Trying to get ability filtering down but failing on collections

This commit is contained in:
Will Bradley 2012-09-03 23:20:00 -07:00
parent 1e4dcfd9f3
commit 03d99741e5
2 changed files with 15 additions and 10 deletions

View File

@ -1,11 +1,12 @@
class UsersController < ApplicationController
authorize_resource
load_and_authorize_resource
before_filter :authenticate_user!
# GET /users
# GET /users.json
def index
@users = User.all
#@users = User.all
#authorize! :read, @users
respond_to do |format|
format.html # index.html.erb
@ -16,7 +17,7 @@ class UsersController < ApplicationController
# GET /users/1
# GET /users/1.json
def show
@user = User.find(params[:id])
#@user = User.find(params[:id])
respond_to do |format|
format.html # show.html.erb
@ -26,7 +27,7 @@ class UsersController < ApplicationController
# PUT /users/1/upload
def upload
@user = User.find(params[:id])
#@user = User.find(params[:id])
@upload_result = @user.upload_to_door
respond_to do |format|
@ -48,7 +49,7 @@ class UsersController < ApplicationController
# GET /users/new
# GET /users/new.json
def new
@user = User.new
#@user = User.new
respond_to do |format|
format.html # new.html.erb
@ -58,13 +59,13 @@ class UsersController < ApplicationController
# GET /users/1/edit
def edit
@user = User.find(params[:id])
#@user = User.find(params[:id])
end
# POST /users
# POST /users.json
def create
@user = User.new(params[:user])
#@user = User.new(params[:user])
respond_to do |format|
if @user.save
@ -80,7 +81,7 @@ class UsersController < ApplicationController
# PUT /users/1
# PUT /users/1.json
def update
@user = User.find(params[:id])
#@user = User.find(params[:id])
respond_to do |format|
if @user.update_attributes(params[:user])
@ -96,7 +97,7 @@ class UsersController < ApplicationController
# DELETE /users/1
# DELETE /users/1.json
def destroy
@user = User.find(params[:id])
#@user = User.find(params[:id])
@user.destroy
respond_to do |format|

View File

@ -2,9 +2,13 @@ class Ability
include CanCan::Ability
def initialize(user)
can :manage, User do |u|
if user.admin?
can :manage, :all
else
can :read, User do |u|
u.id == user.id
end
end
# Define abilities for the passed in user here. For example:
#
# user ||= User.new # guest user (not logged in)