Skip to content

Commit

Permalink
Merge pull request #134 from gate-sso/issue-#133
Browse files Browse the repository at this point in the history 
Issue #133 - Fixing authorization issues on user and group page
  • Loading branch information
@giosakti
giosakti authored Dec 20, 2018
2 parents 730fe53 + 85520f7 commit c7192dd
Show file tree
Hide file tree
Showing 4 changed files with 61 additions and 45 deletions.
4 changes: 2 additions & 2 deletions app/controllers/groups_controller.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ def add_machine
end

def add_admin
if current_user.admin? or @group.admin?(current_user)
if current_user.admin?
GroupAdmin.find_or_create_by(group_id: @group.id, user_id: params[:user_id])
end

Expand All @@ -109,7 +109,7 @@ def add_admin
end

def remove_admin
if current_user.admin? or @group.admin?(current_user)
if current_user.admin?
GroupAdmin.delete(params[:group_admin_id])
end

Expand Down
26 changes: 17 additions & 9 deletions app/controllers/users_controller.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,15 +92,23 @@ def search
# GET /users/:id/regenerate_token
def regenerate_token
@user = User.find(params[:id])
@access_token = @user.access_token
@access_token.token = ROTP::Base32.random_base32
respond_to do |format|
if @access_token.save
format.html { redirect_to user_path(@user.id), notice: 'Token regenerated.', flash: {token: @access_token.token} }
format.json { render :show, status: :ok, location: @user }
else
format.html { redirect_to user_path(@user.id), notice: 'Token failed to regenerate.' }
format.json { render json: @user.errors, status: :unprocessable_entity }

if (current_user.admin? or (current_user.id == @user.id))
@access_token = @user.access_token
@access_token.token = ROTP::Base32.random_base32
respond_to do |format|
if @access_token.save
format.html { redirect_to user_path(@user.id), notice: 'Token regenerated.', flash: {token: @access_token.token} }
format.json { render :show, status: :ok, location: @user }
else
format.html { redirect_to user_path(@user.id), notice: 'Token failed to regenerate.' }
format.json { render json: @user.errors, status: :unprocessable_entity }
end
end
else
respond_to do |format|
format.html { redirect_to user_path(@user.id), notice: 'You cannot regenerate this token.' }
format.json { render json: @user.errors, status: :unauthorized }
end
end
end
Expand Down
27 changes: 14 additions & 13 deletions app/views/groups/show.html.slim
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,18 +19,19 @@
.col
= "#{admin.user.try(:name)}"
.col
- if (current_user.admin? or @group.admin?(current_user) ) and current_user.id != admin.user.try(:id)
= link_to "Remove?", [@group, admin], method: :delete, data: {confirm: "Are you sure to remove #{admin.user.try(:name)} ?"}
.row
.col
= text_field_tag "user_id", "", id: "assign_admin_user_id", class: "form-control"
.col
= submit_tag "Assign admin", class: "form-control btn btn-md btn-primary", disabled: true
.row
.col
= check_box_tag "assign_admin_include_inactive_user", "true", false
= " Include Inactive User"
.col
- if (current_user.admin?)
= link_to "Remove?", [@group, admin], method: :delete, data: {confirm: "Are you sure to remove #{admin.user.try(:name)} ?"}
- if (current_user.admin?)
.row
.col
= text_field_tag "user_id", "", id: "assign_admin_user_id", class: "form-control"
.col
= submit_tag "Assign admin", class: "form-control btn btn-md btn-primary", disabled: true
.row
.col
= check_box_tag "assign_admin_include_inactive_user", "true", false
= " Include Inactive User"
.col
a name="group_members"
br
.card
Expand Down Expand Up @@ -59,7 +60,7 @@
br
= "*This group does not have any group members" if @group.users.count == 0
br
- if current_user.admin? || current_user.group_admin?
- if current_user.admin or @group.admin?(current_user)
= form_tag add_user_to_group_path, method: :post do
.row
.col
Expand Down
49 changes: 28 additions & 21 deletions app/views/users/show.html.slim
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,18 +16,19 @@
span.input-group-text @
input#email.form-control placeholder="[email protected]" readonly="" type="email" value="#{@user.email}"

form.needs-validation novalidate=""
.form-row.mb-3
.col
b Your Access Token
.col
- if flash[:token]
.alert.alert-warning role="alert"
| Important! please make note of this token, you will see it only this once.
pre
= flash[:token]
- else
= link_to 'Regenerate Token', regenerate_token_user_path(@user), :data => {:confirm => 'Are you sure?'}
- if (current_user.admin? or (current_user.id == @user.id))
form.needs-validation novalidate=""
.form-row.mb-3
.col
b Your Access Token
.col
- if flash[:token]
.alert.alert-warning role="alert"
| Important! please make note of this token, you will see it only this once.
pre
= flash[:token]
- else
= link_to 'Regenerate Token', regenerate_token_user_path(@user), :data => {:confirm => 'Are you sure?'}

- if current_user.admin?
.card
Expand Down Expand Up @@ -73,15 +74,21 @@
br
.card
.card-body
h6.card-title Public Key
= form_tag user_public_key_update_path, method: :post do
.row
.col
= text_area_tag "public_key", @user.public_key, class: "form-contol text-align-top", style: "height:200px;width:100%;", placeholder: "Your public key here..."
br
.row
.col-md-3
= submit_tag "Update key", class: "form-control btn-md btn-primary"
- if (current_user.admin? or (current_user.id == @user.id))
h6.card-title Public Key
= form_tag user_public_key_update_path, method: :post do
.row
.col
= text_area_tag "public_key", @user.public_key, class: "form-contol text-align-top", style: "height:200px;width:100%;", placeholder: "Your public key here..."
br
.row
.col-md-3
= submit_tag "Update key", class: "form-control btn-md btn-primary"
- else
h6.card-title Public Key
.row
.col
= @user.public_key

br
.card
Expand Down

0 comments on commit c7192dd

Please sign in to comment.