refactor: access controller move to filter.

2013-11-12 15:13:48 +08:00 · 2013-11-12 15:13:48 +08:00 · 0ddd259fea
parent 76db8bd5a6
commit 0ddd259fea
2 changed files with 30 additions and 6 deletions
--- a/app/controllers/repositories_controller.rb
+++ b/app/controllers/repositories_controller.rb
@ -35,6 +35,8 @@ class RepositoriesController < ApplicationController
  before_filter :find_changeset, :only => [:revision, :add_related_issue, :remove_related_issue]
  before_filter :authorize , :except => [:newrepo,:newcreate,:fork]
  accept_rss_auth :revisions
+  # hidden repositories filter // 隐藏代码过滤器
+  before_filter :check_hidden_repo, :only => [:show, :stats, :revisions, :revision ]
  

  rescue_from Redmine::Scm::Adapters::CommandFailed, :with => :show_error_command_failed
@ -208,12 +210,13 @@ class RepositoriesController < ApplicationController
  end

  def show
-    if !User.current.member_of?(@project)
-      if @project.hidden_repo
-        render_403 
-        return -1
-      end
-    end
+    ## TODO: the below will move to filter, done.
+    # if !User.current.member_of?(@project)
+    #   if @project.hidden_repo
+    #     render_403 
+    #     return -1
+    #   end
+    # end
    #if( !User.current.member_of?(@project) || @project.hidden_repo)
    @repository.fetch_changesets if Setting.autofetch_changesets? && @path.empty?

@ -458,6 +461,10 @@ class RepositoriesController < ApplicationController
    render_error :message => l(:error_scm_not_found), :status => 404
  end

+  def show_error_forbidden
+    render_error :status => 403
+  end
+
  # Handler for Redmine::Scm::Adapters::CommandFailed exception
  def show_error_command_failed(exception)
    render_error l(:error_scm_command_failed, exception.message)
@ -546,4 +553,12 @@ class RepositoriesController < ApplicationController
    )
    graph.burn
  end
+  def check_hidden_repo
+    project = Project.find_by_id(params[:id])
+    if !User.current.member_of?(project)
+      if project.hidden_repo
+        render_403
+      end
+    end
+  end
 end
--- a/app/models/repository.rb
+++ b/app/models/repository.rb
@ -435,4 +435,13 @@ class Repository < ActiveRecord::Base

  def clear_extra_info_of_changesets
  end
+
+  def check_hidden_repo?
+    if !User.current.member_of?(project)
+      if project.hidden_repo
+        return false
+      end
+    end
+    true   
+  end
 end