X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/5e407dfb34f47e6fbbbf3c11c1a8318256abb5cd..c41be2e8b23cffa21cda96f2f724a1c7f3cdf4de:/app/controllers/issues_controller.rb?ds=sidebyside diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb index ad38454f0..124b29eff 100644 --- a/app/controllers/issues_controller.rb +++ b/app/controllers/issues_controller.rb @@ -3,19 +3,22 @@ class IssuesController < ApplicationController before_action :authorize_web before_action :set_locale - before_action :require_user - before_action :check_permission + before_action :check_database_readable + + authorize_resource + before_action :find_issue, :only => [:show, :resolve, :reopen, :ignore] + before_action :check_database_writable, :only => [:resolve, :ignore, :reopen] def index @title = t ".title" @issue_types = [] - @issue_types.concat %w[Note] if current_user.moderator? - @issue_types.concat %w[DiaryEntry DiaryComment User] if current_user.administrator? + @issue_types.push("Note") if current_user.moderator? + @issue_types.push("DiaryEntry", "DiaryComment", "User") if current_user.administrator? @users = User.joins(:roles).where(:user_roles => { :role => current_user.roles.map(&:role) }).distinct - @issues = Issue.visible_to(current_user) + @issues = Issue.visible_to(current_user).order(:updated_at => :desc) # If search if params[:search_by_user]&.present? @@ -46,9 +49,10 @@ class IssuesController < ApplicationController @new_comment = IssueComment.new(:issue => @issue) end - # Status Transistions + # Status Transitions def resolve if @issue.resolve + @issue.updated_by = current_user.id @issue.save! redirect_to @issue, :notice => t(".resolved") else @@ -79,13 +83,8 @@ class IssuesController < ApplicationController private def find_issue - @issue = Issue.find(params[:id]) - end - - def check_permission - unless current_user.administrator? || current_user.moderator? - flash[:error] = t("application.require_moderator_or_admin.not_a_moderator_or_admin") - redirect_to root_path - end + @issue = Issue.visible_to(current_user).find(params[:id]) + rescue ActiveRecord::RecordNotFound + redirect_to :controller => "errors", :action => "not_found" end end