mirror of
https://github.com/fspc/BikeShed-1.git
synced 2025-10-31 17:05:36 -04:00
Fixing some cancan permission issues… i think
This commit is contained in:
Jason Denney
parent
db1732f7bf
commit
f6f932f63a
@ -21,31 +21,34 @@ class AppTabPanel < Netzke::Basepack::TabPanel
|
|||||||
title: "Brands/Models"}
|
title: "Brands/Models"}
|
||||||
]
|
]
|
||||||
|
|
||||||
#for users
|
#for users only
|
||||||
if controller.current_user.role?(:user)
|
if not controller.current_user.role?(:admin)
|
||||||
# (had to use hash for borders to get the title to display properly)
|
|
||||||
@@app_tab_panel_items.concat [{ layout: :fit,
|
@@app_tab_panel_items.concat [{ layout: :fit,
|
||||||
wrappedComponent: :user_profile_border,
|
wrappedComponent: :user_profile_border,
|
||||||
title: "Profile"},
|
title: "My Profile"},
|
||||||
{ layout: :fit,
|
{ layout: :fit,
|
||||||
wrappedComponent: :user_transactions_border,
|
wrappedComponent: :user_transactions_border,
|
||||||
title: "Transactions"}
|
title: "My Transactions"}
|
||||||
]
|
]
|
||||||
end
|
end
|
||||||
#for admins
|
#for admins
|
||||||
if controller.current_user.role?(:admin)
|
if can? :manage, User
|
||||||
# (had to use hash for borders to get the title to display properly)
|
|
||||||
@@app_tab_panel_items.concat [{ layout: :fit,
|
@@app_tab_panel_items.concat [{ layout: :fit,
|
||||||
wrappedComponent: :users_and_profiles_border,
|
wrappedComponent: :users_and_profiles_border,
|
||||||
title: "Users/Profiles"},
|
title: "Users/Profiles"}]
|
||||||
{ layout: :fit,
|
end
|
||||||
|
if can? :manage, Transaction
|
||||||
|
@@app_tab_panel_items.concat [{ layout: :fit,
|
||||||
wrappedComponent: :transactions_border,
|
wrappedComponent: :transactions_border,
|
||||||
title: "Transactions"},
|
title: "Users/Transactions"}]
|
||||||
:logs,
|
end
|
||||||
{ layout: :fit,
|
if can? :manage, ::ActsAsLoggable::Log.all
|
||||||
|
@@app_tab_panel_items.concat [:logs]
|
||||||
|
end
|
||||||
|
if can? :manage, Role
|
||||||
|
@@app_tab_panel_items.concat [{ layout: :fit,
|
||||||
wrappedComponent: :user_role_joins,
|
wrappedComponent: :user_role_joins,
|
||||||
title: "User Roles"}
|
title: "User Roles"}]
|
||||||
]
|
|
||||||
end
|
end
|
||||||
|
|
||||||
@@app_tab_panel_items.each do |item|
|
@@app_tab_panel_items.each do |item|
|
||||||
|
|||||||
@ -29,22 +29,21 @@ class TransactionLogs < Netzke::Basepack::Grid
|
|||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
|
||||||
c.prohibit_update = true if cannot? :update, ::ActsAsLoggable::Log
|
@transaction_logs = ::ActsAsLoggable::Log.where(:loggable_type => "Transaction").all
|
||||||
c.prohibit_create = true if cannot? :create, ::ActsAsLoggable::Log
|
c.prohibit_update = true if cannot? :update, @transaction_logs
|
||||||
c.prohibit_delete = true if cannot? :delete, ::ActsAsLoggable::Log
|
c.prohibit_create = true if cannot? :create, @transaction_logs
|
||||||
|
c.prohibit_delete = true if cannot? :delete, @transaction_logs
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def default_fields_for_forms
|
def default_fields_for_forms
|
||||||
customer = nil
|
customer = "No Customer Selected"
|
||||||
item = nil
|
item = "No Item Selected"
|
||||||
if session[:selected_transaction_id]
|
trans = Transaction.find_by_id(session[:selected_transaction_id])
|
||||||
trans = Transaction.find_by_id(session[:selected_transaction_id])
|
if trans
|
||||||
customer = trans.customer
|
customer = trans.customer
|
||||||
item = trans.item
|
item = trans.item
|
||||||
end
|
end
|
||||||
customer = "No Customer Selected" if customer.nil?
|
|
||||||
item = "No Item Selected" if item.nil?
|
|
||||||
[
|
[
|
||||||
{ :no_binding => true, :xtype => 'displayfield', :fieldLabel => "Payment from:", :value => "#{customer.to_s}"},
|
{ :no_binding => true, :xtype => 'displayfield', :fieldLabel => "Payment from:", :value => "#{customer.to_s}"},
|
||||||
{ :no_binding => true, :xtype => 'displayfield', :fieldLabel => "Payment for:", :value => "#{item.to_s}"},
|
{ :no_binding => true, :xtype => 'displayfield', :fieldLabel => "Payment for:", :value => "#{item.to_s}"},
|
||||||
@ -58,8 +57,8 @@ class TransactionLogs < Netzke::Basepack::Grid
|
|||||||
#override with nil to remove actions
|
#override with nil to remove actions
|
||||||
def default_bbar
|
def default_bbar
|
||||||
bbar = [ :search ]
|
bbar = [ :search ]
|
||||||
bbar.concat [ :apply ] if can? :update, ::ActsAsLoggable::Log
|
bbar.concat [ :apply ] if can? :update, @transaction_logs
|
||||||
bbar.concat [:add_in_form ] if can? :create, ::ActsAsLoggable::Log
|
bbar.concat [:add_in_form ] if can? :create, @transaction_logs
|
||||||
bbar
|
bbar
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|||||||
@ -14,10 +14,16 @@ class UserLogs < Netzke::Basepack::Grid
|
|||||||
:copy_action_id => 4
|
:copy_action_id => 4
|
||||||
}
|
}
|
||||||
|
|
||||||
if can? :manage, ::ActsAsLoggable::Log
|
#this seems inefficient
|
||||||
|
if can? :manage, ::ActsAsLoggable::Log.where(:loggable_type => "User").all
|
||||||
#admins and staff
|
#admins and staff
|
||||||
user_log_scope = lambda { |rel| rel.where(:loggable_type => 'User',:loggable_id => session[:selected_user_id]);}
|
|
||||||
user_log_strong_default_attrs.merge!( { :loggable_id => session[:selected_user_id] } )
|
#if selected user nil, then the admin is viewing their own profile
|
||||||
|
selected_user = User.find_by_id(session[:selected_user_id])
|
||||||
|
selected_user = controller.current_user if selected_user.nil?
|
||||||
|
|
||||||
|
user_log_scope = lambda { |rel| rel.where(:loggable_type => 'User',:loggable_id => selected_user.id );}
|
||||||
|
user_log_strong_default_attrs.merge!( { :loggable_id => selected_user.id } )
|
||||||
user_log_data_store = {auto_load: true }
|
user_log_data_store = {auto_load: true }
|
||||||
else
|
else
|
||||||
#just users
|
#just users
|
||||||
@ -54,6 +60,7 @@ class UserLogs < Netzke::Basepack::Grid
|
|||||||
current_user ||= User.find_by_id(session[:selected_user_id]) || controller.current_user
|
current_user ||= User.find_by_id(session[:selected_user_id]) || controller.current_user
|
||||||
bike_id = current_user.bike.nil? ? nil : current_user.bike.id
|
bike_id = current_user.bike.nil? ? nil : current_user.bike.id
|
||||||
[
|
[
|
||||||
|
{ :no_binding => true, :xtype => 'displayfield', :fieldLabel => "Log for:", :value => "#{current_user.to_s}"},
|
||||||
{ :name => :start_date},
|
{ :name => :start_date},
|
||||||
{ :name => :end_date},
|
{ :name => :end_date},
|
||||||
{ :name => :description},
|
{ :name => :description},
|
||||||
|
|||||||
@ -24,7 +24,7 @@ class Ability
|
|||||||
def user
|
def user
|
||||||
can :read, :all
|
can :read, :all
|
||||||
can :manage, Bike, :id => @current_user.bike_id unless @current_user.bike.nil?
|
can :manage, Bike, :id => @current_user.bike_id unless @current_user.bike.nil?
|
||||||
can :manage, ::ActsAsLoggable::Log, { :loggable_type => "Bike", :loggable_id => @current_user.bike_id }
|
can :manage, ::ActsAsLoggable::Log, :loggable_type => "Bike", :loggable_id => @current_user.bike_id
|
||||||
can :manage, ::ActsAsLoggable::Log, { :loggable_type => "User", :loggable_id => @current_user.id }
|
can :manage, ::ActsAsLoggable::Log, :loggable_type => "User", :loggable_id => @current_user.id
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user