From 42679aa410c5949bb4b55da7c7338c5ebc59d576 Mon Sep 17 00:00:00 2001 From: Will Bradley Date: Sat, 28 Sep 2013 19:31:28 -0700 Subject: [PATCH] Updating settings & fixing auth of objects through other objects cancan bug? --- app/controllers/certifications_controller.rb | 2 +- .../user_certifications_controller.rb | 4 +-- app/models/ability.rb | 14 ++++------- app/views/layouts/application.html.erb | 1 + app/views/settings/edit.html.erb | 3 +-- app/views/settings/index.html.erb | 4 +-- config/initializers/default_settings.rb | 25 ++----------------- 7 files changed, 14 insertions(+), 39 deletions(-) diff --git a/app/controllers/certifications_controller.rb b/app/controllers/certifications_controller.rb index ac8cb88..4f91dc4 100644 --- a/app/controllers/certifications_controller.rb +++ b/app/controllers/certifications_controller.rb @@ -1,6 +1,6 @@ class CertificationsController < ApplicationController load_and_authorize_resource :certification - load_and_authorize_resource :user, :through => :certification + #load_and_authorize_resource :user, :through => :certification before_filter :authenticate_user! # GET /certifications diff --git a/app/controllers/user_certifications_controller.rb b/app/controllers/user_certifications_controller.rb index aff149a..c6ce624 100644 --- a/app/controllers/user_certifications_controller.rb +++ b/app/controllers/user_certifications_controller.rb @@ -1,7 +1,7 @@ class UserCertificationsController < ApplicationController load_and_authorize_resource :user_certification - load_and_authorize_resource :user, :through => :user_certification - load_and_authorize_resource :certification, :through => :user_certification + #load_and_authorize_resource :user, :through => :user_certification + #load_and_authorize_resource :certification, :through => :user_certification before_filter :authenticate_user! # Load users and certs based on current ability diff --git a/app/models/ability.rb b/app/models/ability.rb index 4f5ea1b..66b4dec 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -2,21 +2,15 @@ class Ability include CanCan::Ability def initialize(user) - # Anonymous can read mac - today = Date.today - event = Date.new(2013,9,1) - - unless today == event - can :read, Mac - can :scan, Mac # Need anonymous so CRON can scan - end + can :read, Mac # Anonymous can read mac + can :scan, Mac # Need anonymous so CRON can scan if !user.nil? # By default, users can only see their own stuff can :read, Card, :user_id => user.id can :read, Certification - can :read_details, Mac unless today == event + can :read_details, Mac can [:update], Mac, :user_id => nil can [:create,:update], Mac, :user_id => user.id can :read, User, :id => user.id #TODO: why can users update themselves? @@ -44,6 +38,8 @@ class Ability # Admins can manage all if user.admin? +Rails.logger.info user.inspect +Rails.logger.info "IS ADMIN" can :manage, :all end diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb index 4eacfcd..828e8f1 100644 --- a/app/views/layouts/application.html.erb +++ b/app/views/layouts/application.html.erb @@ -19,6 +19,7 @@ <% end %> <%= link_to 'Payments', payments_path if can? :read, Payment %> <%= link_to 'Computers', macs_path if user_signed_in? || (can? :read, Mac) %> + <%= link_to 'Settings', settings_path if can? :read, Setting %> <% if user_signed_in? then %><%= link_to 'Profile', edit_user_registration_path %><% end %> <%= link_to 'Logout', destroy_user_session_path, :method => :delete if user_signed_in? %> <%= link_to 'Login', new_user_session_path unless user_signed_in? %> diff --git a/app/views/settings/edit.html.erb b/app/views/settings/edit.html.erb index 8c683ce..857b357 100644 --- a/app/views/settings/edit.html.erb +++ b/app/views/settings/edit.html.erb @@ -8,11 +8,10 @@ $(function(){

Editing <%= @setting[:var].titleize %>

<%= text_area_tag :value, @setting[:value], :cols => 50, :class => "wysiwyg" %>
- Use %{provider_name} or %{client_name} to include names in messages.
<%= submit_tag "Save", {:class => "wymupdate"} %>
<%= link_to "Back", settings_path %>
-<% end %> \ No newline at end of file +<% end %> diff --git a/app/views/settings/index.html.erb b/app/views/settings/index.html.erb index 28f9e08..46e17ae 100644 --- a/app/views/settings/index.html.erb +++ b/app/views/settings/index.html.erb @@ -7,10 +7,10 @@ <% @settings.each do |setting| %> <%= setting.first.titleize %> - "<%= setting.last %>" + "<%= setting.last.truncate(140) %>" <% if can? :update, setting %> <%= link_to 'Edit', edit_setting_path(setting.first) %> <% end %> <% end %> - \ No newline at end of file + diff --git a/config/initializers/default_settings.rb b/config/initializers/default_settings.rb index cce006b..7ccbec5 100644 --- a/config/initializers/default_settings.rb +++ b/config/initializers/default_settings.rb @@ -1,29 +1,8 @@ @@default_settings = { - :welcome_title => "Welcome to the Hackerspace Members Site", #Welcome to the HeatSync Labs Members App. - :welcome_body => "

We are a member-driven community workshop where you can learn, make cool stuff, meet other cool people, and make your city a better place to live!

You don't have to be a member to come visit, but if you're interested in volunteering or being a member, feel free to sign up here! For more information, Click Here.

", #

You can sign up to become a member here!

+ :welcome_title => "Welcome to the Hackerspace Members Site", + :welcome_body => "

We are a member-driven community workshop where you can learn, make cool stuff, meet other cool people, and make your city a better place to live!

You don't have to be a member to come visit, but if you're interested in volunteering or being a member, feel free to sign up here! For more information, Click Here.

", :more_info_page => "No info here yet, bug a member about filling this part out!", :member_resources_inset => "No info here yet, bug a member about filling this part out!" -# } if ActiveRecord::Base.connection.tables.include?('settings') and !defined?(::Rake)