Limit access to archived conferences

2024-10-01 14:59:48 +03:00 · 2024-10-01 14:59:48 +03:00 · 71e8ab74da
commit 71e8ab74da
parent 89dd1890fd
5 changed files with 2009 additions and 1 deletions
--- a/app/controllers/management/management_controller.rb
+++ b/app/controllers/management/management_controller.rb
@ -8,7 +8,11 @@ module Management
    private

    def authorize_user!
-      head :forbidden unless current_user.admin?
+      if params[:conference_id] && params[:conference_id].to_i < Conference.last.id
+        head :forbidden unless current_user.admin? && current_user.owner?
+      else
+        head :forbidden unless current_user.admin?
+      end
    end
  end
 end
--- a/db/migrate/20241001115434_add_owner_field_to_users.rb
+++ b/db/migrate/20241001115434_add_owner_field_to_users.rb
@ -0,0 +1,5 @@
+class AddOwnerFieldToUsers < ActiveRecord::Migration[7.1]
+  def change
+    add_column :users, :owner, :boolean, null: false, default: false
+  end
+end
--- a/db/seeds.rb
+++ b/db/seeds.rb
@ -11,4 +11,5 @@ User.create(
  password_confirmation: "123qweASD",
  confirmed_at: Time.current,
  admin: true
+  owner: true
 )
--- a/db/structure.sql
+++ b/db/structure.sql
--- a/spec/factories/users.rb
+++ b/spec/factories/users.rb
@ -11,6 +11,7 @@ FactoryBot.define do

    factory :administrator do
      admin { true }
+      owner { true }
    end
  end
 end