will/Open-Source-Access-Control-Web-Interface
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Updating settings & fixing auth of objects through other objects cancan bug?

Browse Source
This commit is contained in:
Will Bradley
2013-09-28 19:31:28 -07:00
parent 9e08a0d036
commit 42679aa410
7 changed files with 14 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
app/models/ability.rb
View File

@@ -2,21 +2,15 @@ class Ability
include CanCan::Ability
def initialize(user)
# Anonymous can read mac
today = Date.today
event = Date.new(2013,9,1)
unless today == event
can :read, Mac
can :scan, Mac # Need anonymous so CRON can scan
end
can :read, Mac # Anonymous can read mac
can :scan, Mac # Need anonymous so CRON can scan
if !user.nil?
# By default, users can only see their own stuff
can :read, Card, :user_id => user.id
can :read, Certification
can :read_details, Mac unless today == event
can :read_details, Mac
can [:update], Mac, :user_id => nil
can [:create,:update], Mac, :user_id => user.id
can :read, User, :id => user.id #TODO: why can users update themselves?
@@ -44,6 +38,8 @@ class Ability
# Admins can manage all
if user.admin?
Rails.logger.info user.inspect
Rails.logger.info "IS ADMIN"
can :manage, :all
end