1d1d1fb3fc
In the routes, when a location is given, check that is either available for all projects, or that it is tied to the current project. This adds: * Location.for_project: Filters to only locations not tied to projects, and those tied to the given project. * Location:visible_or_for_project: Filters to only visible locations not tied to projects, and those tied to the given project. * Location#visible_or_for_project?: Checks whether the location is either visible and not tied to a project, or is tied to the given project.
12 lines
389 B
Ruby
12 lines
389 B
Ruby
# frozen_string_literal: true
|
|
|
|
class Clover
|
|
hash_branch(:project_prefix, "location") do |r|
|
|
r.on String do |location_display_name|
|
|
# Do not allow access to locations tied to other projects
|
|
handle_invalid_location unless (@location = Location.for_project(@project.id)[display_name: location_display_name])
|
|
r.hash_branches(:project_location_prefix)
|
|
end
|
|
end
|
|
end
|