mirror of
https://github.com/fspc/BikeShed-1.git
synced 2025-04-04 05:33:22 -04:00
25 lines
692 B
Ruby
25 lines
692 B
Ruby
class Api::V1::TaskListsController < Api::V1::BaseController
|
|
CANNOT_MANAGE = "You do not have permission to manage this task list."
|
|
NOT_FOUND = "The task list could not be found."
|
|
|
|
before_filter :get_task_list
|
|
before_filter :check_task_list_permission, except: :show
|
|
|
|
def show
|
|
end
|
|
|
|
private
|
|
def get_task_list
|
|
@task_list = TaskList.find_by_id(params[:id])
|
|
if @task_list.nil?
|
|
render json: { errors: [NOT_FOUND] }, status: 404 and return
|
|
end
|
|
end
|
|
|
|
def check_task_list_permission
|
|
if cannot? :manage, Bike and @task_list.item != current_user.bike
|
|
render json: { errors: [CANNOT_MANAGE]}, status: 403 and return
|
|
end
|
|
end
|
|
end
|