mirror of
https://github.com/we-promise/sure.git
synced 2026-04-10 07:44:48 +00:00
9410e5b38d
* third party provider scoping * Simplify logic and allow only admins to mange providers * Broadcast fixes * FIX tests and build * Fixes * Reviews * Scope merchants * DRY fixes
30 lines
843 B
Ruby
30 lines
843 B
Ruby
module AccountAuthorizable
|
|
extend ActiveSupport::Concern
|
|
|
|
included do
|
|
include StreamExtensions
|
|
end
|
|
|
|
private
|
|
|
|
def require_account_permission!(account, level = :write, redirect_path: nil)
|
|
permission = account.permission_for(Current.user)
|
|
|
|
allowed = case level
|
|
when :write then permission.in?([ :owner, :full_control ])
|
|
when :annotate then permission.in?([ :owner, :full_control, :read_write ])
|
|
when :owner then permission == :owner
|
|
else false
|
|
end
|
|
|
|
return true if allowed
|
|
|
|
path = redirect_path || account_path(account)
|
|
respond_to do |format|
|
|
format.html { redirect_back_or_to path, alert: t("accounts.not_authorized") }
|
|
format.turbo_stream { stream_redirect_back_or_to(path, alert: t("accounts.not_authorized")) }
|
|
end
|
|
false
|
|
end
|
|
end
|