Diff
Modified: trunk/app/controllers/experiments_controller.rb (3543 => 3544)
--- trunk/app/controllers/experiments_controller.rb 2013-05-14 15:00:35 UTC (rev 3543)
+++ trunk/app/controllers/experiments_controller.rb 2013-05-15 13:38:49 UTC (rev 3544)
@@ -93,7 +93,7 @@
if params[:assign_to_group]
network = Network.find(params[:assign_to_group_id])
- if network and network.member?(current_user.id)
+ if network and network.member?(current_user)
@experiment.contributor = network
else
flash[:error] = "Experiment could not be created because could not assign ownership to Group."
Modified: trunk/app/controllers/group_announcements_controller.rb (3543 => 3544)
--- trunk/app/controllers/group_announcements_controller.rb 2013-05-14 15:00:35 UTC (rev 3543)
+++ trunk/app/controllers/group_announcements_controller.rb 2013-05-15 13:38:49 UTC (rev 3544)
@@ -114,7 +114,7 @@
def check_admin
- unless @group.administrator?(current_user.id)
+ unless @group.administrator?(current_user)
render_401("Only group administrators are allowed to create new announcements.")
end
end
@@ -140,12 +140,12 @@
case action_name.to_s.downcase
when "show"
# if the announcement is private, show it only to group members
- unless @announcement.public || (logged_in? && @group.member?(current_user.id))
+ unless @announcement.public || (logged_in? && @group.member?(current_user))
render_401("You are not authorized to view this group announcement.")
end
when "edit","update","destroy"
# only owner of the group can destroy the announcement
- unless logged_in? && ((@announcement.user == current_user) || (@group.owner?(current_user.id)))
+ unless logged_in? && ((@announcement.user == current_user) || (@group.owner?(current_user)))
render_401("You are not authorized to #{action_name.to_s.downcase} this group announcement.")
end
end
Modified: trunk/app/controllers/group_policies_controller.rb (3543 => 3544)
--- trunk/app/controllers/group_policies_controller.rb 2013-05-14 15:00:35 UTC (rev 3543)
+++ trunk/app/controllers/group_policies_controller.rb 2013-05-15 13:38:49 UTC (rev 3544)
@@ -103,7 +103,7 @@
def check_admin
- unless @group.administrator?(current_user.id)
+ unless @group.administrator?(current_user)
render_401("Only group administrators are allowed to manage policies.")
end
end
Modified: trunk/app/controllers/memberships_controller.rb (3543 => 3544)
--- trunk/app/controllers/memberships_controller.rb 2013-05-14 15:00:35 UTC (rev 3543)
+++ trunk/app/controllers/memberships_controller.rb 2013-05-15 13:38:49 UTC (rev 3544)
@@ -147,8 +147,14 @@
def create
# TODO: test if "user_established_at" and "network_established_at" can be hacked (ie: set) through API calls,
# thereby creating memberships that are already 'accepted' at creation.
- if (@membership = Membership.new(params[:membership]) unless Membership.find_by_user_id_and_network_id(params[:membership][:user_id], params[:membership][:network_id]) or Network.find(params[:membership][:network_id]).owner? params[:membership][:user_id])
-
+ user = User.find_by_id(params[:membership][:user_id])
+ if user.nil?
+ render_404("User not found.")
+ elsif !Membership.find_by_user_id_and_network_id(params[:membership][:user_id], params[:membership][:network_id]) ||
+ Network.find(params[:membership][:network_id]).owner?(user)
+
+ @membership = Membership.new(params[:membership])
+
@membership.user_established_at = nil
@membership.network_established_at = nil
if @membership.message.blank?
@@ -378,14 +384,14 @@
not_auth = true
end
elsif @membership.network_established_at == nil
- unless @membership.network.administrator?(current_user.id) # TODO: CHECK WHY?! && params[:user_id].to_i == @membership.network.owner.id
+ unless @membership.network.administrator?(current_user) # TODO: CHECK WHY?! && params[:user_id].to_i == @membership.network.owner.id
not_auth = true
end
end
when "show", "destroy", "update"
# Only the owner of the network OR the person who the membership is for can view/delete memberships;
# link - just user to whom the membership belongs
- unless (@membership.network.administrator?(current_user.id) ||
+ unless (@membership.network.administrator?(current_user) ||
@membership.user_id == current_user.id) && @membership.user_id == params[:user_id].to_i
not_auth = true
end
Modified: trunk/app/controllers/networks_controller.rb (3543 => 3544)
--- trunk/app/controllers/networks_controller.rb 2013-05-14 15:00:35 UTC (rev 3543)
+++ trunk/app/controllers/networks_controller.rb 2013-05-15 13:38:49 UTC (rev 3544)
@@ -56,7 +56,10 @@
def membership_invite
@membership = Membership.new(:user_id => params[:user_id], :network_id => @network.id, :message => params[:membership][:message], :invited_by => current_user)
- unless address@hidden || Membership.find_by_user_id_and_network_id(params[:user_id], @network.id) || Network.find(@network.id).owner?(params[:user_id])
+ if (user = User.find_by_id(params[:user_id]))
+ render_404("User not found.")
+ elsif !(address@hidden || Membership.find_by_user_id_and_network_id(params[:user_id], @network.id) ||
+ Network.find(@network.id).owner?(user))
@membership.user_established_at = nil
@membership.network_established_at = nil
if @membership.message.blank?
@@ -156,16 +159,16 @@
existing_db_addr_existing_membership_err_list = []
existing_db_addr_successful_membership_invites_list = []
- db_user_addresses.each { |db_addr, usr_id|
+ db_user_addresses.each { |db_addr, user|
if db_addr == current_user.email
own_address_err += db_addr
- elsif Network.find(params[:id]).member?(usr_id) || User.find(usr_id).membership_pending?(params[:id]) # email doesn't belong to current user
+ elsif Network.find(params[:id]).member?(user) || User.find(usr_id).membership_pending?(params[:id]) # email doesn't belong to current user
# the invited user is already a member of that group
existing_db_addr_existing_membership_err_list << db_addr
else
# need to create internal membership invite, as one not yet exists
existing_db_addr_successful_membership_invites_list << db_addr
- req = Membership.new(:user_id => usr_id, :network_id => params[:id], :user_established_at => nil, :network_established_at => Time.now, :message => params[:invitations][:msg_text])
+ req = Membership.new(:user_id => user.id, :network_id => params[:id], :user_established_at => nil, :network_established_at => Time.now, :message => params[:invitations][:msg_text])
req.save
end
}
@@ -459,7 +462,7 @@
end
def find_network_auth_admin
- unless @network.administrator?(current_user.id)
+ unless @network.administrator?(current_user)
render_401("You must be a group administrator to perform this action.")
end
end
Modified: trunk/app/controllers/policies_controller.rb (3543 => 3544)
--- trunk/app/controllers/policies_controller.rb 2013-05-14 15:00:35 UTC (rev 3543)
+++ trunk/app/controllers/policies_controller.rb 2013-05-15 13:38:49 UTC (rev 3544)
@@ -9,7 +9,7 @@
@policy = Policy.find(params[:id])
unless current_user == @policy.contributor ||
- @policy.contributor_type == 'Network' && @policy.contributor.administrator?(current_user.id)
+ @policy.contributor_type == 'Network' && @policy.contributor.administrator?(current_user)
render :code => 401
end
end
Modified: trunk/app/controllers/runners_controller.rb (3543 => 3544)
--- trunk/app/controllers/runners_controller.rb 2013-05-14 15:00:35 UTC (rev 3543)
+++ trunk/app/controllers/runners_controller.rb 2013-05-15 13:38:49 UTC (rev 3544)
@@ -105,7 +105,7 @@
if params[:assign_to_group]
network = Network.find(params[:assign_to_group_id])
- if network and network.member?(current_user.id)
+ if network and network.member?(current_user)
@runner.contributor = network
else
flash[:error] = "Experiment could not be created because could not assign ownership to Group."
Modified: trunk/app/controllers/users_controller.rb (3543 => 3544)
--- trunk/app/controllers/users_controller.rb 2013-05-14 15:00:35 UTC (rev 3543)
+++ trunk/app/controllers/users_controller.rb 2013-05-15 13:38:49 UTC (rev 3544)
@@ -491,7 +491,7 @@
existing_db_addr_successful_friendship_requests_list = []
is_friendship_request = (!params[:invitations][:as_friendship].nil? && params[:invitations][:as_friendship] == "true" ? true : false)
- db_user_addresses.each { |db_addr, usr_id|
+ db_user_addresses.each { |db_addr, user|
if db_addr == current_user.email
own_address_err += db_addr
elsif !is_friendship_request
@@ -499,12 +499,12 @@
existing_db_addr_plain_invite_err_list << db_addr
else
# email doesn't belong to current user & it's a friendship request
- if current_user.friend?(usr_id) || current_user.friendship_pending?(usr_id)
+ if current_user.friend?(user.id) || current_user.friendship_pending?(user.id)
existing_db_addr_existing_friendship_err_list << db_addr
else
# need to create internal friendship request, as one not yet exists
existing_db_addr_successful_friendship_requests_list << db_addr
- req = Friendship.new(:user_id => current_user.id, :friend_id => usr_id, :accepted_at => nil, :message => params[:invitations][:msg_text])
+ req = Friendship.new(:user_id => current_user.id, :friend_id => user.id, :accepted_at => nil, :message => params[:invitations][:msg_text])
req.save
end
end
Modified: trunk/app/helpers/activities_helper.rb (3543 => 3544)
--- trunk/app/helpers/activities_helper.rb 2013-05-14 15:00:35 UTC (rev 3543)
+++ trunk/app/helpers/activities_helper.rb 2013-05-15 13:38:49 UTC (rev 3544)
@@ -121,7 +121,7 @@
if activity.objekt.kind_of?(GroupAnnouncement) && !activity.objekt.public
next unless logged_in?
- next unless activity.objekt.network.member?(current_user.id)
+ next unless activity.objekt.network.member?(current_user)
end
if results.length > 0 && !opts[:no_combine] && combine_activities?(activity, results.last.first)
Modified: trunk/app/helpers/application_helper.rb (3543 => 3544)
--- trunk/app/helpers/application_helper.rb 2013-05-14 15:00:35 UTC (rev 3543)
+++ trunk/app/helpers/application_helper.rb 2013-05-15 13:38:49 UTC (rev 3544)
@@ -964,7 +964,7 @@
if membership.user_established_at == nil
return membership.user_id == current_user.id
elsif membership.network_established_at == nil
- return membership.network.administrator?(current_user.id)
+ return membership.network.administrator?(current_user)
end
else
return false
Modified: trunk/app/models/group_announcement.rb (3543 => 3544)
--- trunk/app/models/group_announcement.rb 2013-05-14 15:00:35 UTC (rev 3543)
+++ trunk/app/models/group_announcement.rb 2013-05-15 13:38:49 UTC (rev 3544)
@@ -7,16 +7,5 @@
validates_presence_of :network_id
format_attribute :body
-
- before_save :check_admin # this is done in addition to check in the controller
-
- def check_admin
- if !self.user_id.blank? and self.network.member?(self.user_id)
- return true
- else
- errors.add_to_base("Only group administrators are allowed to create new announcements!")
- return false
- end
- end
-
+
end
Modified: trunk/app/models/invitation.rb (3543 => 3544)
--- trunk/app/models/invitation.rb 2013-05-14 15:00:35 UTC (rev 3543)
+++ trunk/app/models/invitation.rb 2013-05-15 13:38:49 UTC (rev 3544)
@@ -42,7 +42,7 @@
# check if it is also present in the DB as registered address of some user -
# if so, it needs to be treated differentrly
if( u = User.find(:first, :conditions => ["email = ? OR unconfirmed_email = ?", email_addr, email_addr]) )
- db_user_addresses[email_addr] = u.id
+ db_user_addresses[email_addr] = u
else
validated_addr_cnt += 1
valid_addresses << email_addr
Modified: trunk/app/models/network.rb (3543 => 3544)
--- trunk/app/models/network.rb 2013-05-14 15:00:35 UTC (rev 3543)
+++ trunk/app/models/network.rb 2013-05-15 13:38:49 UTC (rev 3544)
@@ -70,8 +70,8 @@
alias_method :contributor, :owner
- def owner?(userid)
- user_id.to_i == userid.to_i
+ def owner?(user)
+ user_id == user.id
end
def owner_name
@@ -99,7 +99,7 @@
:dependent => :destroy
def announcements_for_user(user)
- if user.is_a?(User) && self.member?(user.id)
+ if user.is_a?(User) && self.member?(user)
return self.announcements
else
return self.announcements_public
@@ -107,7 +107,7 @@
end
def announcements_in_public_mode_for_user(user)
- return (!user.is_a?(User) || !self.member?(user.id))
+ return (!user.is_a?(User) || !self.member?(user))
end
# memberships
@@ -152,15 +152,9 @@
return incl_owner ? ( [owner] + explicit_members ) : explicit_members
end
- def member?(userid)
+ def member?(user)
# the owner is automatically a member of the network
- return true if owner? userid
-
- members.each do |m|
- return true if m.id.to_i == userid.to_i
- end
-
- return false
+ owner?(user) || members.include?(user)
end
def administrators(incl_owner=true)
@@ -173,15 +167,9 @@
return incl_owner ? ( [owner] + explicit_administrators ) : explicit_administrators
end
- def administrator?(userid)
+ def administrator?(user)
# the owner is automatically an adminsitrator of the network
- return true if owner? userid
-
- administrators(false).each do |a|
- return true if a.id.to_i == userid.to_i
- end
-
- return false
+ owner?(user) || administrators(false).include?(user)
end
# Finds all the contributions that have been explicitly shared via Permissions
Modified: trunk/app/views/group_announcements/_table.rhtml (3543 => 3544)
--- trunk/app/views/group_announcements/_table.rhtml 2013-05-14 15:00:35 UTC (rev 3543)
+++ trunk/app/views/group_announcements/_table.rhtml 2013-05-15 13:38:49 UTC (rev 3544)
@@ -30,7 +30,7 @@
</td>
<td class="actions" style="width: 80px;">
<%= icon "show", group_announcement_path(group, announcement), nil, nil, "View" %>
- <% if (current_user != 0) && ((announcement.user==current_user) || (group.owner?(current_user.id))) %>
+ <% if (current_user != 0) && ((announcement.user==current_user) || (group.owner?(current_user))) %>
<%= icon('edit', edit_group_announcement_path(group, announcement), nil, nil, 'Edit') %>
<%= icon("destroy", group_announcement_path(group, announcement), "Delete", :confirm => "Are you sure you want to delete this announcement?", :method => :delete) %>
<% end %>
Modified: trunk/app/views/group_announcements/index.rhtml (3543 => 3544)
--- trunk/app/views/group_announcements/index.rhtml 2013-05-14 15:00:35 UTC (rev 3543)
+++ trunk/app/views/group_announcements/index.rhtml 2013-05-15 13:38:49 UTC (rev 3544)
@@ -1,4 +1,4 @@
-<% if (current_user != 0) && @group.owner?(current_user.id) %>
+<% if (current_user != 0) && @group.owner?(current_user) %>
<ul class="sectionIcons">
<li><%= icon('announcement', new_group_announcement_path, nil, nil, 'New Announcement') %></li>
</ul>
Modified: trunk/app/views/group_announcements/show.rhtml (3543 => 3544)
--- trunk/app/views/group_announcements/show.rhtml 2013-05-14 15:00:35 UTC (rev 3543)
+++ trunk/app/views/group_announcements/show.rhtml 2013-05-15 13:38:49 UTC (rev 3544)
@@ -1,6 +1,6 @@
<ul class="sectionIcons">
<li><%= icon('announcement', group_announcements_path(@group), "Return to All Announcements", nil, 'Return to All Announcements') %></li>
- <% if (current_user != 0) && @group.owner?(current_user.id) %>
+ <% if (current_user != 0) && @group.owner?(current_user) %>
<li><%= icon('edit', edit_group_announcement_path(@group, @announcement), nil, nil, 'Edit') %></li>
<li>
<%= icon('destroy', group_announcement_path(@group, @announcement), 'Delete', { :confirm => 'Are you sure you want to delete this announcement?', :method => :delete }, 'Delete') %>
Modified: trunk/app/views/memberships/_table.rhtml (3543 => 3544)
--- trunk/app/views/memberships/_table.rhtml 2013-05-14 15:00:35 UTC (rev 3543)
+++ trunk/app/views/memberships/_table.rhtml 2013-05-15 13:38:49 UTC (rev 3544)
@@ -20,12 +20,12 @@
<% for membership in collection %>
<% allow_approval = allow_membership_pending_approval(membership) %>
<tr class="<%= (odd_row = !odd_row) ? "odd_row" : "even_row" %>">
- <% if user %><td width="100"><%= "<b>" unless membership.accepted? %><%= contributor(membership.user_id, "User", true, 60) %><%= "</b>" unless membership.accepted? %><%= '<div style="text-align: left"><b>Group Admin</b></div>' if membership.network.administrator?(membership.user_id) %></td><% end %>
+ <% if user %><td width="100"><%= "<b>" unless membership.accepted? %><%= contributor(membership.user_id, "User", true, 60) %><%= "</b>" unless membership.accepted? %><%= '<div style="text-align: left"><b>Group Admin</b></div>' if membership.network.administrator?(membership.user) %></td><% end %>
<% if network %><td width="100"><%= "<b>" unless membership.accepted? %><%= contributor(membership.network_id, "Network", true, 60) %><%= "</b>" unless membership.accepted? %></td><% end %>
<td><%= "<b>" unless membership.accepted? %><%=datetime membership.created_at, false %><%= "</b>" unless membership.accepted? %></td>
<td><%= "<b>" unless membership.accepted? %><%=datetime(membership.accepted_at, false) || "Pending" %><%= "</b>" unless membership.accepted? %></td>
<td class="actions">
- <% if my_page? membership.user or (logged_in? and membership.network.administrator?(current_user.id)) %>
+ <% if my_page? membership.user or (logged_in? and membership.network.administrator?(current_user)) %>
<%= icon "show", user_membership_path(membership.user_id, membership), nil, nil, "View" %>
<% if membership.accepted? %>
<%= icon "destroy", user_membership_path(membership.user_id, membership), nil, { :confirm => "Are you sure?", :method => :delete }, "Remove" %>
@@ -38,7 +38,7 @@
<% end %>
<% end %>
<% if membership.accepted? %>
- <% if membership.network.administrator?(membership.user_id) %>
+ <% if membership.network.administrator?(membership.user) %>
<%= icon "remove_group_admin", user_membership_path(membership.user_id, membership)+'?membership[administrator]=0', nil, {:method => :put}, "Remove group admin status" %>
<% if membership.network.owner == current_user %>
<%= icon "transfer_ownership", network_path(membership.network, :network => {:user_id => membership.user_id}),
Modified: trunk/app/views/memberships/show.rhtml (3543 => 3544)
--- trunk/app/views/memberships/show.rhtml 2013-05-14 15:00:35 UTC (rev 3543)
+++ trunk/app/views/memberships/show.rhtml 2013-05-15 13:38:49 UTC (rev 3544)
@@ -21,7 +21,7 @@
<% elsif (@membership.is_invite? && allow_approval) || (address@hidden && !allow_approval) %>
<% #= avatar @membership.network, 80 # will start to work once the group avatars are introduced %>
<% end %>
- <% if (@membership.network.administrator?(@membership.user_id)) -%>
+ <% if (@membership.network.administrator?(@membership.user)) -%>
<div style="text-align: left"><b>Group Admin</b></div>
<% end -%>
</td>
Modified: trunk/app/views/networks/_announcements.rhtml (3543 => 3544)
--- trunk/app/views/networks/_announcements.rhtml 2013-05-14 15:00:35 UTC (rev 3543)
+++ trunk/app/views/networks/_announcements.rhtml 2013-05-15 13:38:49 UTC (rev 3544)
@@ -31,7 +31,7 @@
<p class="none_text">None</p>
<% end %>
<p style="font-size: 77%; text-align: center;">
- <% if (current_user != 0) && group.owner?(current_user.id) %>
+ <% if (current_user != 0) && group.owner?(current_user) %>
[ <%= link_to "New", new_group_announcement_url(group) %> ]
<% end %>
[ <%= link_to "See All", group_announcements_url(group) %> ]
Modified: trunk/app/views/networks/_banner.rhtml (3543 => 3544)
--- trunk/app/views/networks/_banner.rhtml 2013-05-14 15:00:35 UTC (rev 3543)
+++ trunk/app/views/networks/_banner.rhtml 2013-05-15 13:38:49 UTC (rev 3544)
@@ -2,7 +2,7 @@
<div class="network_banner">
<p>
<strong><%= link_to h(network.title), network_path(network.id) %></strong>
- <% if logged_in? and network.owner? current_user.id %>
+ <% if logged_in? and network.owner?(current_user) %>
<%= icon "edit", edit_network_path(network) %>
<%= icon "destroy", network_path(network), nil, :confirm => "Are you sure?", :method => "destroy" %>
<% end %>
Modified: trunk/app/views/networks/_invite.rhtml (3543 => 3544)
--- trunk/app/views/networks/_invite.rhtml 2013-05-14 15:00:35 UTC (rev 3543)
+++ trunk/app/views/networks/_invite.rhtml 2013-05-15 13:38:49 UTC (rev 3544)
@@ -37,7 +37,7 @@
function inviteAndDisable() {
<% networks.each do |n| %>
- <% unless n.member?(user.id) || user.membership_pending?(n.id) %>
+ <% unless n.member?(user) || user.membership_pending?(n.id) %>
if ($("my_network_<%= n.id -%>").checked && !$("my_network_<%= n.id -%>").disabled) {
<%= remote_function(:url ="" membership_invite_network_path(n),
:method => :post,
@@ -64,7 +64,7 @@
<form>
<% networks.each_with_index do |n, index| %>
- <% if n.member?(user.id) %>
+ <% if n.member?(user) %>
<input type="checkbox" id="my_network_<%= n.id -%>" value="<%= n.id -%>" disabled=true CHECKED /> - <span style="color: green"><%= h(n.title) -%></span> (already a member)
<% elsif user.membership_pending?(n.id) %>
<input type="checkbox" id="my_network_<%= n.id -%>" value="<%= n.id -%>" disabled=true CHECKED /> - <span style="color: green"><%= h(n.title) -%></span> (waiting for the user to confirm)
Modified: trunk/app/views/networks/_table.rhtml (3543 => 3544)
--- trunk/app/views/networks/_table.rhtml 2013-05-14 15:00:35 UTC (rev 3543)
+++ trunk/app/views/networks/_table.rhtml 2013-05-15 13:38:49 UTC (rev 3544)
@@ -16,7 +16,7 @@
<% if mine? network -%>
<%= icon "manage", edit_network_path(network) %>
<% elsif logged_in? %> <!-- admins can't leave the group or request membership! -->
- <% if network.member?(current_user.id) %>
+ <% if network.member?(current_user) %>
<!-- user is not an admin, but a member already -->
<% cur_membership = Membership.find(:first, :conditions => ["network_id = ? AND user_id = ?", network.id, current_user.id] ) %>
<% if cur_membership %>
Modified: trunk/app/views/networks/show.rhtml (3543 => 3544)
--- trunk/app/views/networks/show.rhtml 2013-05-14 15:00:35 UTC (rev 3543)
+++ trunk/app/views/networks/show.rhtml 2013-05-15 13:38:49 UTC (rev 3544)
@@ -13,7 +13,7 @@
<% end %>
<% unless mine? @network %>
- <% if @network.member? current_user.id %>
+ <% if @network.member?(current_user) %>
<% cur_membership = Membership.find(:first, :conditions => ["network_id = ? AND user_id = ?", @network.id, current_user.id] ) %>
<% if false %>
<li><%= icon('network-leave', user_membership_path(cur_membership.user_id, cur_membership), nil, { :confirm => "Are you sure want to leave this group?", :method => :delete }, 'Leave Group') %></li>
@@ -23,7 +23,7 @@
<% end %>
<% end %>
- <% if @network.administrator?(current_user.id) %>
+ <% if @network.administrator?(current_user) %>
<li><%= icon('network-invite', invite_network_path(@network), 'Invite People', nil, 'Invite People') -%></li>
<li><%= icon('policy', network_policies_path(@network), 'Group Policies', nil, 'Group Policies') -%></li>
<% end %>
@@ -198,7 +198,7 @@
</div>
</div>
-<% if logged_in? && @network.administrator?(current_user.id) %>
+<% if logged_in? && @network.administrator?(current_user) %>
<% memberships = @network.memberships_accepted %>
<div class="tabContainer">
@@ -252,7 +252,7 @@
<% end %>
-<% if logged_in? and @network.member? current_user.id and address@hidden %>
+<% if logged_in? and @network.member?(current_user) and address@hidden %>
<%= render :partial => "contributions/tabs", :locals => { :collection => @network.contributions } %>
<% end %>
Modified: trunk/lib/authorization.rb (3543 => 3544)
--- trunk/lib/authorization.rb 2013-05-14 15:00:35 UTC (rev 3543)
+++ trunk/lib/authorization.rb 2013-05-15 13:38:49 UTC (rev 3544)
@@ -110,7 +110,7 @@
# You can only comment on a Group if you are a member
if context.kind_of?(Network)
return false if user.nil?
- return false unless context.member?(user.id)
+ return false unless context.member?(user)
end
# Comments can be created by authenticated users that can view the context
@@ -182,7 +182,7 @@
when "User"
return object.contributor_id.to_i == user.id.to_i
when "Network"
- return object.contributor.member?(user.id)
+ return object.contributor.member?(user)
else
return false
end
@@ -198,7 +198,7 @@
if ['edit', 'destroy'].include?(action.downcase)
return object.contributor.owner?(user.id)
else
- return object.contributor.member?(user.id)
+ return object.contributor.member?(user)
end
else
return false
@@ -212,7 +212,7 @@
when "User"
return object.experiment.contributor_id.to_i == user.id.to_i
when "Network"
- return object.experiment.contributor.member?(user.id)
+ return object.experiment.contributor.member?(user)
else
return false
end