = @conference.attendees
-
- respond_to do |format|
- format.html # index.html.erb
- format.xml { render :xml => @attendees }
- end
- end
-
- # In the case of create, declarative_authorization cannot load an
- # object from the params hash by default. The object is needed to
- # check the authorization rules defined in the configuration.
- # Instead, an new Attendee object is created with the known parameters
- # and checked for in a block given to filter_access_to.
- filter_access_to :create do
- @conference = Conference.find(params[:conference_id])
- @attendee = ConferenceAttendee.new(:conference => @conference,
- :user => current_user)
- permitted_to!(:create, @attendee)
- end
+ filter_access_to :all, :attribute_check => true
+
def create
respond_to do |format|
- if @attendee.save
+ if @conference_attendee.save
flash[:notice] = 'Successfully registered with conference.'
format.html { redirect_to(conferences_url) }
- format.xml { render :xml => @attendee, :status => :created, :location => @conference }
+ format.xml { render :xml => @conference_attendee, :status => :created, :location => @conference }
else
flash[:error] = 'Error registering with conference.'
format.html { redirect_to(conferences_url) }
- format.xml { render :xml => @attendee.errors, :status => :unprocessable_entity }
+ format.xml { render :xml => @conference_attendee.errors, :status => :unprocessable_entity }
end
end
end
def destroy
- @attendee = ConferenceAttendee.find(params[:id])
- @attendee.destroy
- @conference = Conference.find(params[:conference_id])
+ @conference_attendee.destroy
flash[:notice] = 'Successfully unregistered from conference.'
respond_to do |format|
@@ -51,4 +29,12 @@ def destroy
end
end
+ protected
+ def load_conference
+ @conference = Conference.find(params[:conference_id])
+ end
+
+ def new_conference_attendee_from_params
+ @conference_attendee = @conference.conference_attendees.new(:user => current_user)
+ end
end
@@ -1,12 +1,15 @@
class ConferencesController < ApplicationController
+ # Before filter to provide the objects for the actions where no params[:id]
+ # is available. See TalksController for a case where this makes sense even
+ # for the index action.
+ before_filter :load_conference, :only => [:show, :edit, :update, :destroy]
+ before_filter :new_conference, :only => :new
+ before_filter :new_conference_from_params, :only => :create
# Installs a before_filter to check accesses on all actions for the user's
- # authorization.
- filter_access_to :all
- # Overrides the default checks by explicitly using attribute checks
- # against the parameters. This causes the declarative_authorization
- # plugin to load a Conference object from params[:id] into
- # the @conference instance variable.
- filter_access_to :show, :edit, :update, :destroy, :attribute_check => true
+ # authorization. :attribute_check causes the object in @conference to
+ # be checked against the conditions in the authorization rules.
+ filter_access_to :all, :attribute_check => true
+ filter_access_to :index, :attribute_check => false
# GET /conferences
# GET /conferences.xml
@@ -22,7 +25,7 @@ def index
# GET /conferences/1
# GET /conferences/1.xml
def show
- @conference = Conference.find(params[:id])
+ # @conference is loaded in before_filter
respond_to do |format|
format.html # show.html.erb
@@ -33,7 +36,7 @@ def show
# GET /conferences/new
# GET /conferences/new.xml
def new
- @conference = Conference.new
+ # @conference is created in before_filter
respond_to do |format|
format.html # new.html.erb
@@ -43,13 +46,13 @@ def new
# GET /conferences/1/edit
def edit
- @conference = Conference.find(params[:id])
+ # @conference is loaded in before_filter
end
# POST /conferences
# POST /conferences.xml
def create
- @conference = Conference.new(params[:conference])
+ # @conference is created in before_filter
respond_to do |format|
if @conference.save
@@ -66,7 +69,7 @@ def create
# PUT /conferences/1
# PUT /conferences/1.xml
def update
- @conference = Conference.find(params[:id])
+ # @conference is loaded in before_filter
respond_to do |format|
if @conference.update_attributes(params[:conference])
@@ -83,7 +86,7 @@ def update
# DELETE /conferences/1
# DELETE /conferences/1.xml
def destroy
- @conference = Conference.find(params[:id])
+ # @conference is loaded in before_filter
@conference.destroy
respond_to do |format|
@@ -101,4 +104,17 @@ def self.breadcrumbs (conference)
(conference && !conference.new_record? ?
[[conference.title, conference]] : [])
end
+
+ protected
+ def load_conference
+ @conference = Conference.find(params[:id])
+ end
+
+ def new_conference
+ @conference = Conference.new
+ end
+
+ def new_conference_from_params
+ @conference = Conference.new(params[:conference])
+ end
end
@@ -1,45 +1,26 @@
class TalkAttendeesController < ApplicationController
+ before_filter :load_talk
+ before_filter :new_talk_attendee_from_params, :only => :create
# See ConferenceController for comments on the most common use of
# filter_access_to
- filter_access_to :all
- filter_access_to :destroy, :attribute_check => true
-
- def index
- @talk = Talk.find(params[:talk_id])
- @attendees = @talk.attendees
-
- respond_to do |format|
- format.html # index.html.erb
- format.xml { render :xml => @attendees }
- end
- end
+ filter_access_to :all, :attribute_check => true
- # See ConferenceAttendeesController for comments on the use of
- # filter_access_to with custom permission checks.
- filter_access_to :create do
- @talk = Talk.find(params[:talk_id])
- @attendee = TalkAttendee.new(:talk => @talk,
- :user => current_user)
- permitted_to!(:create, @attendee)
- end
def create
respond_to do |format|
- if @attendee.save
+ if @talk_attendee.save
flash[:notice] = 'Successfully signed up to talk.'
format.html { redirect_to(@talk.conference) }
- format.xml { render :xml => @attendee, :status => :created, :location => @talk }
+ format.xml { render :xml => @talk_attendee, :status => :created, :location => @talk }
else
flash[:error] = 'Error signing up to talk.'
format.html { redirect_to(@talk.conference) }
- format.xml { render :xml => @attendee.errors, :status => :unprocessable_entity }
+ format.xml { render :xml => @talk_attendee.errors, :status => :unprocessable_entity }
end
end
end
def destroy
- @attendee = TalkAttendee.find(params[:id])
- @attendee.destroy
- @talk = Talk.find(params[:talk_id])
+ @talk_attendee.destroy
flash[:notice] = 'Successfully unregistered from talk.'
respond_to do |format|
@@ -48,4 +29,12 @@ def destroy
end
end
+ protected
+ def load_talk
+ @talk = Talk.find(params[:talk_id])
+ end
+
+ def new_talk_attendee_from_params
+ @talk_attendee = @talk.talk_attendees.new(:user => current_user)
+ end
end
@@ -1,13 +1,15 @@
class TalksController < ApplicationController
+ before_filter :load_conference
+ before_filter :load_talk, :only => [:show, :edit, :update, :destroy]
+ before_filter :new_talk, :only => [:new, :index]
+ before_filter :new_talk_from_params, :only => :create
# See ConferenceController for comments on the most common use of
# filter_access_to
- filter_access_to :all
- filter_access_to :show, :update, :destroy, :attribute_check => true
+ filter_access_to :all, :attribute_check => true
# GET /talks
# GET /talks.xml
def index
- @conference = Conference.find(params[:conference_id])
@talks = @conference.talks
respond_to do |format|
@@ -19,8 +21,6 @@ def index
# GET /talks/1
# GET /talks/1.xml
def show
- @talk = Talk.find(params[:id])
-
respond_to do |format|
format.html # show.html.erb
format.xml { render :xml => @talk }
@@ -30,8 +30,6 @@ def show
# GET /talks/new
# GET /talks/new.xml
def new
- @talk = Talk.new(:conference => Conference.find(params[:conference_id]))
-
respond_to do |format|
format.html # new.html.erb
format.xml { render :xml => @talk }
@@ -40,15 +38,11 @@ def new
# GET /talks/1/edit
def edit
- @talk = Talk.find(params[:id])
end
# POST /talks
# POST /talks.xml
def create
- @talk = Talk.new(params[:talk])
- @talk.conference_id = params[:conference_id]
-
respond_to do |format|
if @talk.save
flash[:notice] = 'Talk was successfully created.'
@@ -64,8 +58,6 @@ def create
# PUT /talks/1
# PUT /talks/1.xml
def update
- @talk = Talk.find(params[:id])
-
respond_to do |format|
if @talk.update_attributes(params[:talk])
flash[:notice] = 'Talk was successfully updated.'
@@ -81,8 +73,6 @@ def update
# DELETE /talks/1
# DELETE /talks/1.xml
def destroy
- @talk = Talk.find(params[:id])
- @conference = Conference.find(params[:conference_id])
@talk.destroy
respond_to do |format|
@@ -100,4 +90,21 @@ def self.breadcrumbs (conference, talk)
(talk && !talk.new_record? ?
[[talk.title, [conference, talk]]] : [])
end
+
+ protected
+ def load_conference
+ @conference = Conference.find(params[:conference_id])
+ end
+
+ def load_talk
+ @talk = Talk.find(params[:id])
+ end
+
+ def new_talk
+ @talk = @conference.talks.new
+ end
+
+ def new_talk_from_params
+ @talk = @conference.talks.new(params[:talk])
+ end
end
@@ -1,2 +0,0 @@
-<h1>ConferenceAttendees#index</h1>
-<p>Find me in app/views/conference_attendees/index.html.erb</p>
@@ -16,8 +16,7 @@
<% if conference.is_attended_by?(current_user) and
permitted_to? :delete, conference.attendence_of(current_user) %>
<%= link_to 'Unregister', [conference, conference.attendence_of(current_user)], :method => :delete %>
- <% elsif permitted_to? :create,
- ConferenceAttendee.new(:user => current_user, :conference => conference) %>
+ <% elsif permitted_to? :create, conference.conference_attendees.new(:user => current_user) %>
<% form_for([conference, ConferenceAttendee.new]) do |f| %>
<%= f.submit "Register" %>
<% end %>
@@ -6,5 +6,5 @@ At <b><%=h @conference.location %></b>
<br />
-<%= link_to 'New talk', new_conference_talk_path(@conference) if permitted_to? :create, Talk.new(:conference => @conference) %>
+<%= link_to 'New talk', new_conference_talk_path(@conference) if permitted_to? :create, @conference.talks %>
<%= link_to 'Edit conference', edit_conference_path(@conference) if permitted_to? :edit, @conference %>
@@ -13,7 +13,7 @@
<% if logged_in? %>
<% if talk.is_attended_by?(current_user) %>
<%= link_to 'Unattend talk', [talk.conference, talk, talk.attendence_of(current_user)], :method => :delete %>
- <% elsif permitted_to? :create, TalkAttendee.new(:talk => talk, :user => current_user) %>
+ <% elsif permitted_to? :create, talk.talk_attendees.new(:user => current_user) %>
<% form_for([talk.conference, talk, TalkAttendee.new]) do |f| %>
<%= f.submit "Attend" %>
<% end %>
@@ -4,4 +4,5 @@
<br />
-<%= link_to 'New talk', new_conference_talk_path(@conference) %>
+<%= link_to 'New talk', new_conference_talk_path(@conference) \
+ if permitted_to? :create, @conference.talks %>

0 comments on commit b768385

Please sign in to comment.