diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 95fd6e7..748289c 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,54 +1,62 @@ class ApplicationController < ActionController::Base # Prevent CSRF attacks by raising an exception. # For APIs, you may want to use :null_session instead. protect_from_forgery with: :exception attr_writer :breadcrumb helper_method :admin? def admin? return false if params.key?('user') return false if current_user.nil? @admin_count ||= begin current_user .groups .where(name: WebDNS.settings[:admin_group]).count end @admin_count != 0 end def admin_only! return if admin? redirect_to root_path, alert: 'Admin only area!' end private def group - @group ||= group_scope.find(params[:group_id] || params[:id]) + @group ||= edit_group_scope.find(params[:group_id] || params[:id]) end def domain - @domain ||= domain_scope.find(params[:domain_id] || params[:id]) + @domain ||= edit_domain_scope.find(params[:domain_id] || params[:id]) end def record @record ||= record_scope.find(params[:record_id] || params[:id]) end - def group_scope - @group_scope ||= admin? ? Group.all : current_user.groups + def show_group_scope + @show_group_scope ||= current_user.groups end - def domain_scope - @domain_scope ||= admin? ? Domain.all : Domain.where(group: group_scope) + def edit_group_scope + @edit_group_scope ||= admin? ? Group.all : show_group_scope + end + + def show_domain_scope + @show_domain_scope ||= Domain.where(group: show_group_scope) + end + + def edit_domain_scope + @edit_domain_scope ||= admin? ? Domain.all : Domain.where(group: show_group_scope) end def record_scope @record_scope ||= domain.records end end diff --git a/app/controllers/domains_controller.rb b/app/controllers/domains_controller.rb index 6eaeeaf..160b07b 100644 --- a/app/controllers/domains_controller.rb +++ b/app/controllers/domains_controller.rb @@ -1,67 +1,67 @@ class DomainsController < ApplicationController before_action :authenticate_user! - before_action :group_scope - before_action :domain, only: [:show, :edit, :update, :destroy] before_action :group, only: [:show, :edit, :update, :destroy] + helper_method :edit_group_scope + # GET /domains def index - @domains = domain_scope.all + @domains = show_domain_scope.all end # GET /domains/1 def show @record = Record.new(domain_id: @domain.id) end # GET /domains/new def new @domain = Domain.new end # GET /domains/1/edit def edit end # POST /domains def create @domain = Domain.new(domain_params) if @domain.save redirect_to @domain, notice: "#{@domain.name} was successfully created." else render :new end end # PATCH/PUT /domains/1 def update if @domain.update(domain_params) redirect_to @domain, notice: "#{@domain.name} was successfully updated." else render :edit end end # DELETE /domains/1 def destroy @domain.destroy redirect_to domains_url, notice: "#{@domain.name} was successfully destroyed." end private def group domain.group end def domain_params params.require(:domain).tap { |d| - # Make sure group id is permitted (belongs to group_scope) - d[:group_id] = group_scope.find_by_id(d[:group_id]).try(:id) + # Make sure group id is permitted (belongs to edit_group_scope) + d[:group_id] = edit_group_scope.find_by_id(d[:group_id]).try(:id) }.permit(:name, :type, :master, :group_id) end end diff --git a/app/views/domains/_form.html.erb b/app/views/domains/_form.html.erb index 914c298..3e1962d 100644 --- a/app/views/domains/_form.html.erb +++ b/app/views/domains/_form.html.erb @@ -1,7 +1,7 @@ <%= bootstrap_form_for(@domain, layout: :horizontal, label_col: 'col-sm-2', control_col: 'col-sm-4') do |f| %> <%= f.text_field :name %> - <%= f.collection_select :group_id, @group_scope, :id, :name %> + <%= f.collection_select :group_id, edit_group_scope, :id, :name %> <%= f.select :type, Domain.domain_types %> <%= f.text_field :master, wrapper_class: 'hidden' %> <%= f.submit 'Save', class: 'btn btn-primary col-sm-offset-2' %> <% end %>