From 59e45fa4d340b027bf37b50374d8ae02d49a355d Mon Sep 17 00:00:00 2001 From: "John N. Milner" Date: Thu, 11 Apr 2013 21:14:27 -0400 Subject: [PATCH] Initial work on permissions with cancan --- app/components/bike_brands.rb | 11 +++++------ app/components/bike_logs.rb | 3 ++- app/components/bike_models.rb | 11 +++++------ app/components/transaction_logs.rb | 11 +++++------ app/components/user_logs.rb | 14 +++++++------- app/components/user_profiles.rb | 14 +++++++------- app/components/user_transactions.rb | 11 +++++------ app/models/ability.rb | 28 ++++++++++++++++++++++++++++ 8 files changed, 64 insertions(+), 39 deletions(-) create mode 100644 app/models/ability.rb diff --git a/app/components/bike_brands.rb b/app/components/bike_brands.rb index 69e4fab..58c9341 100644 --- a/app/components/bike_brands.rb +++ b/app/components/bike_brands.rb @@ -4,17 +4,16 @@ class BikeBrands < Netzke::Basepack::Grid c.model = "BikeBrand" c.title = "Brands" - if controller.current_user.user? - c.prohibit_update = true - c.prohibit_create = true - c.prohibit_delete = true - end + c.prohibit_update = true if cannot? :update, BikeBrand + c.prohibit_create = true if cannot? :create, BikeBrand + c.prohibit_delete = true if cannot? :delete, BikeBrand end #override with nil to remove actions def default_bbar bbar = [ :search ] - bbar.concat [ :apply, :add_in_form ] if not controller.current_user.user? + bbar.concat [ :apply ] if can? :update, BikeBrand + bbar.concat [ :add_in_form ] if can? :create, BikeBrand bbar end end diff --git a/app/components/bike_logs.rb b/app/components/bike_logs.rb index 2ede910..02446df 100644 --- a/app/components/bike_logs.rb +++ b/app/components/bike_logs.rb @@ -54,7 +54,8 @@ class BikeLogs < Netzke::Basepack::Grid #override with nil to remove actions def default_bbar bbar = [ :search ] - bbar.concat [ :apply, :add_in_form ] if not controller.current_user.user? + bbar.concat [ :apply ] if can? :update, ::ActsAsLoggable::Log + bbar.concat [ :add_in_form ] if can? :create, ::ActsAsLoggable::Log bbar end =end diff --git a/app/components/bike_models.rb b/app/components/bike_models.rb index 55198c3..ac654d0 100644 --- a/app/components/bike_models.rb +++ b/app/components/bike_models.rb @@ -14,17 +14,16 @@ class BikeModels < Netzke::Basepack::Grid { :name => :model } ] - if controller.current_user.user? - c.prohibit_update = true - c.prohibit_create = true - c.prohibit_delete = true - end + c.prohibit_update = true if cannot? :update, BikeModel + c.prohibit_create = true if cannot? :create, BikeModel + c.prohibit_delete = true if cannot? :delete, BikeModel end #override with nil to remove actions def default_bbar bbar = [ :search ] - bbar.concat [ :apply, :add_in_form ] if not controller.current_user.user? + bbar.concat [ :apply ] if can? :update, BikeModel + bbar.concat [ :add_in_form ] if can? :create, BikeModel bbar end end diff --git a/app/components/transaction_logs.rb b/app/components/transaction_logs.rb index 7cbdc4e..472a95d 100644 --- a/app/components/transaction_logs.rb +++ b/app/components/transaction_logs.rb @@ -29,11 +29,9 @@ class TransactionLogs < Netzke::Basepack::Grid } ] - if controller.current_user.user? - c.prohibit_update = true - c.prohibit_create = true - c.prohibit_delete = true - end + c.prohibit_update = true if cannot? :update, ::ActsAsLoggable::Log + c.prohibit_create = true if cannot? :create, ::ActsAsLoggable::Log + c.prohibit_delete = true if cannot? :delete, ::ActsAsLoggable::Log end @@ -60,7 +58,8 @@ class TransactionLogs < Netzke::Basepack::Grid #override with nil to remove actions def default_bbar bbar = [ :search ] - bbar.concat [ :apply, :add_in_form ] if not controller.current_user.user? + bbar.concat [ :apply ] if can? :update, ::ActsAsLoggable::Log + bbar.concat [:add_in_form ] if can? :create, ::ActsAsLoggable::Log bbar end diff --git a/app/components/user_logs.rb b/app/components/user_logs.rb index b001b42..1300845 100644 --- a/app/components/user_logs.rb +++ b/app/components/user_logs.rb @@ -14,16 +14,16 @@ class UserLogs < Netzke::Basepack::Grid :copy_action_id => 4 } - #just users - if controller.current_user.user? - user_log_scope = lambda { |rel| rel.where(:loggable_type => 'User',:loggable_id => controller.current_user.id)} - user_log_strong_default_attrs.merge!( { :loggable_id => controller.current_user.id } ) - user_log_data_store = {auto_load: true } - #admins and staff - else + if can? :manage, ::ActsAsLoggable::Log + #admins and staff user_log_scope = lambda { |rel| rel.where(:loggable_type => 'User',:loggable_id => session[:selected_user_id]);} user_log_strong_default_attrs.merge!( { :loggable_id => session[:selected_user_id] } ) user_log_data_store = {auto_load: true } + else + #just users + user_log_scope = lambda { |rel| rel.where(:loggable_type => 'User',:loggable_id => controller.current_user.id)} + user_log_strong_default_attrs.merge!( { :loggable_id => controller.current_user.id } ) + user_log_data_store = {auto_load: true } end c.model = "ActsAsLoggable::Log" diff --git a/app/components/user_profiles.rb b/app/components/user_profiles.rb index 1048f66..c26bb28 100644 --- a/app/components/user_profiles.rb +++ b/app/components/user_profiles.rb @@ -3,18 +3,18 @@ class UserProfiles < Netzke::Basepack::Grid def configure(c) super - if controller.current_user.user? - user_profiles_scope = lambda { |rel| rel.where(:user_id => controller.current_user.id);} - user_profiles_data_store = { auto_load: true } - user_profile_strong_default_attrs = { - :user_id => controller.current_user.id - } - else + if can? :manage, UserProfile user_profiles_scope = lambda { |rel| rel.where(:user_id => session[:selected_user_id]);} user_profiles_data_store = { auto_load: false} user_profile_strong_default_attrs = { :user_id => session[:selected_user_id] } + else + user_profiles_scope = lambda { |rel| rel.where(:user_id => controller.current_user.id);} + user_profiles_data_store = { auto_load: true } + user_profile_strong_default_attrs = { + :user_id => controller.current_user.id + } end c.model = "UserProfile" diff --git a/app/components/user_transactions.rb b/app/components/user_transactions.rb index 9c0fdee..5e62ab3 100644 --- a/app/components/user_transactions.rb +++ b/app/components/user_transactions.rb @@ -24,17 +24,16 @@ class UserTransactions < Netzke::Basepack::Grid :created_at ] - if controller.current_user.user? - c.prohibit_update = true - c.prohibit_create = true - c.prohibit_delete = true - end + c.prohibit_update = true if cannot? :update, Transaction + c.prohibit_create = true if cannot? :create, Transaction + c.prohibit_delete = true if cannot? :delete, Transaction end #override with nil to remove actions def default_bbar bbar = [ :search ] - bbar.concat [ :apply, :add_in_form ] if not controller.current_user.user? + bbar.concat [ :apply ] if can? :update, Transaction + bbar.concat [ :add_in_form ] if can? :create, Transaction bbar end end diff --git a/app/models/ability.rb b/app/models/ability.rb new file mode 100644 index 0000000..4fde40d --- /dev/null +++ b/app/models/ability.rb @@ -0,0 +1,28 @@ +class Ability + include CanCan::Ability + + def initialize(current_user) + @current_user = current_user + self.send(current_user.role.to_sym) + end + + def admin + can :manage, :all + end + + def staff + can :manage, :all + end + + def bike_admin + can :manage, Bike + can :manage, ::ActsAsLoggable::Log, :loggable_type => "Bike" + end + + def user + can :read, :all + can :update, Bike, :id => @current_user.bike_id unless @current_user.bike.nil? + can :manage, ::ActsAsLoggable::Log, { :loggable_type => "Bike", :loggable_id => @current_user.bike_id } + can :manage, ::ActsAsLoggable::Log, { :loggable_type => "User", :loggable_id => @current_user.id } + end +end