QT/sure
1
0
Fork 0
mirror of https://github.com/we-promise/sure.git synced 2026-04-18 19:44:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Providers sharing (#1273)

Browse Source 
* third party provider scoping

* Simplify logic and allow only admins to mange providers

* Broadcast fixes

* FIX tests and build

* Fixes

* Reviews

* Scope merchants

* DRY fixes
This commit is contained in:
soky srm
2026-03-25 17:47:04 +01:00
committed by GitHub
parent 1627cf197b
commit 9410e5b38d
74 changed files with 588 additions and 583 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
app/controllers/trades_controller.rb
View File

@@ -17,13 +17,7 @@ class TradesController < ApplicationController
def create
@account = accessible_accounts.find(params[:account_id])
unless @account.permission_for(Current.user).in?([ :owner, :full_control ])
respond_to do |format|
format.html { redirect_back_or_to account_path(@account), alert: t("accounts.not_authorized") }
format.turbo_stream { stream_redirect_back_or_to(account_path(@account), alert: t("accounts.not_authorized")) }
end
return
end
return unless require_account_permission!(@account)
@model = Trade::CreateForm.new(create_params.merge(account: @account)).create
@@ -46,13 +40,7 @@ class TradesController < ApplicationController
end
def update
unless can_edit_entry?
respond_to do |format|
format.html { redirect_back_or_to account_path(@entry.account), alert: t("accounts.not_authorized") }
format.turbo_stream { stream_redirect_back_or_to(account_path(@entry.account), alert: t("accounts.not_authorized")) }
end
return
end
return unless require_account_permission!(@entry.account)
if @entry.update(update_entry_params)
@entry.lock_saved_attributes!
@@ -86,13 +74,7 @@ class TradesController < ApplicationController
end
def unlock
unless @entry.account.permission_for(Current.user).in?([ :owner, :full_control ])
respond_to do |format|
format.html { redirect_back_or_to account_path(@entry.account), alert: t("accounts.not_authorized") }
format.turbo_stream { stream_redirect_back_or_to(account_path(@entry.account), alert: t("accounts.not_authorized")) }
end
return
end
return unless require_account_permission!(@entry.account)
@entry.unlock_for_sync!
flash[:notice] = t("entries.unlock.success")