bike/BikeShed-1
1
0
Fork 0
mirror of https://github.com/fspc/BikeShed-1.git synced 2025-10-31 08:55:36 -04:00
Code Issues Projects Releases Wiki Activity

Initial work on permissions with cancan

Browse Source
This commit is contained in:
John N. Milner 2013-04-11 21:14:27 -04:00
parent 6a29eda8d9
commit 59e45fa4d3
8 changed files with 64 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
app/components/bike_brands.rb
View File

@ -4,17 +4,16 @@ class BikeBrands < Netzke::Basepack::Grid
c.model = "BikeBrand" c.model = "BikeBrand"
c.title = "Brands" c.title = "Brands"
if controller.current_user.user? c.prohibit_update = true if cannot? :update, BikeBrand
c.prohibit_update = true c.prohibit_create = true if cannot? :create, BikeBrand
c.prohibit_create = true c.prohibit_delete = true if cannot? :delete, BikeBrand
c.prohibit_delete = true
end
end end
#override with nil to remove actions #override with nil to remove actions
def default_bbar def default_bbar
bbar = [ :search ] bbar = [ :search ]
bbar.concat [ :apply, :add_in_form ] if not controller.current_user.user? bbar.concat [ :apply ] if can? :update, BikeBrand
bbar.concat [ :add_in_form ] if can? :create, BikeBrand
bbar bbar
end end
end end

3
app/components/bike_logs.rb
View File

@ -54,7 +54,8 @@ class BikeLogs < Netzke::Basepack::Grid
#override with nil to remove actions #override with nil to remove actions
def default_bbar def default_bbar
bbar = [ :search ] bbar = [ :search ]
bbar.concat [ :apply, :add_in_form ] if not controller.current_user.user? bbar.concat [ :apply ] if can? :update, ::ActsAsLoggable::Log
bbar.concat [ :add_in_form ] if can? :create, ::ActsAsLoggable::Log
bbar bbar
end end
=end =end

11
app/components/bike_models.rb
View File

@ -14,17 +14,16 @@ class BikeModels < Netzke::Basepack::Grid
{ :name => :model } { :name => :model }
] ]
if controller.current_user.user? c.prohibit_update = true if cannot? :update, BikeModel
c.prohibit_update = true c.prohibit_create = true if cannot? :create, BikeModel
c.prohibit_create = true c.prohibit_delete = true if cannot? :delete, BikeModel
c.prohibit_delete = true
end
end end
#override with nil to remove actions #override with nil to remove actions
def default_bbar def default_bbar
bbar = [ :search ] bbar = [ :search ]
bbar.concat [ :apply, :add_in_form ] if not controller.current_user.user? bbar.concat [ :apply ] if can? :update, BikeModel
bbar.concat [ :add_in_form ] if can? :create, BikeModel
bbar bbar
end end
end end

11
app/components/transaction_logs.rb
View File

@ -29,11 +29,9 @@ class TransactionLogs < Netzke::Basepack::Grid
} }
] ]
if controller.current_user.user? c.prohibit_update = true if cannot? :update, ::ActsAsLoggable::Log
c.prohibit_update = true c.prohibit_create = true if cannot? :create, ::ActsAsLoggable::Log
c.prohibit_create = true c.prohibit_delete = true if cannot? :delete, ::ActsAsLoggable::Log
c.prohibit_delete = true
end
end end
@ -60,7 +58,8 @@ class TransactionLogs < Netzke::Basepack::Grid
#override with nil to remove actions #override with nil to remove actions
def default_bbar def default_bbar
bbar = [ :search ] bbar = [ :search ]
bbar.concat [ :apply, :add_in_form ] if not controller.current_user.user? bbar.concat [ :apply ] if can? :update, ::ActsAsLoggable::Log
bbar.concat [:add_in_form ] if can? :create, ::ActsAsLoggable::Log
bbar bbar
end end

14
app/components/user_logs.rb
View File

@ -14,16 +14,16 @@ class UserLogs < Netzke::Basepack::Grid
:copy_action_id => 4 :copy_action_id => 4
} }
#just users if can? :manage, ::ActsAsLoggable::Log
if controller.current_user.user? #admins and staff
user_log_scope = lambda { |rel| rel.where(:loggable_type => 'User',:loggable_id => controller.current_user.id)}
user_log_strong_default_attrs.merge!( { :loggable_id => controller.current_user.id } )
user_log_data_store = {auto_load: true }
#admins and staff
else
user_log_scope = lambda { |rel| rel.where(:loggable_type => 'User',:loggable_id => session[:selected_user_id]);} user_log_scope = lambda { |rel| rel.where(:loggable_type => 'User',:loggable_id => session[:selected_user_id]);}
user_log_strong_default_attrs.merge!( { :loggable_id => session[:selected_user_id] } ) user_log_strong_default_attrs.merge!( { :loggable_id => session[:selected_user_id] } )
user_log_data_store = {auto_load: true } user_log_data_store = {auto_load: true }
else
#just users
user_log_scope = lambda { |rel| rel.where(:loggable_type => 'User',:loggable_id => controller.current_user.id)}
user_log_strong_default_attrs.merge!( { :loggable_id => controller.current_user.id } )
user_log_data_store = {auto_load: true }
end end
c.model = "ActsAsLoggable::Log" c.model = "ActsAsLoggable::Log"

14
app/components/user_profiles.rb
View File

@ -3,18 +3,18 @@ class UserProfiles < Netzke::Basepack::Grid
def configure(c) def configure(c)
super super
if controller.current_user.user? if can? :manage, UserProfile
user_profiles_scope = lambda { |rel| rel.where(:user_id => controller.current_user.id);}
user_profiles_data_store = { auto_load: true }
user_profile_strong_default_attrs = {
:user_id => controller.current_user.id
}
else
user_profiles_scope = lambda { |rel| rel.where(:user_id => session[:selected_user_id]);} user_profiles_scope = lambda { |rel| rel.where(:user_id => session[:selected_user_id]);}
user_profiles_data_store = { auto_load: false} user_profiles_data_store = { auto_load: false}
user_profile_strong_default_attrs = { user_profile_strong_default_attrs = {
:user_id => session[:selected_user_id] :user_id => session[:selected_user_id]
} }
else
user_profiles_scope = lambda { |rel| rel.where(:user_id => controller.current_user.id);}
user_profiles_data_store = { auto_load: true }
user_profile_strong_default_attrs = {
:user_id => controller.current_user.id
}
end end
c.model = "UserProfile" c.model = "UserProfile"

11
app/components/user_transactions.rb
View File

@ -24,17 +24,16 @@ class UserTransactions < Netzke::Basepack::Grid
:created_at :created_at
] ]
if controller.current_user.user? c.prohibit_update = true if cannot? :update, Transaction
c.prohibit_update = true c.prohibit_create = true if cannot? :create, Transaction
c.prohibit_create = true c.prohibit_delete = true if cannot? :delete, Transaction
c.prohibit_delete = true
end
end end
#override with nil to remove actions #override with nil to remove actions
def default_bbar def default_bbar
bbar = [ :search ] bbar = [ :search ]
bbar.concat [ :apply, :add_in_form ] if not controller.current_user.user? bbar.concat [ :apply ] if can? :update, Transaction
bbar.concat [ :add_in_form ] if can? :create, Transaction
bbar bbar
end end
end end

28
app/models/ability.rb Normal file
View File

@ -0,0 +1,28 @@
class Ability
include CanCan::Ability
def initialize(current_user)
@current_user = current_user
self.send(current_user.role.to_sym)
end
def admin
can :manage, :all
end
def staff
can :manage, :all
end
def bike_admin
can :manage, Bike
can :manage, ::ActsAsLoggable::Log, :loggable_type => "Bike"
end
def user
can :read, :all
can :update, Bike, :id => @current_user.bike_id unless @current_user.bike.nil?
can :manage, ::ActsAsLoggable::Log, { :loggable_type => "Bike", :loggable_id => @current_user.bike_id }
can :manage, ::ActsAsLoggable::Log, { :loggable_type => "User", :loggable_id => @current_user.id }
end
end