Instructors can delete their own certs; hidden users are hidden in drop-downs; admins can see last user login; prepping for postgres

This commit is contained in:
Will Bradley 2013-05-03 00:16:02 -07:00
parent 719b9447ab
commit 20a007cac5
7 changed files with 26 additions and 9 deletions

View File

@ -5,7 +5,7 @@ class PaymentsController < ApplicationController
# Load users and certs based on current ability
before_filter do
@users = User.accessible_by(current_ability).sort_by(&:name_with_payee_and_member_level)
@users = User.where(:hidden => false).where("member_level > 10").accessible_by(current_ability).sort_by(&:name_with_payee_and_member_level)
end
before_filter :only => [:create, :update] do

View File

@ -6,7 +6,7 @@ class UserCertificationsController < ApplicationController
# Load users and certs based on current ability
before_filter :only => [:new, :edit, :create, :update] do
@users = User.accessible_by(current_ability).sort_by(&:name)
@users = User.where(:hidden => false).accessible_by(current_ability).sort_by(&:name)
@certifications = Certification.accessible_by(current_ability).sort_by(&:name)
end

View File

@ -20,7 +20,8 @@ class Ability
if user.instructor?
can :manage, Certification
can [:create,:read], User, :hidden => [nil,false]
can :manage, UserCertification
can [:create,:read], UserCertification
can [:update,:destroy], UserCertification, :created_by => user.id
end
# Users can see others' stuff if they've been oriented
unless user.orientation.blank?
@ -44,7 +45,7 @@ class Ability
cannot :destroy, Certification
cannot :destroy, Mac
cannot :destroy, MacLog
cannot :destroy, UserCertification
#cannot :destroy, UserCertification
cannot :destroy, DoorLog
# no exception for destroying payments
end

View File

@ -13,11 +13,11 @@
<div class="field">
<%= f.label :user_id, "User" %><br />
<%= collection_select(:payment, :user_id, @users, :id, :name_with_payee_and_member_level) %>
<%= collection_select(:payment, :user_id, @users, :id, :name_with_payee_and_member_level) %> (inactive members are not shown.)
</div>
<div class="field">
<%= f.label :date, "Paid for month beginning" %><br />
<%= f.date_select :date %>
<%= f.date_select :date, :default => (DateTime.now - 1.month) %>
</div>
<div class="actions">
<%= f.submit %>

View File

@ -18,8 +18,14 @@
at <%= @user_certification.updated_at %>
</p>
<%= link_to 'Edit', edit_user_certification_path(@user_certification) %> |
<%= link_to 'Back', user_certifications_path %>
<p>
<%= link_to 'Destroy', @user_certification, :confirm => "Are you sure you want to destroy this user's certification?", :method => :delete if can? :destroy, @user_certification %>
<% if can? :update, @user_certification %>
<%= link_to 'Edit', edit_user_certification_path(@user_certification) %> |
<% end %>
<% if can? :destroy, @user_certification %>
<%= link_to 'Delete', @user_certification, :confirm => "Are you sure you want to destroy this user's certification?", :method => :delete %> |
<% end %>
<%= link_to 'Back', user_certifications_path %>
</p>

View File

@ -108,6 +108,10 @@
<b>Created:</b>
<%= @user.created_at %>
</p>
<p>
<b>Last signed in:</b>
<%= @user.current_sign_in_at %>
</p>
<% end %>
<% if can? :update, @user then %><%= link_to 'Edit', edit_user_path(@user) %> |<% end %>

View File

@ -23,3 +23,9 @@ production:
database: db/production.sqlite3
pool: 5
timeout: 5000
# adapter: postgresql
# encoding: unicode
# database: members
# pool: 5
# username: postgres
# password: