Browse Source

Fixing some cancan permission issues… i think

eperez-timeinput
Jason Denney 12 years ago
parent
commit
f6f932f63a
  1. 31
      app/components/app_tab_panel.rb
  2. 21
      app/components/transaction_logs.rb
  3. 13
      app/components/user_logs.rb
  4. 4
      app/models/ability.rb

31
app/components/app_tab_panel.rb

@ -21,31 +21,34 @@ class AppTabPanel < Netzke::Basepack::TabPanel
title: "Brands/Models"} title: "Brands/Models"}
] ]
#for users #for users only
if controller.current_user.role?(:user) if not controller.current_user.role?(:admin)
# (had to use hash for borders to get the title to display properly)
@@app_tab_panel_items.concat [{ layout: :fit, @@app_tab_panel_items.concat [{ layout: :fit,
wrappedComponent: :user_profile_border, wrappedComponent: :user_profile_border,
title: "Profile"}, title: "My Profile"},
{ layout: :fit, { layout: :fit,
wrappedComponent: :user_transactions_border, wrappedComponent: :user_transactions_border,
title: "Transactions"} title: "My Transactions"}
] ]
end end
#for admins #for admins
if controller.current_user.role?(:admin) if can? :manage, User
# (had to use hash for borders to get the title to display properly)
@@app_tab_panel_items.concat [{ layout: :fit, @@app_tab_panel_items.concat [{ layout: :fit,
wrappedComponent: :users_and_profiles_border, wrappedComponent: :users_and_profiles_border,
title: "Users/Profiles"}, title: "Users/Profiles"}]
{ layout: :fit, end
if can? :manage, Transaction
@@app_tab_panel_items.concat [{ layout: :fit,
wrappedComponent: :transactions_border, wrappedComponent: :transactions_border,
title: "Transactions"}, title: "Users/Transactions"}]
:logs, end
{ layout: :fit, if can? :manage, ::ActsAsLoggable::Log.all
@@app_tab_panel_items.concat [:logs]
end
if can? :manage, Role
@@app_tab_panel_items.concat [{ layout: :fit,
wrappedComponent: :user_role_joins, wrappedComponent: :user_role_joins,
title: "User Roles"} title: "User Roles"}]
]
end end
@@app_tab_panel_items.each do |item| @@app_tab_panel_items.each do |item|

21
app/components/transaction_logs.rb

@ -29,22 +29,21 @@ class TransactionLogs < Netzke::Basepack::Grid
} }
] ]
c.prohibit_update = true if cannot? :update, ::ActsAsLoggable::Log @transaction_logs = ::ActsAsLoggable::Log.where(:loggable_type => "Transaction").all
c.prohibit_create = true if cannot? :create, ::ActsAsLoggable::Log c.prohibit_update = true if cannot? :update, @transaction_logs
c.prohibit_delete = true if cannot? :delete, ::ActsAsLoggable::Log c.prohibit_create = true if cannot? :create, @transaction_logs
c.prohibit_delete = true if cannot? :delete, @transaction_logs
end end
def default_fields_for_forms def default_fields_for_forms
customer = nil customer = "No Customer Selected"
item = nil item = "No Item Selected"
if session[:selected_transaction_id] trans = Transaction.find_by_id(session[:selected_transaction_id])
trans = Transaction.find_by_id(session[:selected_transaction_id]) if trans
customer = trans.customer customer = trans.customer
item = trans.item item = trans.item
end end
customer = "No Customer Selected" if customer.nil?
item = "No Item Selected" if item.nil?
[ [
{ :no_binding => true, :xtype => 'displayfield', :fieldLabel => "Payment from:", :value => "#{customer.to_s}"}, { :no_binding => true, :xtype => 'displayfield', :fieldLabel => "Payment from:", :value => "#{customer.to_s}"},
{ :no_binding => true, :xtype => 'displayfield', :fieldLabel => "Payment for:", :value => "#{item.to_s}"}, { :no_binding => true, :xtype => 'displayfield', :fieldLabel => "Payment for:", :value => "#{item.to_s}"},
@ -58,8 +57,8 @@ class TransactionLogs < Netzke::Basepack::Grid
#override with nil to remove actions #override with nil to remove actions
def default_bbar def default_bbar
bbar = [ :search ] bbar = [ :search ]
bbar.concat [ :apply ] if can? :update, ::ActsAsLoggable::Log bbar.concat [ :apply ] if can? :update, @transaction_logs
bbar.concat [:add_in_form ] if can? :create, ::ActsAsLoggable::Log bbar.concat [:add_in_form ] if can? :create, @transaction_logs
bbar bbar
end end

13
app/components/user_logs.rb

@ -14,10 +14,16 @@ class UserLogs < Netzke::Basepack::Grid
:copy_action_id => 4 :copy_action_id => 4
} }
if can? :manage, ::ActsAsLoggable::Log #this seems inefficient
if can? :manage, ::ActsAsLoggable::Log.where(:loggable_type => "User").all
#admins and staff #admins and staff
user_log_scope = lambda { |rel| rel.where(:loggable_type => 'User',:loggable_id => session[:selected_user_id]);}
user_log_strong_default_attrs.merge!( { :loggable_id => session[:selected_user_id] } ) #if selected user nil, then the admin is viewing their own profile
selected_user = User.find_by_id(session[:selected_user_id])
selected_user = controller.current_user if selected_user.nil?
user_log_scope = lambda { |rel| rel.where(:loggable_type => 'User',:loggable_id => selected_user.id );}
user_log_strong_default_attrs.merge!( { :loggable_id => selected_user.id } )
user_log_data_store = {auto_load: true } user_log_data_store = {auto_load: true }
else else
#just users #just users
@ -54,6 +60,7 @@ class UserLogs < Netzke::Basepack::Grid
current_user ||= User.find_by_id(session[:selected_user_id]) || controller.current_user current_user ||= User.find_by_id(session[:selected_user_id]) || controller.current_user
bike_id = current_user.bike.nil? ? nil : current_user.bike.id bike_id = current_user.bike.nil? ? nil : current_user.bike.id
[ [
{ :no_binding => true, :xtype => 'displayfield', :fieldLabel => "Log for:", :value => "#{current_user.to_s}"},
{ :name => :start_date}, { :name => :start_date},
{ :name => :end_date}, { :name => :end_date},
{ :name => :description}, { :name => :description},

4
app/models/ability.rb

@ -24,7 +24,7 @@ class Ability
def user def user
can :read, :all can :read, :all
can :manage, Bike, :id => @current_user.bike_id unless @current_user.bike.nil? can :manage, Bike, :id => @current_user.bike_id unless @current_user.bike.nil?
can :manage, ::ActsAsLoggable::Log, { :loggable_type => "Bike", :loggable_id => @current_user.bike_id } can :manage, ::ActsAsLoggable::Log, :loggable_type => "Bike", :loggable_id => @current_user.bike_id
can :manage, ::ActsAsLoggable::Log, { :loggable_type => "User", :loggable_id => @current_user.id } can :manage, ::ActsAsLoggable::Log, :loggable_type => "User", :loggable_id => @current_user.id
end end
end end

Loading…
Cancel
Save