diff options
Diffstat (limited to 'app/controllers/application.rb')
| -rw-r--r-- | app/controllers/application.rb | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/app/controllers/application.rb b/app/controllers/application.rb index 9123cfc07..fcf83c92a 100644 --- a/app/controllers/application.rb +++ b/app/controllers/application.rb @@ -114,10 +114,15 @@ class ApplicationController < ActionController::Base end # Authorize the user for the requested action - def authorize(ctrl = params[:controller], action = params[:action]) - allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project) + def authorize(ctrl = params[:controller], action = params[:action], global = false) + allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project, :global => global) allowed ? true : deny_access end + + # Authorize the user for the requested action outside a project + def authorize_global(ctrl = params[:controller], action = params[:action], global = true) + authorize(ctrl, action, global) + end # make sure that the user is a member of the project (or admin) if project is private # used as a before_filter for actions that do not require any particular permission on the project |