Updating settings & fixing auth of objects through other objects cancan bug?

app/controllers/certifications_controller.rb

@@ -1,6 +1,6 @@
 class CertificationsController < ApplicationController
   load_and_authorize_resource :certification
-  load_and_authorize_resource :user, :through => :certification
+  #load_and_authorize_resource :user, :through => :certification
   before_filter :authenticate_user!
 
   # GET /certifications

app/controllers/user_certifications_controller.rb

@@ -1,7 +1,7 @@
 class UserCertificationsController < ApplicationController
   load_and_authorize_resource :user_certification
-  load_and_authorize_resource :user, :through => :user_certification
-  load_and_authorize_resource :certification, :through => :user_certification
+  #load_and_authorize_resource :user, :through => :user_certification
+  #load_and_authorize_resource :certification, :through => :user_certification
   before_filter :authenticate_user!
 
   # Load users and certs based on current ability

app/models/ability.rb

@@ -2,21 +2,15 @@ class Ability
   include CanCan::Ability
 
   def initialize(user)
-    # Anonymous can read mac
-    today = Date.today
-    event = Date.new(2013,9,1)
-    
-    unless today == event
-      can :read, Mac
-      can :scan, Mac # Need anonymous so CRON can scan
-    end
+    can :read, Mac # Anonymous can read mac
+    can :scan, Mac # Need anonymous so CRON can scan
 
     if !user.nil?
 
       # By default, users can only see their own stuff
       can :read, Card, :user_id => user.id
       can :read, Certification
-      can :read_details, Mac unless today == event
+      can :read_details, Mac
       can [:update], Mac, :user_id => nil
       can [:create,:update], Mac, :user_id => user.id
       can :read, User, :id => user.id #TODO: why can users update themselves?
@@ -44,6 +38,8 @@ class Ability
 
       # Admins can manage all
       if user.admin?
+Rails.logger.info user.inspect
+Rails.logger.info "IS ADMIN"
         can :manage, :all
       end
 

app/views/layouts/application.html.erb

@@ -19,6 +19,7 @@
     <% end %>
     <%= link_to 'Payments', payments_path if can? :read, Payment %>
     <%= link_to 'Computers', macs_path if user_signed_in? || (can? :read, Mac) %>
+    <%= link_to 'Settings', settings_path if can? :read, Setting %>
     <% if user_signed_in? then %><%= link_to 'Profile', edit_user_registration_path %><% end %>
     <%= link_to 'Logout', destroy_user_session_path, :method => :delete if user_signed_in? %>
     <%= link_to 'Login', new_user_session_path unless user_signed_in? %>

app/views/settings/edit.html.erb

@@ -8,11 +8,10 @@ $(function(){
   <h3>Editing <%= @setting[:var].titleize %></h3>
   <div class="field">
     <%= text_area_tag :value, @setting[:value], :cols => 50, :class => "wysiwyg" %><br/>
-    <em>Use %{provider_name} or %{client_name} to include names in messages.</em>
   </div>
 
   <div class="field">
     <%= submit_tag "Save", {:class => "wymupdate"} %><br/>
     <%= link_to "Back", settings_path %>
   </div>
-<% end %>
+<% end %>

app/views/settings/index.html.erb

@@ -7,10 +7,10 @@
   <% @settings.each do |setting| %>
   <tr>
     <td><%= setting.first.titleize %></td>
-    <td>"<%= setting.last %>"</td>
+    <td>"<%= setting.last.truncate(140) %>"</td>
     <% if can? :update, setting %>
     <td><%= link_to 'Edit', edit_setting_path(setting.first) %></td>
     <% end %>
   </tr>
   <% end %>
-</table>
+</table>

config/initializers/default_settings.rb

@@ -1,29 +1,8 @@
 @@default_settings = {
-  :welcome_title => "Welcome to the Hackerspace Members Site", #Welcome to the HeatSync Labs Members App.
-  :welcome_body => "<p>We are a member-driven community workshop where you can learn, make cool stuff, meet other cool people, and make your city a better place to live!</p><p>You don't have to be a member to come visit, but if you're interested in volunteering or being a member, feel free to sign up here! For more information, <a href=\"/more_info\">Click Here</a>.</p>", # <p>You can sign up to become a member here!</p>
+  :welcome_title => "Welcome to the Hackerspace Members Site",
+  :welcome_body => "<p>We are a member-driven community workshop where you can learn, make cool stuff, meet other cool people, and make your city a better place to live!</p><p>You don't have to be a member to come visit, but if you're interested in volunteering or being a member, feel free to sign up here! For more information, <a href=\"/more_info\">Click Here</a>.</p>",
   :more_info_page => "No info here yet, bug a member about filling this part out!",
   :member_resources_inset => "No info here yet, bug a member about filling this part out!"
-#   <ul>
-#   <li><%= link_to "Wiki", "http://wiki.heatsynclabs.org" %></li>
-#   <li><%= link_to "Discussion Group", "http://groups.google.com/group/heatsynclabs" %></li>
-#   <li><%= link_to "IRC", "irc://irc.freenode.net#heatsynclabs" %></li>
-#   <li><%= link_to "Live Webcams", "http://live.heatsynclabs.org/" %></li>
-#   <li>Lab Phone: (480) 751-1929</li>
-#   <li>
-#     <style type="text/css">
-#      form input {font-family: 'Lucida Console', Monaco, monospace; }
-#     </style>
-    
-#     <b>Send a Message!</b>
-#     <form method="post" action="http://tweet.zyphon.com/signage.php">
-#       <em>Type here and your message will show up on the LED sign in the front window!</em><br/>
-#       <em>(Please be nice!)</em><br/>
-#       <input type="text" name="msg" id="msg" value="  Hello" size="9" /> (max 9 chars per line)<br/>
-#       <input type="text" name="msg2" id="msg2" value="  World" size="9" /><br/>
-#       <input type="submit" name="submitbutton" id="submitbutton" value="Go!" />
-#     </form>
-#   </li>
-# </ul>
 }
 
 if ActiveRecord::Base.connection.tables.include?('settings') and !defined?(::Rake)