Instructors can delete their own certs; hidden users are hidden in drop-downs; admins can see last user login; prepping for postgres

app/controllers/payments_controller.rb

@@ -5,7 +5,7 @@ class PaymentsController < ApplicationController
 
   # Load users and certs based on current ability
   before_filter do
-    @users = User.accessible_by(current_ability).sort_by(&:name_with_payee_and_member_level)
+    @users = User.where(:hidden => false).where("member_level > 10").accessible_by(current_ability).sort_by(&:name_with_payee_and_member_level)
   end
 
   before_filter :only => [:create, :update] do

app/controllers/user_certifications_controller.rb

@@ -6,7 +6,7 @@ class UserCertificationsController < ApplicationController
 
   # Load users and certs based on current ability
   before_filter :only => [:new, :edit, :create, :update] do
-    @users = User.accessible_by(current_ability).sort_by(&:name)
+    @users = User.where(:hidden => false).accessible_by(current_ability).sort_by(&:name)
     @certifications = Certification.accessible_by(current_ability).sort_by(&:name)
   end
   

app/models/ability.rb

@@ -20,7 +20,8 @@ class Ability
       if user.instructor? 
         can :manage, Certification
         can [:create,:read], User, :hidden => [nil,false]
-        can :manage, UserCertification
+        can [:create,:read], UserCertification
+        can [:update,:destroy], UserCertification, :created_by => user.id
       end
       # Users can see others' stuff if they've been oriented
       unless user.orientation.blank?
@@ -44,7 +45,7 @@ class Ability
       cannot :destroy, Certification
       cannot :destroy, Mac
       cannot :destroy, MacLog
-      cannot :destroy, UserCertification
+      #cannot :destroy, UserCertification
       cannot :destroy, DoorLog
       # no exception for destroying payments
     end 

app/views/payments/_form.html.erb

@@ -13,11 +13,11 @@
 
   <div class="field">
     <%= f.label :user_id, "User" %><br />
-    <%= collection_select(:payment, :user_id, @users, :id, :name_with_payee_and_member_level) %>
+    <%= collection_select(:payment, :user_id, @users, :id, :name_with_payee_and_member_level) %> (inactive members are not shown.)
   </div>
   <div class="field">
     <%= f.label :date, "Paid for month beginning" %><br />
-    <%= f.date_select :date %>
+    <%= f.date_select :date, :default => (DateTime.now - 1.month) %>
   </div>
   <div class="actions">
     <%= f.submit %>

app/views/user_certifications/show.html.erb

@@ -18,8 +18,14 @@
   at <%= @user_certification.updated_at %> 
 </p>
 
-<%= link_to 'Edit', edit_user_certification_path(@user_certification) %> |
-<%= link_to 'Back', user_certifications_path %>
 <p>
-<%= link_to 'Destroy', @user_certification, :confirm => "Are you sure you want to destroy this user's certification?", :method => :delete if can? :destroy, @user_certification %>
+<% if can? :update, @user_certification %>
+  <%= link_to 'Edit', edit_user_certification_path(@user_certification) %> |
+<% end %>
+
+<% if can? :destroy, @user_certification %>
+  <%= link_to 'Delete', @user_certification, :confirm => "Are you sure you want to destroy this user's certification?", :method => :delete %> | 
+<% end %>
+
+<%= link_to 'Back', user_certifications_path %>
 </p>

app/views/users/show.html.erb

@@ -108,6 +108,10 @@
   <b>Created:</b>
   <%= @user.created_at %>
 </p>
+<p>
+  <b>Last signed in:</b>
+  <%= @user.current_sign_in_at %>
+</p>
 <% end %>
 
 <% if can? :update, @user then %><%= link_to 'Edit', edit_user_path(@user) %> |<% end %>

config/database.yml

@@ -23,3 +23,9 @@ production:
   database: db/production.sqlite3
   pool: 5
   timeout: 5000
+#  adapter: postgresql
+#  encoding: unicode
+#  database: members
+#  pool: 5
+#  username: postgres
+#  password: