Mailinglist Archive: yast-commit (1914 mails)

< Previous Next >
[yast-commit] <rest-service> network : Moved permission checks to before_filter.
  • From: Martin Vidner <mvidner@xxxxxxx>
  • Date: Fri, 4 Sep 2009 17:45:26 +0200
  • Message-id: <E1Mjb11-000086-Sc@xxxxxxxxxxxxxxxx>
ref: refs/heads/network
commit 2865da4da6b0291ddc615e848b4a9e60829d4771
Author: Martin Vidner <mvidner@xxxxxxx>
Date: Fri Sep 4 17:26:35 2009 +0200

Moved permission checks to before_filter.
---
.../app/controllers/network/routes_controller.rb | 29 ++++++++++---------
1 files changed, 15 insertions(+), 14 deletions(-)

diff --git a/plugins/network/app/controllers/network/routes_controller.rb
b/plugins/network/app/controllers/network/routes_controller.rb
index d1740d1..327c6be 100644
--- a/plugins/network/app/controllers/network/routes_controller.rb
+++ b/plugins/network/app/controllers/network/routes_controller.rb
@@ -4,13 +4,23 @@
class Network::RoutesController < ApplicationController

before_filter :login_required
+ before_filter :read_check, :only => [:index, :show]
+ before_filter :write_check, :only => [:create, :update]

- # Sets hostname settings. Requires write permissions for network YaPI.
- def update
+ def read_check
+ unless permission_check( "org.opensuse.yast.modules.yapi.network.read")
+ render ErrorResult.error( 403, 1, "no permission" )
+ end
+ end
+
+ def write_check
unless permission_check( "org.opensuse.yast.modules.yapi.network.write")
- render ErrorResult.error(403, 1, "no permission") and return
+ render ErrorResult.error(403, 1, "no permission")
end
-
+ end
+
+ # Sets route settings. Requires write permissions for network YaPI.
+ def update
root = params[:routes]
if root == nil
render ErrorResult.error(404, 2, "format or internal error") and return
@@ -26,13 +36,8 @@ class Network::RoutesController < ApplicationController
update
end

- # Shows hostname settings. Requires read permission for network YaPI.
+ # Shows route settings. Requires read permission for network YaPI.
def show
-
- unless permission_check( "org.opensuse.yast.modules.yapi.network.read")
- render ErrorResult.error( 403, 1, "no permission" ) and return
- end
-
@route = Route.find(params[:id])

respond_to do |format|
@@ -43,10 +48,6 @@ class Network::RoutesController < ApplicationController
end

def index
- unless permission_check( "org.opensuse.yast.modules.yapi.network.read")
- render ErrorResult.error( 403, 1, "no permission" ) and return
- end
-
routes_a = Route.find(:all).values
respond_to do |format|
format.html { render :xml => routes_a.to_xml( :root => "routes",
:dasherize => false ) }
--
To unsubscribe, e-mail: yast-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: yast-commit+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages