From f4f52fcf2bd643a0e1511831f6869aaf549fdf48 Mon Sep 17 00:00:00 2001 From: Derek Leadbetter Date: Wed, 24 Feb 2021 12:11:53 -0500 Subject: [PATCH 1/2] DM #269 - Updating documents_controller to validate the user is authenticated and has write access prior to the "lock" action --- app/controllers/documents_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/documents_controller.rb b/app/controllers/documents_controller.rb index 3120e13e..e3f012e0 100644 --- a/app/controllers/documents_controller.rb +++ b/app/controllers/documents_controller.rb @@ -6,7 +6,7 @@ class DocumentsController < ApplicationController before_action only: [:show] do validate_user_read(@project) end - before_action only: [:create] do + before_action only: [:create, :lock] do validate_user_write(@project) end before_action only: [:move] do From 8c5478dec0c36707d18806a98c493351aef86f20 Mon Sep 17 00:00:00 2001 From: Derek Leadbetter Date: Wed, 24 Feb 2021 12:12:40 -0500 Subject: [PATCH 2/2] DM #269 - Adding before_destroy callback to user model to unlock all documents --- app/models/user.rb | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/app/models/user.rb b/app/models/user.rb index 937db2b3..3af747eb 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -12,6 +12,8 @@ class User < ActiveRecord::Base scope :is_admin, -> { where(admin: true) } after_create :after_user_create + before_destroy :unlock_documents + def after_user_create if User.count == 1 User.first.update({admin: true, approved: true}) @@ -52,4 +54,10 @@ def can_write(project) def can_admin(project) self.admin? || self.adminable_projects.include?(project) end + + def unlock_documents + Document + .where(locked_by_id: self.id) + .update_all(locked_by_id: nil, locked: false) + end end