will/Open-Source-Access-Control-Web-Interface
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Trying to get ability filtering down but failing on collections

Browse Source
This commit is contained in:
Will Bradley 2012-09-03 23:20:00 -07:00
parent 1e4dcfd9f3
commit 03d99741e5
2 changed files with 15 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
app/controllers/users_controller.rb
View File

@ -1,11 +1,12 @@
class UsersController < ApplicationController class UsersController < ApplicationController
authorize_resource load_and_authorize_resource
before_filter :authenticate_user! before_filter :authenticate_user!
# GET /users # GET /users
# GET /users.json # GET /users.json
def index def index
@users = User.all #@users = User.all
#authorize! :read, @users
respond_to do |format| respond_to do |format|
format.html # index.html.erb format.html # index.html.erb
@ -16,7 +17,7 @@ class UsersController < ApplicationController
# GET /users/1 # GET /users/1
# GET /users/1.json # GET /users/1.json
def show def show
@user = User.find(params[:id]) #@user = User.find(params[:id])
respond_to do |format| respond_to do |format|
format.html # show.html.erb format.html # show.html.erb
@ -26,7 +27,7 @@ class UsersController < ApplicationController
# PUT /users/1/upload # PUT /users/1/upload
def upload def upload
@user = User.find(params[:id]) #@user = User.find(params[:id])
@upload_result = @user.upload_to_door @upload_result = @user.upload_to_door
respond_to do |format| respond_to do |format|
@ -48,7 +49,7 @@ class UsersController < ApplicationController
# GET /users/new # GET /users/new
# GET /users/new.json # GET /users/new.json
def new def new
@user = User.new #@user = User.new
respond_to do |format| respond_to do |format|
format.html # new.html.erb format.html # new.html.erb
@ -58,13 +59,13 @@ class UsersController < ApplicationController
# GET /users/1/edit # GET /users/1/edit
def edit def edit
@user = User.find(params[:id]) #@user = User.find(params[:id])
end end
# POST /users # POST /users
# POST /users.json # POST /users.json
def create def create
@user = User.new(params[:user]) #@user = User.new(params[:user])
respond_to do |format| respond_to do |format|
if @user.save if @user.save
@ -80,7 +81,7 @@ class UsersController < ApplicationController
# PUT /users/1 # PUT /users/1
# PUT /users/1.json # PUT /users/1.json
def update def update
@user = User.find(params[:id]) #@user = User.find(params[:id])
respond_to do |format| respond_to do |format|
if @user.update_attributes(params[:user]) if @user.update_attributes(params[:user])
@ -96,7 +97,7 @@ class UsersController < ApplicationController
# DELETE /users/1 # DELETE /users/1
# DELETE /users/1.json # DELETE /users/1.json
def destroy def destroy
@user = User.find(params[:id]) #@user = User.find(params[:id])
@user.destroy @user.destroy
respond_to do |format| respond_to do |format|

6
app/models/ability.rb
View File

@ -2,9 +2,13 @@ class Ability
include CanCan::Ability include CanCan::Ability
def initialize(user) def initialize(user)
can :manage, User do |u| if user.admin?
can :manage, :all
else
can :read, User do |u|
u.id == user.id u.id == user.id
end end
end
# Define abilities for the passed in user here. For example: # Define abilities for the passed in user here. For example:
# #
# user ||= User.new # guest user (not logged in) # user ||= User.new # guest user (not logged in)