diff --git a/app/controllers/default/units_controller.rb b/app/controllers/default/units_controller.rb index 112ccd8..e2255e9 100644 --- a/app/controllers/default/units_controller.rb +++ b/app/controllers/default/units_controller.rb @@ -1,11 +1,30 @@ class Default::UnitsController < ApplicationController navigation_tab :units + before_action :find_unit, only: [:import, :export, :destroy] + before_action except: :index do - raise AccessForbidden unless current_user.at_least(:admin) + case action_name.to_sym + when :import, :import_all + raise AccessForbidden unless current_user.at_least(:active) + else + raise AccessForbidden unless current_user.at_least(:admin) + end end def index @units = current_user.units.defaults_diff end + + def import + end + + def import_all + end + + def export + end + + def destroy + end end diff --git a/app/controllers/units_controller.rb b/app/controllers/units_controller.rb index 800bfe8..2231f04 100644 --- a/app/controllers/units_controller.rb +++ b/app/controllers/units_controller.rb @@ -1,5 +1,5 @@ class UnitsController < ApplicationController - before_action only: [:new] do + before_action only: :new do find_unit if params[:id].present? end before_action :find_unit, only: [:edit, :update, :rebase, :destroy] diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 29f4cbb..0472ccf 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -2,11 +2,14 @@ class UsersController < ApplicationController helper_method :allow_disguise? before_action :find_user, only: [:show, :update, :disguise] - before_action except: :revert do - raise AccessForbidden unless current_user.at_least(:admin) - end - before_action only: :revert do - raise AccessForbidden unless current_user_disguised? + + before_action do + case action_name.to_sym + when :revert + raise AccessForbidden unless current_user_disguised? + else + raise AccessForbidden unless current_user.at_least(:admin) + end end def index