From 6a29eda8d9b12455fb79cc2da486eef395782440 Mon Sep 17 00:00:00 2001 From: "John N. Milner" Date: Sun, 7 Apr 2013 20:44:53 -0400 Subject: [PATCH 1/2] WIP: cancan permissions; it breaks stuff! --- Gemfile | 10 ++++++---- Gemfile.lock | 6 ++++++ app/components/app_tab_panel.rb | 4 ++-- app/components/bike_logs.rb | 11 ++++++----- app/models/user.rb | 12 ++++-------- 5 files changed, 24 insertions(+), 19 deletions(-) diff --git a/Gemfile b/Gemfile index b7f7165..4c7d000 100644 --- a/Gemfile +++ b/Gemfile @@ -2,18 +2,20 @@ source 'https://rubygems.org' gem 'rails', '3.2.13' +gem 'netzke-cancan' gem 'netzke-core', '~>0.8.0' gem 'netzke-basepack', '~>0.8.0' -gem 'sqlite3', '~> 1.3.5' +gem 'acts_as_loggable', :git => 'https://github.com/spacemunkay/acts_as_loggable.git' +gem 'bootstrap-will_paginate', '~> 0.0.6' +gem 'cancan' +gem 'decent_exposure', '~> 1.0.1' gem 'devise', '~> 2.0.4' gem 'haml-rails', '~> 0.3.4' gem 'jquery-rails', '~> 2.0' -gem 'decent_exposure', '~> 1.0.1' +gem 'sqlite3', '~> 1.3.5' gem 'will_paginate', '~> 3.0.3' -gem 'bootstrap-will_paginate', '~> 0.0.6' -gem 'acts_as_loggable', :git => 'https://github.com/spacemunkay/acts_as_loggable.git' # Gems used only for assets and not required # in production environments by default. diff --git a/Gemfile.lock b/Gemfile.lock index c2d474b..4619a5c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -42,6 +42,7 @@ GEM bootstrap-will_paginate (0.0.9) will_paginate builder (3.0.4) + cancan (1.6.9) capybara (1.1.4) mime-types (>= 1.16) nokogiri (>= 1.3.3) @@ -124,6 +125,9 @@ GEM multi_json (1.7.2) netzke-basepack (0.8.2) netzke-core (~> 0.8.2) + netzke-cancan (0.8.2) + cancan + netzke-core netzke-core (0.8.3) execjs uglifier @@ -224,6 +228,7 @@ PLATFORMS DEPENDENCIES acts_as_loggable! bootstrap-will_paginate (~> 0.0.6) + cancan capybara (~> 1.1.2) coffee-rails (~> 3.2.1) database_cleaner @@ -236,6 +241,7 @@ DEPENDENCIES jquery-rails (~> 2.0) launchy netzke-basepack (~> 0.8.0) + netzke-cancan netzke-core (~> 0.8.0) pry (~> 0.9.8) rails (= 3.2.13) diff --git a/app/components/app_tab_panel.rb b/app/components/app_tab_panel.rb index 6b346a6..41188a5 100644 --- a/app/components/app_tab_panel.rb +++ b/app/components/app_tab_panel.rb @@ -17,7 +17,7 @@ class AppTabPanel < Netzke::Basepack::TabPanel ] #for users - if controller.current_user.user? + if controller.current_user.role?(:user) # (had to use hash for borders to get the title to display properly) @@app_tab_panel_items.concat [{ layout: :fit, wrappedComponent: :user_profile_border, @@ -28,7 +28,7 @@ class AppTabPanel < Netzke::Basepack::TabPanel ] end #for admins - if controller.current_user.admin? + if controller.current_user.role?(:admin) # (had to use hash for borders to get the title to display properly) @@app_tab_panel_items.concat [{ layout: :fit, wrappedComponent: :users_and_profiles_border, diff --git a/app/components/bike_logs.rb b/app/components/bike_logs.rb index 9c0b1fe..2ede910 100644 --- a/app/components/bike_logs.rb +++ b/app/components/bike_logs.rb @@ -30,11 +30,12 @@ class BikeLogs < Netzke::Basepack::Grid } } ] - - if controller.current_user.user? - c.prohibit_update = true - c.prohibit_create = true - c.prohibit_delete = true + + #TODO: fix GUI so it actually respects this + current_bike = Bike.find_by_id(session[:selected_bike_id]) + if cannot? :update, current_bike + # if you can't update the bike, you can't do anything to the log + c.prohibit_update = c.prohibit_create = c.prohibit_delete = true end end diff --git a/app/models/user.rb b/app/models/user.rb index c51f98a..b55c290 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -24,16 +24,12 @@ class User < ActiveRecord::Base "#{first_name} #{last_name}" end - def user? - user_role.to_s == "user" + def role + user_role.role end - def staff? - user_role.to_s == "staff" - end - - def admin? - user_role.to_s == "admin" + def role?(role) + user_role.to_s == role.to_s end def total_hours From 59e45fa4d340b027bf37b50374d8ae02d49a355d Mon Sep 17 00:00:00 2001 From: "John N. Milner" Date: Thu, 11 Apr 2013 21:14:27 -0400 Subject: [PATCH 2/2] Initial work on permissions with cancan --- app/components/bike_brands.rb | 11 +++++------ app/components/bike_logs.rb | 3 ++- app/components/bike_models.rb | 11 +++++------ app/components/transaction_logs.rb | 11 +++++------ app/components/user_logs.rb | 14 +++++++------- app/components/user_profiles.rb | 14 +++++++------- app/components/user_transactions.rb | 11 +++++------ app/models/ability.rb | 28 ++++++++++++++++++++++++++++ 8 files changed, 64 insertions(+), 39 deletions(-) create mode 100644 app/models/ability.rb diff --git a/app/components/bike_brands.rb b/app/components/bike_brands.rb index 69e4fab..58c9341 100644 --- a/app/components/bike_brands.rb +++ b/app/components/bike_brands.rb @@ -4,17 +4,16 @@ class BikeBrands < Netzke::Basepack::Grid c.model = "BikeBrand" c.title = "Brands" - if controller.current_user.user? - c.prohibit_update = true - c.prohibit_create = true - c.prohibit_delete = true - end + c.prohibit_update = true if cannot? :update, BikeBrand + c.prohibit_create = true if cannot? :create, BikeBrand + c.prohibit_delete = true if cannot? :delete, BikeBrand end #override with nil to remove actions def default_bbar bbar = [ :search ] - bbar.concat [ :apply, :add_in_form ] if not controller.current_user.user? + bbar.concat [ :apply ] if can? :update, BikeBrand + bbar.concat [ :add_in_form ] if can? :create, BikeBrand bbar end end diff --git a/app/components/bike_logs.rb b/app/components/bike_logs.rb index 2ede910..02446df 100644 --- a/app/components/bike_logs.rb +++ b/app/components/bike_logs.rb @@ -54,7 +54,8 @@ class BikeLogs < Netzke::Basepack::Grid #override with nil to remove actions def default_bbar bbar = [ :search ] - bbar.concat [ :apply, :add_in_form ] if not controller.current_user.user? + bbar.concat [ :apply ] if can? :update, ::ActsAsLoggable::Log + bbar.concat [ :add_in_form ] if can? :create, ::ActsAsLoggable::Log bbar end =end diff --git a/app/components/bike_models.rb b/app/components/bike_models.rb index 55198c3..ac654d0 100644 --- a/app/components/bike_models.rb +++ b/app/components/bike_models.rb @@ -14,17 +14,16 @@ class BikeModels < Netzke::Basepack::Grid { :name => :model } ] - if controller.current_user.user? - c.prohibit_update = true - c.prohibit_create = true - c.prohibit_delete = true - end + c.prohibit_update = true if cannot? :update, BikeModel + c.prohibit_create = true if cannot? :create, BikeModel + c.prohibit_delete = true if cannot? :delete, BikeModel end #override with nil to remove actions def default_bbar bbar = [ :search ] - bbar.concat [ :apply, :add_in_form ] if not controller.current_user.user? + bbar.concat [ :apply ] if can? :update, BikeModel + bbar.concat [ :add_in_form ] if can? :create, BikeModel bbar end end diff --git a/app/components/transaction_logs.rb b/app/components/transaction_logs.rb index 7cbdc4e..472a95d 100644 --- a/app/components/transaction_logs.rb +++ b/app/components/transaction_logs.rb @@ -29,11 +29,9 @@ class TransactionLogs < Netzke::Basepack::Grid } ] - if controller.current_user.user? - c.prohibit_update = true - c.prohibit_create = true - c.prohibit_delete = true - end + c.prohibit_update = true if cannot? :update, ::ActsAsLoggable::Log + c.prohibit_create = true if cannot? :create, ::ActsAsLoggable::Log + c.prohibit_delete = true if cannot? :delete, ::ActsAsLoggable::Log end @@ -60,7 +58,8 @@ class TransactionLogs < Netzke::Basepack::Grid #override with nil to remove actions def default_bbar bbar = [ :search ] - bbar.concat [ :apply, :add_in_form ] if not controller.current_user.user? + bbar.concat [ :apply ] if can? :update, ::ActsAsLoggable::Log + bbar.concat [:add_in_form ] if can? :create, ::ActsAsLoggable::Log bbar end diff --git a/app/components/user_logs.rb b/app/components/user_logs.rb index b001b42..1300845 100644 --- a/app/components/user_logs.rb +++ b/app/components/user_logs.rb @@ -14,16 +14,16 @@ class UserLogs < Netzke::Basepack::Grid :copy_action_id => 4 } - #just users - if controller.current_user.user? - user_log_scope = lambda { |rel| rel.where(:loggable_type => 'User',:loggable_id => controller.current_user.id)} - user_log_strong_default_attrs.merge!( { :loggable_id => controller.current_user.id } ) - user_log_data_store = {auto_load: true } - #admins and staff - else + if can? :manage, ::ActsAsLoggable::Log + #admins and staff user_log_scope = lambda { |rel| rel.where(:loggable_type => 'User',:loggable_id => session[:selected_user_id]);} user_log_strong_default_attrs.merge!( { :loggable_id => session[:selected_user_id] } ) user_log_data_store = {auto_load: true } + else + #just users + user_log_scope = lambda { |rel| rel.where(:loggable_type => 'User',:loggable_id => controller.current_user.id)} + user_log_strong_default_attrs.merge!( { :loggable_id => controller.current_user.id } ) + user_log_data_store = {auto_load: true } end c.model = "ActsAsLoggable::Log" diff --git a/app/components/user_profiles.rb b/app/components/user_profiles.rb index 1048f66..c26bb28 100644 --- a/app/components/user_profiles.rb +++ b/app/components/user_profiles.rb @@ -3,18 +3,18 @@ class UserProfiles < Netzke::Basepack::Grid def configure(c) super - if controller.current_user.user? - user_profiles_scope = lambda { |rel| rel.where(:user_id => controller.current_user.id);} - user_profiles_data_store = { auto_load: true } - user_profile_strong_default_attrs = { - :user_id => controller.current_user.id - } - else + if can? :manage, UserProfile user_profiles_scope = lambda { |rel| rel.where(:user_id => session[:selected_user_id]);} user_profiles_data_store = { auto_load: false} user_profile_strong_default_attrs = { :user_id => session[:selected_user_id] } + else + user_profiles_scope = lambda { |rel| rel.where(:user_id => controller.current_user.id);} + user_profiles_data_store = { auto_load: true } + user_profile_strong_default_attrs = { + :user_id => controller.current_user.id + } end c.model = "UserProfile" diff --git a/app/components/user_transactions.rb b/app/components/user_transactions.rb index 9c0fdee..5e62ab3 100644 --- a/app/components/user_transactions.rb +++ b/app/components/user_transactions.rb @@ -24,17 +24,16 @@ class UserTransactions < Netzke::Basepack::Grid :created_at ] - if controller.current_user.user? - c.prohibit_update = true - c.prohibit_create = true - c.prohibit_delete = true - end + c.prohibit_update = true if cannot? :update, Transaction + c.prohibit_create = true if cannot? :create, Transaction + c.prohibit_delete = true if cannot? :delete, Transaction end #override with nil to remove actions def default_bbar bbar = [ :search ] - bbar.concat [ :apply, :add_in_form ] if not controller.current_user.user? + bbar.concat [ :apply ] if can? :update, Transaction + bbar.concat [ :add_in_form ] if can? :create, Transaction bbar end end diff --git a/app/models/ability.rb b/app/models/ability.rb new file mode 100644 index 0000000..4fde40d --- /dev/null +++ b/app/models/ability.rb @@ -0,0 +1,28 @@ +class Ability + include CanCan::Ability + + def initialize(current_user) + @current_user = current_user + self.send(current_user.role.to_sym) + end + + def admin + can :manage, :all + end + + def staff + can :manage, :all + end + + def bike_admin + can :manage, Bike + can :manage, ::ActsAsLoggable::Log, :loggable_type => "Bike" + end + + def user + can :read, :all + can :update, Bike, :id => @current_user.bike_id unless @current_user.bike.nil? + can :manage, ::ActsAsLoggable::Log, { :loggable_type => "Bike", :loggable_id => @current_user.bike_id } + can :manage, ::ActsAsLoggable::Log, { :loggable_type => "User", :loggable_id => @current_user.id } + end +end