Limit access to archived conferences

This commit is contained in:
Petko Bordjukov 2024-10-01 14:59:48 +03:00
parent 89dd1890fd
commit 71e8ab74da
5 changed files with 2009 additions and 1 deletions

View File

@ -8,7 +8,11 @@ module Management
private private
def authorize_user! def authorize_user!
head :forbidden unless current_user.admin? if params[:conference_id] && params[:conference_id].to_i < Conference.last.id
head :forbidden unless current_user.admin? && current_user.owner?
else
head :forbidden unless current_user.admin?
end
end end
end end
end end

View File

@ -0,0 +1,5 @@
class AddOwnerFieldToUsers < ActiveRecord::Migration[7.1]
def change
add_column :users, :owner, :boolean, null: false, default: false
end
end

View File

@ -11,4 +11,5 @@ User.create(
password_confirmation: "123qweASD", password_confirmation: "123qweASD",
confirmed_at: Time.current, confirmed_at: Time.current,
admin: true admin: true
owner: true
) )

1997
db/structure.sql Normal file

File diff suppressed because it is too large Load Diff

View File

@ -11,6 +11,7 @@ FactoryBot.define do
factory :administrator do factory :administrator do
admin { true } admin { true }
owner { true }
end end
end end
end end