Browse Source

Merge pull request #14 from spacemunkay/jnm-cancan

cancan
denney-disable-on-select
jnm 12 years ago
parent
commit
ac9e5718c7
  1. 10
      Gemfile
  2. 6
      Gemfile.lock
  3. 4
      app/components/app_tab_panel.rb
  4. 11
      app/components/bike_brands.rb
  5. 12
      app/components/bike_logs.rb
  6. 11
      app/components/bike_models.rb
  7. 11
      app/components/transaction_logs.rb
  8. 14
      app/components/user_logs.rb
  9. 14
      app/components/user_profiles.rb
  10. 11
      app/components/user_transactions.rb
  11. 28
      app/models/ability.rb
  12. 12
      app/models/user.rb

10
Gemfile

@ -2,18 +2,20 @@ source 'https://rubygems.org'
gem 'rails', '3.2.13' gem 'rails', '3.2.13'
gem 'netzke-cancan'
gem 'netzke-core', '~>0.8.0' gem 'netzke-core', '~>0.8.0'
gem 'netzke-basepack', '~>0.8.0' gem 'netzke-basepack', '~>0.8.0'
gem 'sqlite3', '~> 1.3.5' gem 'acts_as_loggable', :git => 'https://github.com/spacemunkay/acts_as_loggable.git'
gem 'bootstrap-will_paginate', '~> 0.0.6'
gem 'cancan'
gem 'decent_exposure', '~> 1.0.1'
gem 'devise', '~> 2.0.4' gem 'devise', '~> 2.0.4'
gem 'haml-rails', '~> 0.3.4' gem 'haml-rails', '~> 0.3.4'
gem 'jquery-rails', '~> 2.0' gem 'jquery-rails', '~> 2.0'
gem 'decent_exposure', '~> 1.0.1' gem 'sqlite3', '~> 1.3.5'
gem 'will_paginate', '~> 3.0.3' gem 'will_paginate', '~> 3.0.3'
gem 'bootstrap-will_paginate', '~> 0.0.6'
gem 'acts_as_loggable', :git => 'https://github.com/spacemunkay/acts_as_loggable.git'
# Gems used only for assets and not required # Gems used only for assets and not required
# in production environments by default. # in production environments by default.

6
Gemfile.lock

@ -42,6 +42,7 @@ GEM
bootstrap-will_paginate (0.0.9) bootstrap-will_paginate (0.0.9)
will_paginate will_paginate
builder (3.0.4) builder (3.0.4)
cancan (1.6.9)
capybara (1.1.4) capybara (1.1.4)
mime-types (>= 1.16) mime-types (>= 1.16)
nokogiri (>= 1.3.3) nokogiri (>= 1.3.3)
@ -124,6 +125,9 @@ GEM
multi_json (1.7.2) multi_json (1.7.2)
netzke-basepack (0.8.2) netzke-basepack (0.8.2)
netzke-core (~> 0.8.2) netzke-core (~> 0.8.2)
netzke-cancan (0.8.2)
cancan
netzke-core
netzke-core (0.8.3) netzke-core (0.8.3)
execjs execjs
uglifier uglifier
@ -224,6 +228,7 @@ PLATFORMS
DEPENDENCIES DEPENDENCIES
acts_as_loggable! acts_as_loggable!
bootstrap-will_paginate (~> 0.0.6) bootstrap-will_paginate (~> 0.0.6)
cancan
capybara (~> 1.1.2) capybara (~> 1.1.2)
coffee-rails (~> 3.2.1) coffee-rails (~> 3.2.1)
database_cleaner database_cleaner
@ -236,6 +241,7 @@ DEPENDENCIES
jquery-rails (~> 2.0) jquery-rails (~> 2.0)
launchy launchy
netzke-basepack (~> 0.8.0) netzke-basepack (~> 0.8.0)
netzke-cancan
netzke-core (~> 0.8.0) netzke-core (~> 0.8.0)
pry (~> 0.9.8) pry (~> 0.9.8)
rails (= 3.2.13) rails (= 3.2.13)

4
app/components/app_tab_panel.rb

@ -17,7 +17,7 @@ class AppTabPanel < Netzke::Basepack::TabPanel
] ]
#for users #for users
if controller.current_user.user? if controller.current_user.role?(:user)
# (had to use hash for borders to get the title to display properly) # (had to use hash for borders to get the title to display properly)
@@app_tab_panel_items.concat [{ layout: :fit, @@app_tab_panel_items.concat [{ layout: :fit,
wrappedComponent: :user_profile_border, wrappedComponent: :user_profile_border,
@ -28,7 +28,7 @@ class AppTabPanel < Netzke::Basepack::TabPanel
] ]
end end
#for admins #for admins
if controller.current_user.admin? if controller.current_user.role?(:admin)
# (had to use hash for borders to get the title to display properly) # (had to use hash for borders to get the title to display properly)
@@app_tab_panel_items.concat [{ layout: :fit, @@app_tab_panel_items.concat [{ layout: :fit,
wrappedComponent: :users_and_profiles_border, wrappedComponent: :users_and_profiles_border,

11
app/components/bike_brands.rb

@ -4,17 +4,16 @@ class BikeBrands < Netzke::Basepack::Grid
c.model = "BikeBrand" c.model = "BikeBrand"
c.title = "Brands" c.title = "Brands"
if controller.current_user.user? c.prohibit_update = true if cannot? :update, BikeBrand
c.prohibit_update = true c.prohibit_create = true if cannot? :create, BikeBrand
c.prohibit_create = true c.prohibit_delete = true if cannot? :delete, BikeBrand
c.prohibit_delete = true
end
end end
#override with nil to remove actions #override with nil to remove actions
def default_bbar def default_bbar
bbar = [ :search ] bbar = [ :search ]
bbar.concat [ :apply, :add_in_form ] if not controller.current_user.user? bbar.concat [ :apply ] if can? :update, BikeBrand
bbar.concat [ :add_in_form ] if can? :create, BikeBrand
bbar bbar
end end
end end

12
app/components/bike_logs.rb

@ -31,10 +31,11 @@ class BikeLogs < Netzke::Basepack::Grid
} }
] ]
if controller.current_user.user? #TODO: fix GUI so it actually respects this
c.prohibit_update = true current_bike = Bike.find_by_id(session[:selected_bike_id])
c.prohibit_create = true if cannot? :update, current_bike
c.prohibit_delete = true # if you can't update the bike, you can't do anything to the log
c.prohibit_update = c.prohibit_create = c.prohibit_delete = true
end end
end end
@ -53,7 +54,8 @@ class BikeLogs < Netzke::Basepack::Grid
#override with nil to remove actions #override with nil to remove actions
def default_bbar def default_bbar
bbar = [ :search ] bbar = [ :search ]
bbar.concat [ :apply, :add_in_form ] if not controller.current_user.user? bbar.concat [ :apply ] if can? :update, ::ActsAsLoggable::Log
bbar.concat [ :add_in_form ] if can? :create, ::ActsAsLoggable::Log
bbar bbar
end end
=end =end

11
app/components/bike_models.rb

@ -14,17 +14,16 @@ class BikeModels < Netzke::Basepack::Grid
{ :name => :model } { :name => :model }
] ]
if controller.current_user.user? c.prohibit_update = true if cannot? :update, BikeModel
c.prohibit_update = true c.prohibit_create = true if cannot? :create, BikeModel
c.prohibit_create = true c.prohibit_delete = true if cannot? :delete, BikeModel
c.prohibit_delete = true
end
end end
#override with nil to remove actions #override with nil to remove actions
def default_bbar def default_bbar
bbar = [ :search ] bbar = [ :search ]
bbar.concat [ :apply, :add_in_form ] if not controller.current_user.user? bbar.concat [ :apply ] if can? :update, BikeModel
bbar.concat [ :add_in_form ] if can? :create, BikeModel
bbar bbar
end end
end end

11
app/components/transaction_logs.rb

@ -29,11 +29,9 @@ class TransactionLogs < Netzke::Basepack::Grid
} }
] ]
if controller.current_user.user? c.prohibit_update = true if cannot? :update, ::ActsAsLoggable::Log
c.prohibit_update = true c.prohibit_create = true if cannot? :create, ::ActsAsLoggable::Log
c.prohibit_create = true c.prohibit_delete = true if cannot? :delete, ::ActsAsLoggable::Log
c.prohibit_delete = true
end
end end
@ -60,7 +58,8 @@ class TransactionLogs < Netzke::Basepack::Grid
#override with nil to remove actions #override with nil to remove actions
def default_bbar def default_bbar
bbar = [ :search ] bbar = [ :search ]
bbar.concat [ :apply, :add_in_form ] if not controller.current_user.user? bbar.concat [ :apply ] if can? :update, ::ActsAsLoggable::Log
bbar.concat [:add_in_form ] if can? :create, ::ActsAsLoggable::Log
bbar bbar
end end

14
app/components/user_logs.rb

@ -14,16 +14,16 @@ class UserLogs < Netzke::Basepack::Grid
:copy_action_id => 4 :copy_action_id => 4
} }
#just users if can? :manage, ::ActsAsLoggable::Log
if controller.current_user.user? #admins and staff
user_log_scope = lambda { |rel| rel.where(:loggable_type => 'User',:loggable_id => controller.current_user.id)}
user_log_strong_default_attrs.merge!( { :loggable_id => controller.current_user.id } )
user_log_data_store = {auto_load: true }
#admins and staff
else
user_log_scope = lambda { |rel| rel.where(:loggable_type => 'User',:loggable_id => session[:selected_user_id]);} user_log_scope = lambda { |rel| rel.where(:loggable_type => 'User',:loggable_id => session[:selected_user_id]);}
user_log_strong_default_attrs.merge!( { :loggable_id => session[:selected_user_id] } ) user_log_strong_default_attrs.merge!( { :loggable_id => session[:selected_user_id] } )
user_log_data_store = {auto_load: true } user_log_data_store = {auto_load: true }
else
#just users
user_log_scope = lambda { |rel| rel.where(:loggable_type => 'User',:loggable_id => controller.current_user.id)}
user_log_strong_default_attrs.merge!( { :loggable_id => controller.current_user.id } )
user_log_data_store = {auto_load: true }
end end
c.model = "ActsAsLoggable::Log" c.model = "ActsAsLoggable::Log"

14
app/components/user_profiles.rb

@ -3,18 +3,18 @@ class UserProfiles < Netzke::Basepack::Grid
def configure(c) def configure(c)
super super
if controller.current_user.user? if can? :manage, UserProfile
user_profiles_scope = lambda { |rel| rel.where(:user_id => controller.current_user.id);}
user_profiles_data_store = { auto_load: true }
user_profile_strong_default_attrs = {
:user_id => controller.current_user.id
}
else
user_profiles_scope = lambda { |rel| rel.where(:user_id => session[:selected_user_id]);} user_profiles_scope = lambda { |rel| rel.where(:user_id => session[:selected_user_id]);}
user_profiles_data_store = { auto_load: false} user_profiles_data_store = { auto_load: false}
user_profile_strong_default_attrs = { user_profile_strong_default_attrs = {
:user_id => session[:selected_user_id] :user_id => session[:selected_user_id]
} }
else
user_profiles_scope = lambda { |rel| rel.where(:user_id => controller.current_user.id);}
user_profiles_data_store = { auto_load: true }
user_profile_strong_default_attrs = {
:user_id => controller.current_user.id
}
end end
c.model = "UserProfile" c.model = "UserProfile"

11
app/components/user_transactions.rb

@ -24,17 +24,16 @@ class UserTransactions < Netzke::Basepack::Grid
:created_at :created_at
] ]
if controller.current_user.user? c.prohibit_update = true if cannot? :update, Transaction
c.prohibit_update = true c.prohibit_create = true if cannot? :create, Transaction
c.prohibit_create = true c.prohibit_delete = true if cannot? :delete, Transaction
c.prohibit_delete = true
end
end end
#override with nil to remove actions #override with nil to remove actions
def default_bbar def default_bbar
bbar = [ :search ] bbar = [ :search ]
bbar.concat [ :apply, :add_in_form ] if not controller.current_user.user? bbar.concat [ :apply ] if can? :update, Transaction
bbar.concat [ :add_in_form ] if can? :create, Transaction
bbar bbar
end end
end end

28
app/models/ability.rb

@ -0,0 +1,28 @@
class Ability
include CanCan::Ability
def initialize(current_user)
@current_user = current_user
self.send(current_user.role.to_sym)
end
def admin
can :manage, :all
end
def staff
can :manage, :all
end
def bike_admin
can :manage, Bike
can :manage, ::ActsAsLoggable::Log, :loggable_type => "Bike"
end
def user
can :read, :all
can :update, Bike, :id => @current_user.bike_id unless @current_user.bike.nil?
can :manage, ::ActsAsLoggable::Log, { :loggable_type => "Bike", :loggable_id => @current_user.bike_id }
can :manage, ::ActsAsLoggable::Log, { :loggable_type => "User", :loggable_id => @current_user.id }
end
end

12
app/models/user.rb

@ -24,16 +24,12 @@ class User < ActiveRecord::Base
"#{first_name} #{last_name}" "#{first_name} #{last_name}"
end end
def user? def role
user_role.to_s == "user" user_role.role
end end
def staff? def role?(role)
user_role.to_s == "staff" user_role.to_s == role.to_s
end
def admin?
user_role.to_s == "admin"
end end
def total_hours def total_hours

Loading…
Cancel
Save