From: Jan Provaznik <[email protected]>
image builder actions are now accessbile only for Administrators (temporary
solution until we will have image permissions)
---
src/app/controllers/image_descriptor_controller.rb | 13 ++++++++++++-
1 files changed, 12 insertions(+), 1 deletions(-)
diff --git a/src/app/controllers/image_descriptor_controller.rb
b/src/app/controllers/image_descriptor_controller.rb
index 532c092..d2e37d8 100644
--- a/src/app/controllers/image_descriptor_controller.rb
+++ b/src/app/controllers/image_descriptor_controller.rb
@@ -1,6 +1,6 @@
class ImageDescriptorController < ApplicationController
layout :layout
- before_filter :require_user
+ before_filter :require_user, :require_admin
def layout
return "aggregator" unless ajax?
@@ -105,4 +105,15 @@ class ImageDescriptorController < ApplicationController
end
end
end
+
+ private
+
+ # FIXME - this is temporary solution, replace with
+ # concrete permission checks in actions
+ def require_admin
+ unless @current_user.permissions.collect { |p| p.role }.find { |r| r.name
== "Administrator" }
+ raise PermissionError.new(
+ 'You have insufficient privileges to perform action.')
+ end
+ end
end
--
1.7.0.1
_______________________________________________
deltacloud-devel mailing list
[email protected]
https://fedorahosted.org/mailman/listinfo/deltacloud-devel
