WIP: cancan permissions; it breaks stuff!

12 years ago · 6a29eda8d9
5 changed files with 24 additions and 19 deletions
--- a/10
+++ b/10
@ -2,18 +2,20 @@ source 'https://rubygems.org'

 gem 'rails', '3.2.13'

+gem 'netzke-cancan'
 gem 'netzke-core', '~>0.8.0'
 gem 'netzke-basepack', '~>0.8.0'


-gem 'sqlite3', '~> 1.3.5'
+gem 'acts_as_loggable', :git => 'https://github.com/spacemunkay/acts_as_loggable.git'
+gem 'bootstrap-will_paginate', '~> 0.0.6'
+gem 'cancan'
+gem 'decent_exposure', '~> 1.0.1'
 gem 'devise', '~> 2.0.4'
 gem 'haml-rails', '~> 0.3.4'
 gem 'jquery-rails', '~> 2.0'
-gem 'decent_exposure', '~> 1.0.1'
+gem 'sqlite3', '~> 1.3.5'
 gem 'will_paginate', '~> 3.0.3'
-gem 'bootstrap-will_paginate', '~> 0.0.6'
-gem 'acts_as_loggable', :git => 'https://github.com/spacemunkay/acts_as_loggable.git'

 # Gems used only for assets and not required
 # in production environments by default.
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -42,6 +42,7 @@ GEM
    bootstrap-will_paginate (0.0.9)
      will_paginate
    builder (3.0.4)
+    cancan (1.6.9)
    capybara (1.1.4)
      mime-types (>= 1.16)
      nokogiri (>= 1.3.3)
@ -124,6 +125,9 @@ GEM
    multi_json (1.7.2)
    netzke-basepack (0.8.2)
      netzke-core (~> 0.8.2)
+    netzke-cancan (0.8.2)
+      cancan
+      netzke-core
    netzke-core (0.8.3)
      execjs
      uglifier
@ -224,6 +228,7 @@ PLATFORMS
 DEPENDENCIES
  acts_as_loggable!
  bootstrap-will_paginate (~> 0.0.6)
+  cancan
  capybara (~> 1.1.2)
  coffee-rails (~> 3.2.1)
  database_cleaner
@ -236,6 +241,7 @@ DEPENDENCIES
  jquery-rails (~> 2.0)
  launchy
  netzke-basepack (~> 0.8.0)
+  netzke-cancan
  netzke-core (~> 0.8.0)
  pry (~> 0.9.8)
  rails (= 3.2.13)
--- a/app/components/app_tab_panel.rb
+++ b/app/components/app_tab_panel.rb
@ -17,7 +17,7 @@ class AppTabPanel < Netzke::Basepack::TabPanel
                              ]

    #for users
-    if controller.current_user.user?
+    if controller.current_user.role?(:user)
      # (had to use hash for borders to get the title to display properly)
      @@app_tab_panel_items.concat [{ layout: :fit,
                                      wrappedComponent: :user_profile_border,
@ -28,7 +28,7 @@ class AppTabPanel < Netzke::Basepack::TabPanel
                                    ]
    end
    #for admins
-    if controller.current_user.admin?
+    if controller.current_user.role?(:admin)
      # (had to use hash for borders to get the title to display properly)
      @@app_tab_panel_items.concat [{ layout: :fit,
                                      wrappedComponent: :users_and_profiles_border,
--- a/app/components/bike_logs.rb
+++ b/app/components/bike_logs.rb
@ -30,11 +30,12 @@ class BikeLogs < Netzke::Basepack::Grid
                                              }
      }
    ]
-    
-    if controller.current_user.user?
-      c.prohibit_update = true
-      c.prohibit_create = true
-      c.prohibit_delete = true
+
+    #TODO: fix GUI so it actually respects this
+    current_bike = Bike.find_by_id(session[:selected_bike_id]) 
+    if cannot? :update, current_bike
+      # if you can't update the bike, you can't do anything to the log
+      c.prohibit_update = c.prohibit_create = c.prohibit_delete = true
    end

  end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -24,16 +24,12 @@ class User < ActiveRecord::Base
    "#{first_name} #{last_name}"
  end

-  def user?
-    user_role.to_s == "user"
+  def role
+    user_role.role
  end

-  def staff?
-    user_role.to_s == "staff"
-  end
-
-  def admin?
-    user_role.to_s == "admin"
+  def role?(role)
+    user_role.to_s == role.to_s
  end

  def total_hours