ahuston-0/hydra
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Clean up the authorization code a bit

Browse Source
This commit is contained in:
Eelco Dolstra
2013-10-14 18:01:04 +02:00
parent 86e9abeb15
commit 09b5679ee7
3 changed files with 30 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/lib/Hydra/Controller/Project.pm
View File

@ -114,10 +114,8 @@ sub edit : Chained('projectChain') PathPart Args(0) {
sub requireMayCreateProjects {
my ($c) = @_;
requireLogin($c) if !$c->user_exists;
error($c, "Only administrators or authorised users can perform this operation.")
requireUser($c);
accessDenied($c, "Only administrators or authorised users can perform this operation.")
unless $c->check_user_roles('admin') || $c->check_user_roles('create-projects');
}

6
src/lib/Hydra/Controller/User.pm
View File

@ -150,7 +150,7 @@ sub currentUser :Path('/current-user') :ActionClass('REST') { }
sub currentUser_GET {
my ($self, $c) = @_;
requireLogin($c) if !$c->user_exists;
requireUser($c);
$self->status_ok(
$c,
@ -166,9 +166,9 @@ sub currentUser_GET {
sub user :Chained('/') PathPart('user') CaptureArgs(1) {
my ($self, $c, $userName) = @_;
requireLogin($c) if !$c->user_exists;
requireUser($c);
error($c, "You do not have permission to edit other users.")
accessDenied($c, "You do not have permission to edit other users.")
if $userName ne $c->user->username && !isAdmin($c);
$c->stash->{user} = $c->model('DB::Users')->find($userName)