Restrict access to conference controller actions

rails-girls-summer-of-code / rgsoc-teams

Teams management and activity

https://teams.railsgirlssummerofcode.org

MIT License

68 stars 140 forks source link

Restrict access to conference controller actions #840

Open klappradla opened 7 years ago

klappradla commented 7 years ago

As mentioned in #829, restrict the access to the conferences#new (and related create etc.) actions to those users who have the ability to do this. Use cancancan to ensure this on the controller level.

klappradla commented 7 years ago

Hey @juuh42dias & @branquinhoaa, I think we totally forgot this one (it was a follow up for PR #829 ) - can you please check if this is still valid and then take care of it? It should only be a tiny task :v:

branquinhoaa commented 7 years ago

Ok @klappradla. We will take care of this.

juuh42dias commented 7 years ago

@klappradla current ability:

can :crud, Conference if user.admin? || user.current_student?

That's right?

klappradla commented 7 years ago

Yep, as far as I remember you changed it to this yourself @juuh42dias ✌️

juuh42dias commented 7 years ago

@klappradla "...changed it to this yourself" '-' Sorry, I don't understand

klappradla commented 7 years ago

😹 no worries. Just wanted to confirm: yes, that's the current ability and it should be right.

juuh42dias commented 7 years ago

:+1: