Trying to get ability filtering down but failing on collections
This commit is contained in:
parent
1e4dcfd9f3
commit
03d99741e5
|
@ -1,11 +1,12 @@
|
|||
class UsersController < ApplicationController
|
||||
authorize_resource
|
||||
load_and_authorize_resource
|
||||
before_filter :authenticate_user!
|
||||
|
||||
# GET /users
|
||||
# GET /users.json
|
||||
def index
|
||||
@users = User.all
|
||||
#@users = User.all
|
||||
#authorize! :read, @users
|
||||
|
||||
respond_to do |format|
|
||||
format.html # index.html.erb
|
||||
|
@ -16,7 +17,7 @@ class UsersController < ApplicationController
|
|||
# GET /users/1
|
||||
# GET /users/1.json
|
||||
def show
|
||||
@user = User.find(params[:id])
|
||||
#@user = User.find(params[:id])
|
||||
|
||||
respond_to do |format|
|
||||
format.html # show.html.erb
|
||||
|
@ -26,7 +27,7 @@ class UsersController < ApplicationController
|
|||
|
||||
# PUT /users/1/upload
|
||||
def upload
|
||||
@user = User.find(params[:id])
|
||||
#@user = User.find(params[:id])
|
||||
@upload_result = @user.upload_to_door
|
||||
|
||||
respond_to do |format|
|
||||
|
@ -48,7 +49,7 @@ class UsersController < ApplicationController
|
|||
# GET /users/new
|
||||
# GET /users/new.json
|
||||
def new
|
||||
@user = User.new
|
||||
#@user = User.new
|
||||
|
||||
respond_to do |format|
|
||||
format.html # new.html.erb
|
||||
|
@ -58,13 +59,13 @@ class UsersController < ApplicationController
|
|||
|
||||
# GET /users/1/edit
|
||||
def edit
|
||||
@user = User.find(params[:id])
|
||||
#@user = User.find(params[:id])
|
||||
end
|
||||
|
||||
# POST /users
|
||||
# POST /users.json
|
||||
def create
|
||||
@user = User.new(params[:user])
|
||||
#@user = User.new(params[:user])
|
||||
|
||||
respond_to do |format|
|
||||
if @user.save
|
||||
|
@ -80,7 +81,7 @@ class UsersController < ApplicationController
|
|||
# PUT /users/1
|
||||
# PUT /users/1.json
|
||||
def update
|
||||
@user = User.find(params[:id])
|
||||
#@user = User.find(params[:id])
|
||||
|
||||
respond_to do |format|
|
||||
if @user.update_attributes(params[:user])
|
||||
|
@ -96,7 +97,7 @@ class UsersController < ApplicationController
|
|||
# DELETE /users/1
|
||||
# DELETE /users/1.json
|
||||
def destroy
|
||||
@user = User.find(params[:id])
|
||||
#@user = User.find(params[:id])
|
||||
@user.destroy
|
||||
|
||||
respond_to do |format|
|
||||
|
|
|
@ -2,9 +2,13 @@ class Ability
|
|||
include CanCan::Ability
|
||||
|
||||
def initialize(user)
|
||||
can :manage, User do |u|
|
||||
if user.admin?
|
||||
can :manage, :all
|
||||
else
|
||||
can :read, User do |u|
|
||||
u.id == user.id
|
||||
end
|
||||
end
|
||||
# Define abilities for the passed in user here. For example:
|
||||
#
|
||||
# user ||= User.new # guest user (not logged in)
|
||||
|
|
Loading…
Reference in New Issue
Block a user