Instructors can delete their own certs; hidden users are hidden in drop-downs; admins can see last user login; prepping for postgres

2013-05-03 00:16:02 -07:00
parent 719b9447ab
commit 20a007cac5
7 changed files with 26 additions and 9 deletions
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -20,7 +20,8 @@ class Ability
      if user.instructor? 
        can :manage, Certification
        can [:create,:read], User, :hidden => [nil,false]
-        can :manage, UserCertification
+        can [:create,:read], UserCertification
+        can [:update,:destroy], UserCertification, :created_by => user.id
      end
      # Users can see others' stuff if they've been oriented
      unless user.orientation.blank?
@@ -44,7 +45,7 @@ class Ability
      cannot :destroy, Certification
      cannot :destroy, Mac
      cannot :destroy, MacLog
-      cannot :destroy, UserCertification
+      #cannot :destroy, UserCertification
      cannot :destroy, DoorLog
      # no exception for destroying payments
    end