(refs #198)Allow group editing by group members.

2025-11-06 05:25:50 +01:00 · 2014-03-03 01:45:00 +09:00
parent d870896cfb
commit 17920e1195
7 changed files with 43 additions and 15 deletions
--- a/src/main/scala/util/Authenticator.scala
+++ b/src/main/scala/util/Authenticator.scala
@@ -155,3 +155,22 @@ trait ReadableUsersAuthenticator { self: ControllerBase with RepositoryService =
    }
  }
 }
+
+/**
+ * Allows only the group members.
+ */
+trait GroupMemberAuthenticator { self: ControllerBase with AccountService =>
+  protected def membersOnly(action: => Any) = { authenticate(action) }
+  protected def membersOnly[T](action: T => Any) = (form: T) => { authenticate(action(form)) }
+
+  private def authenticate(action: => Any) = {
+    {
+      defining(request.paths){ paths =>
+        context.loginAccount match {
+          case Some(x) if(getGroupMembers(paths(0)).contains(x.userName)) => action
+          case _ => Unauthorized()
+        }
+      }
+    }
+  }
+}