Open-Source-Access-Control-.../app/models/ability.rb

class Ability
  include CanCan::Ability

  def initialize(user)
    if !user.nil?
      # By default, users can only see their own stuff
      can :read, Card, :user_id => user.id
      can :read, Certification
      can :read, User, :id => user.id
      can :read, UserCertification, :user_id => user.id

      # Admins can manage all
      if user.admin?
        can :manage, :all
      end
      # Instructors can manage certs and see users
      if user.instructor? 
        can :manage, Certification
        can [:create,:read], User
        can :manage, UserCertification
      end
      # Users can see others' stuff if they've been oriented
      unless user.orientation.blank?
        can :read, User, :hidden => [nil,false]
        can :read, UserCertification
      end 
    end 
    # Define abilities for the passed in user here. For example:
    #
    #   user ||= User.new # guest user (not logged in)
    #   if user.admin?
    #     can :manage, :all
    #   else
    #     can :read, :all
    #   end
    #
    # The first argument to `can` is the action you are giving the user permission to do.
    # If you pass :manage it will apply to every action. Other common actions here are
    # :read, :create, :update and :destroy.
    #
    # The second argument is the resource the user can perform the action on. If you pass
    # :all it will apply to every resource. Otherwise pass a Ruby class of the resource.
    #
    # The third argument is an optional hash of conditions to further filter the objects.
    # For example, here the user can only update published articles.
    #
    #   can :update, Article, :published => true
    #
    # See the wiki for details: https://github.com/ryanb/cancan/wiki/Defining-Abilities
  end
end
Added cancan 2012-09-02 11:37:34 +00:00			`class Ability`
			`include CanCan::Ability`

			`def initialize(user)`
Got abilities working on index; next need to separate users from members from cards. 2012-09-16 01:41:55 +00:00			`if !user.nil?`
Fine tuned abilities and updated how membership is tracked 2013-01-25 13:01:02 +00:00			`# By default, users can only see their own stuff`
			`can :read, Card, :user_id => user.id`
			`can :read, Certification`
			`can :read, User, :id => user.id`
			`can :read, UserCertification, :user_id => user.id`

			`# Admins can manage all`
Got abilities working on index; next need to separate users from members from cards. 2012-09-16 01:41:55 +00:00			`if user.admin?`
			`can :manage, :all`
Trying to get ability filtering down but failing on collections 2012-09-04 06:20:00 +00:00			`end`
Fine tuned abilities and updated how membership is tracked 2013-01-25 13:01:02 +00:00			`# Instructors can manage certs and see users`
Adding certifications; messed up adding certification_users so not staging those 2013-01-25 10:12:25 +00:00			`if user.instructor?`
			`can :manage, Certification`
Finishing touches on abilities and registration form 2013-01-25 20:47:44 +00:00			`can [:create,:read], User`
Fine tuned abilities and updated how membership is tracked 2013-01-25 13:01:02 +00:00			`can :manage, UserCertification`
Adding certifications; messed up adding certification_users so not staging those 2013-01-25 10:12:25 +00:00			`end`
Fine tuned abilities and updated how membership is tracked 2013-01-25 13:01:02 +00:00			`# Users can see others' stuff if they've been oriented`
			`unless user.orientation.blank?`
Finishing touches on abilities and registration form 2013-01-25 20:47:44 +00:00			`can :read, User, :hidden => [nil,false]`
Fine tuned abilities and updated how membership is tracked 2013-01-25 13:01:02 +00:00			`can :read, UserCertification`
			`end`
Got abilities working on index; next need to separate users from members from cards. 2012-09-16 01:41:55 +00:00			`end`
Added cancan 2012-09-02 11:37:34 +00:00			`# Define abilities for the passed in user here. For example:`
			`#`
			`# user \|\|= User.new # guest user (not logged in)`
			`# if user.admin?`
			`# can :manage, :all`
			`# else`
			`# can :read, :all`
			`# end`
			`#`
			# The first argument to `can` is the action you are giving the user permission to do.
			`# If you pass :manage it will apply to every action. Other common actions here are`
			`# :read, :create, :update and :destroy.`
			`#`
			`# The second argument is the resource the user can perform the action on. If you pass`
			`# :all it will apply to every resource. Otherwise pass a Ruby class of the resource.`
			`#`
			`# The third argument is an optional hash of conditions to further filter the objects.`
			`# For example, here the user can only update published articles.`
			`#`
			`# can :update, Article, :published => true`
			`#`
			`# See the wiki for details: https://github.com/ryanb/cancan/wiki/Defining-Abilities`
			`end`
			`end`