Allowed admins to see hidden users, added "no orientation" message to main page and hid new people from non-oriented people

2013-02-09 02:51:35 -07:00
parent f1b752a4c4
commit 3f3eb1ed65
2 changed files with 10 additions and 5 deletions
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -16,10 +16,6 @@ class Ability
      can :read, User, :id => user.id #TODO: why can users update themselves?
      can :read, UserCertification, :user_id => user.id

-      # Admins can manage all
-      if user.admin?
-        can :manage, :all
-      end
      # Instructors can manage certs and see users
      if user.instructor? 
        can :manage, Certification
@@ -32,6 +28,11 @@ class Ability
        can :read, UserCertification
      end 

+      # Admins can manage all
+      if user.admin?
+        can :manage, :all
+      end
+
      # Prevent all destruction for now
      cannot :destroy, User
      cannot :destroy, Card