From d0bfdd23c6314c71ac32bfb47bf4f5c53273d54f Mon Sep 17 00:00:00 2001
From: Alex Legler <a3li@gentoo.org>
Date: Mon, 24 Oct 2011 20:54:00 +0200
Subject: Don't show the CVETool to contributors

---
 app/controllers/cve_controller.rb      | 10 ++++++++++
 app/views/cve/info.html.erb            |  2 +-
 app/views/layouts/application.html.erb |  2 ++
 3 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/app/controllers/cve_controller.rb b/app/controllers/cve_controller.rb
index ba5ea39..0a47dd3 100644
--- a/app/controllers/cve_controller.rb
+++ b/app/controllers/cve_controller.rb
@@ -2,6 +2,8 @@ class CveController < ApplicationController
   include ApplicationHelper
   include CveHelper
 
+  before_filter :check_access, :except => [:info, :general_info, :references, :packages, :comments, :changes]
+
   def index
     @pageID = 'cve'
   end
@@ -290,4 +292,12 @@ class CveController < ApplicationController
     render :text => e.message, :status => 500
   end
 
+  protected
+  def check_access
+    if current_user.access < 2
+      deny_access "User has no access to the CVEtool"
+      return false
+    end
+  end
+
 end
diff --git a/app/views/cve/info.html.erb b/app/views/cve/info.html.erb
index ac692ef..33a9383 100644
--- a/app/views/cve/info.html.erb
+++ b/app/views/cve/info.html.erb
@@ -27,7 +27,7 @@ uki({ view: 'VSplitPane', rect: '500 600', anchors: 'left top right bottom', top
           { view: 'Button', rect: '135 4 70 20', text: 'Packages', anchors: 'bottom left', id: 'packages' },
           { view: 'Button', rect: '210 4 80 20', text: 'Comments', anchors: 'bottom left', id: 'comments' },  
           { view: 'Button', rect: '295 4 60 20', text: 'Changes', anchors: 'bottom left', id: 'changes' },
-          { view: 'Button', rect: '430 4 60 20', text: 'Actions', anchors: 'bottom right', id: 'actions' },          
+          <% if current_user.access >= 2 %>{ view: 'Button', rect: '430 4 60 20', text: 'Actions', anchors: 'bottom right', id: 'actions' },<% end %>
         ] }
     ]}
 }).attachTo(window, '500 600');
diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
index de00f3c..8ae5101 100644
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@@ -57,12 +57,14 @@
       <li><%= link_to "Drafts", drafts_glsas_path, :class => 'drafts' %></li>
       <li><%= link_to "Archive", archive_glsas_path, :class => 'archive' %></li>
 
+      <% if current_user.access >= 2 %>
       <li style="margin-right: 2em;">&nbsp;</li>
       <li><a href="/cve/list" class="cve">CVETool</a></li>
       <% if Module.constants.include? "Secunia" %>
       <li style="margin-right: 2em;">&nbsp;</li>
       <li><a href="/" class="secunia">Secunia Advisories</a></li>
       <% end %>
+      <% end %>
     </ul>
   </div>
 
-- 
cgit v1.2.3-65-gdbad