Add missing authorization for InvoicesController
This commit is contained in:
parent
3b79c05ffe
commit
a3946ed3d4
2 changed files with 16 additions and 10 deletions
|
@ -62,6 +62,7 @@ module Concerns::Auth
|
|||
when 'pickups' then current_user.role_pickups?
|
||||
when 'suppliers' then current_user.role_suppliers?
|
||||
when 'orders' then current_user.role_orders?
|
||||
when 'finance_or_invoices' then (current_user.role_finance? || current_user.role_invoices?)
|
||||
when 'finance_or_orders' then (current_user.role_finance? || current_user.role_orders?)
|
||||
when 'pickups_or_orders' then (current_user.role_pickups? || current_user.role_orders?)
|
||||
when 'any' then true # no role required
|
||||
|
@ -99,6 +100,10 @@ module Concerns::Auth
|
|||
authenticate('orders')
|
||||
end
|
||||
|
||||
def authenticate_finance_or_invoices
|
||||
authenticate('finance_or_invoices')
|
||||
end
|
||||
|
||||
def authenticate_finance_or_orders
|
||||
authenticate('finance_or_orders')
|
||||
end
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
class Finance::InvoicesController < ApplicationController
|
||||
before_action :authenticate_finance_or_invoices
|
||||
|
||||
before_action :find_invoice, only: [:show, :edit, :update, :destroy]
|
||||
before_action :ensure_can_edit, only: [:edit, :update, :destroy]
|
||||
|
|
Loading…
Reference in a new issue