Putting protection on some organisations, so that spammers have less access...

app/controllers/orgas_controller.rb

@@ -6,8 +6,8 @@ class OrgasController < ApplicationController
   before_action :set_mailer_host
   before_action :authenticate_user!, only: [:edit, :update],
                                      unless: :check_secret
-  before_action :authenticate_user!, only: [:validate, :accept, :cancel,
-                                            :destroy]
+  before_action :authenticate_user!, except: [:index, :new, :create, :show,
+                                              :edit, :update]
 
   def index
     @search = apply_scopes(Orga).moderated.includes(:kind,

app/views/orgas/index.html.haml

@@ -58,8 +58,9 @@
           = link_to orga_path(orga, q: params[:q], page: params[:page]) do
             %em.fa.fa-eye
         %td
-          = link_to edit_orga_path orga do
-            %em.fa.fa-pencil
+          - if orga.secret.nil? || user_signed_in?
+            = link_to edit_orga_path orga do
+              %em.fa.fa-pencil
 
   %tfoot
     %tr

app/views/orgas/show.html.haml

@@ -44,18 +44,19 @@
           %em.fa.fa-li.fa-dot-circle-o
           GeoJSON
 
-    %h1
-      %em.fa.fa-wrench
-      = t '.actions'
-    %h2
-      = link_to edit_orga_path @orga do
-        %em.fa.fa-lg.fa-pencil
-        = t '.edit'
-    - if user_signed_in?
+    - if @orga.secret.nil? || user_signed_in?
+      %h1
+        %em.fa.fa-wrench
+        = t '.actions'
       %h2
-        = link_to cancel_orga_path @orga do
-          %em.fa.fa-lg.fa-thumbs-down
-          = t '.cancel'
+        = link_to edit_orga_path @orga do
+          %em.fa.fa-lg.fa-pencil
+          = t '.edit'
+      - if user_signed_in?
+        %h2
+          = link_to cancel_orga_path @orga do
+            %em.fa.fa-lg.fa-thumbs-down
+            = t '.cancel'
 
 %h3= t '.description'
 .description