Skip to content

add perm check for delete #242

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
vswamidass-sfdc wants to merge 1 commit into
base: main
Choose a base branch
from
Open

add perm check for delete #242

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions app/controllers/base_chats_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,8 @@ def create

# DELETE /chats/1 or /chats/1.json
def destroy
authorize @chat

@chat.destroy!

respond_to do |format|
Expand Down
30 changes: 30 additions & 0 deletions app/policies/chat_policy.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
# frozen_string_literal: true

class ChatPolicy < ApplicationPolicy
attr_reader :user, :chat

def initialize(user, chat)
@user = user
@chat = chat
end

def create?
true # Users can create chats
end

def show?
true # Users can view chats (may need to restrict this later)
end

def update?
user.admin? || chat.user_id == user.id
end

def edit?
update?
end

def destroy?
user.admin? || chat.user_id == user.id
end
end
16 changes: 9 additions & 7 deletions app/views/chats/show.html.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,13 +8,15 @@
<%= link_to (@chat.first_message ? @chat.first_message.truncate(100) : "Chat"), @chat %>
</h1>
</div>
<div>
<%= button_to @chat, method: :delete, data: { confirm: 'Are you sure?' }, class: 'text-red-500 hover:text-red-800 flex items-center' do %>
<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class="w-6 h-6">
<path stroke-linecap="round" stroke-linejoin="round" d="m14.74 9-.346 9m-4.788 0L9.26 9m9.968-3.21c.342.052.682.107 1.022.166m-1.022-.165L18.16 19.673a2.25 2.25 0 0 1-2.244 2.077H8.084a2.25 2.25 0 0 1-2.244-2.077L4.772 5.79m14.456 0a48.108 48.108 0 0 0-3.478-.397m-12 .562c.34-.059.68-.114 1.022-.165m0 0a48.11 48.11 0 0 1 3.478-.397m7.5 0v-.916c0-1.18-.91-2.164-2.09-2.201a51.964 51.964 0 0 0-3.32 0c-1.18.037-2.09 1.022-2.09 2.201v.916m7.5 0a48.667 48.667 0 0 0-7.5 0" />
</svg>
<% end %>
</div>
<% if policy(@chat).destroy? %>
<div>
<%= button_to @chat, method: :delete, data: { turbo_confirm: 'Are you sure you want to delete this chat? This action cannot be undone.' }, class: 'text-red-500 hover:text-red-800 flex items-center' do %>
<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class="w-6 h-6">
<path stroke-linecap="round" stroke-linejoin="round" d="m14.74 9-.346 9m-4.788 0L9.26 9m9.968-3.21c.342.052.682.107 1.022.166m-1.022-.165L18.16 19.673a2.25 2.25 0 0 1-2.244 2.077H8.084a2.25 2.25 0 0 1-2.244-2.077L4.772 5.79m14.456 0a48.108 48.108 0 0 0-3.478-.397m-12 .562c.34-.059.68-.114 1.022-.165m0 0a48.11 48.11 0 0 1 3.478-.397m7.5 0v-.916c0-1.18-.91-2.164-2.09-2.201a51.964 51.964 0 0 0-3.32 0c-1.18.037-2.09 1.022-2.09 2.201v.916m7.5 0a48.667 48.667 0 0 0-7.5 0" />
</svg>
<% end %>
</div>
<% end %>
</div>
<% if @chat.webhook %>
<div class="mt-2 bg-green-500 text-white p-2 text-xs rounded inline-block max-w-max">
Expand Down