Updating settings & fixing auth of objects through other objects cancan bug?
This commit is contained in:
parent
9e08a0d036
commit
42679aa410
|
@ -1,6 +1,6 @@
|
||||||
class CertificationsController < ApplicationController
|
class CertificationsController < ApplicationController
|
||||||
load_and_authorize_resource :certification
|
load_and_authorize_resource :certification
|
||||||
load_and_authorize_resource :user, :through => :certification
|
#load_and_authorize_resource :user, :through => :certification
|
||||||
before_filter :authenticate_user!
|
before_filter :authenticate_user!
|
||||||
|
|
||||||
# GET /certifications
|
# GET /certifications
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
class UserCertificationsController < ApplicationController
|
class UserCertificationsController < ApplicationController
|
||||||
load_and_authorize_resource :user_certification
|
load_and_authorize_resource :user_certification
|
||||||
load_and_authorize_resource :user, :through => :user_certification
|
#load_and_authorize_resource :user, :through => :user_certification
|
||||||
load_and_authorize_resource :certification, :through => :user_certification
|
#load_and_authorize_resource :certification, :through => :user_certification
|
||||||
before_filter :authenticate_user!
|
before_filter :authenticate_user!
|
||||||
|
|
||||||
# Load users and certs based on current ability
|
# Load users and certs based on current ability
|
||||||
|
|
|
@ -2,21 +2,15 @@ class Ability
|
||||||
include CanCan::Ability
|
include CanCan::Ability
|
||||||
|
|
||||||
def initialize(user)
|
def initialize(user)
|
||||||
# Anonymous can read mac
|
can :read, Mac # Anonymous can read mac
|
||||||
today = Date.today
|
can :scan, Mac # Need anonymous so CRON can scan
|
||||||
event = Date.new(2013,9,1)
|
|
||||||
|
|
||||||
unless today == event
|
|
||||||
can :read, Mac
|
|
||||||
can :scan, Mac # Need anonymous so CRON can scan
|
|
||||||
end
|
|
||||||
|
|
||||||
if !user.nil?
|
if !user.nil?
|
||||||
|
|
||||||
# By default, users can only see their own stuff
|
# By default, users can only see their own stuff
|
||||||
can :read, Card, :user_id => user.id
|
can :read, Card, :user_id => user.id
|
||||||
can :read, Certification
|
can :read, Certification
|
||||||
can :read_details, Mac unless today == event
|
can :read_details, Mac
|
||||||
can [:update], Mac, :user_id => nil
|
can [:update], Mac, :user_id => nil
|
||||||
can [:create,:update], Mac, :user_id => user.id
|
can [:create,:update], Mac, :user_id => user.id
|
||||||
can :read, User, :id => user.id #TODO: why can users update themselves?
|
can :read, User, :id => user.id #TODO: why can users update themselves?
|
||||||
|
@ -44,6 +38,8 @@ class Ability
|
||||||
|
|
||||||
# Admins can manage all
|
# Admins can manage all
|
||||||
if user.admin?
|
if user.admin?
|
||||||
|
Rails.logger.info user.inspect
|
||||||
|
Rails.logger.info "IS ADMIN"
|
||||||
can :manage, :all
|
can :manage, :all
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -19,6 +19,7 @@
|
||||||
<% end %>
|
<% end %>
|
||||||
<%= link_to 'Payments', payments_path if can? :read, Payment %>
|
<%= link_to 'Payments', payments_path if can? :read, Payment %>
|
||||||
<%= link_to 'Computers', macs_path if user_signed_in? || (can? :read, Mac) %>
|
<%= link_to 'Computers', macs_path if user_signed_in? || (can? :read, Mac) %>
|
||||||
|
<%= link_to 'Settings', settings_path if can? :read, Setting %>
|
||||||
<% if user_signed_in? then %><%= link_to 'Profile', edit_user_registration_path %><% end %>
|
<% if user_signed_in? then %><%= link_to 'Profile', edit_user_registration_path %><% end %>
|
||||||
<%= link_to 'Logout', destroy_user_session_path, :method => :delete if user_signed_in? %>
|
<%= link_to 'Logout', destroy_user_session_path, :method => :delete if user_signed_in? %>
|
||||||
<%= link_to 'Login', new_user_session_path unless user_signed_in? %>
|
<%= link_to 'Login', new_user_session_path unless user_signed_in? %>
|
||||||
|
|
|
@ -8,11 +8,10 @@ $(function(){
|
||||||
<h3>Editing <%= @setting[:var].titleize %></h3>
|
<h3>Editing <%= @setting[:var].titleize %></h3>
|
||||||
<div class="field">
|
<div class="field">
|
||||||
<%= text_area_tag :value, @setting[:value], :cols => 50, :class => "wysiwyg" %><br/>
|
<%= text_area_tag :value, @setting[:value], :cols => 50, :class => "wysiwyg" %><br/>
|
||||||
<em>Use %{provider_name} or %{client_name} to include names in messages.</em>
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="field">
|
<div class="field">
|
||||||
<%= submit_tag "Save", {:class => "wymupdate"} %><br/>
|
<%= submit_tag "Save", {:class => "wymupdate"} %><br/>
|
||||||
<%= link_to "Back", settings_path %>
|
<%= link_to "Back", settings_path %>
|
||||||
</div>
|
</div>
|
||||||
<% end %>
|
<% end %>
|
||||||
|
|
|
@ -7,10 +7,10 @@
|
||||||
<% @settings.each do |setting| %>
|
<% @settings.each do |setting| %>
|
||||||
<tr>
|
<tr>
|
||||||
<td><%= setting.first.titleize %></td>
|
<td><%= setting.first.titleize %></td>
|
||||||
<td>"<%= setting.last %>"</td>
|
<td>"<%= setting.last.truncate(140) %>"</td>
|
||||||
<% if can? :update, setting %>
|
<% if can? :update, setting %>
|
||||||
<td><%= link_to 'Edit', edit_setting_path(setting.first) %></td>
|
<td><%= link_to 'Edit', edit_setting_path(setting.first) %></td>
|
||||||
<% end %>
|
<% end %>
|
||||||
</tr>
|
</tr>
|
||||||
<% end %>
|
<% end %>
|
||||||
</table>
|
</table>
|
||||||
|
|
|
@ -1,29 +1,8 @@
|
||||||
@@default_settings = {
|
@@default_settings = {
|
||||||
:welcome_title => "Welcome to the Hackerspace Members Site", #Welcome to the HeatSync Labs Members App.
|
:welcome_title => "Welcome to the Hackerspace Members Site",
|
||||||
:welcome_body => "<p>We are a member-driven community workshop where you can learn, make cool stuff, meet other cool people, and make your city a better place to live!</p><p>You don't have to be a member to come visit, but if you're interested in volunteering or being a member, feel free to sign up here! For more information, <a href=\"/more_info\">Click Here</a>.</p>", # <p>You can sign up to become a member here!</p>
|
:welcome_body => "<p>We are a member-driven community workshop where you can learn, make cool stuff, meet other cool people, and make your city a better place to live!</p><p>You don't have to be a member to come visit, but if you're interested in volunteering or being a member, feel free to sign up here! For more information, <a href=\"/more_info\">Click Here</a>.</p>",
|
||||||
:more_info_page => "No info here yet, bug a member about filling this part out!",
|
:more_info_page => "No info here yet, bug a member about filling this part out!",
|
||||||
:member_resources_inset => "No info here yet, bug a member about filling this part out!"
|
:member_resources_inset => "No info here yet, bug a member about filling this part out!"
|
||||||
# <ul>
|
|
||||||
# <li><%= link_to "Wiki", "http://wiki.heatsynclabs.org" %></li>
|
|
||||||
# <li><%= link_to "Discussion Group", "http://groups.google.com/group/heatsynclabs" %></li>
|
|
||||||
# <li><%= link_to "IRC", "irc://irc.freenode.net#heatsynclabs" %></li>
|
|
||||||
# <li><%= link_to "Live Webcams", "http://live.heatsynclabs.org/" %></li>
|
|
||||||
# <li>Lab Phone: (480) 751-1929</li>
|
|
||||||
# <li>
|
|
||||||
# <style type="text/css">
|
|
||||||
# form input {font-family: 'Lucida Console', Monaco, monospace; }
|
|
||||||
# </style>
|
|
||||||
|
|
||||||
# <b>Send a Message!</b>
|
|
||||||
# <form method="post" action="http://tweet.zyphon.com/signage.php">
|
|
||||||
# <em>Type here and your message will show up on the LED sign in the front window!</em><br/>
|
|
||||||
# <em>(Please be nice!)</em><br/>
|
|
||||||
# <input type="text" name="msg" id="msg" value=" Hello" size="9" /> (max 9 chars per line)<br/>
|
|
||||||
# <input type="text" name="msg2" id="msg2" value=" World" size="9" /><br/>
|
|
||||||
# <input type="submit" name="submitbutton" id="submitbutton" value="Go!" />
|
|
||||||
# </form>
|
|
||||||
# </li>
|
|
||||||
# </ul>
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if ActiveRecord::Base.connection.tables.include?('settings') and !defined?(::Rake)
|
if ActiveRecord::Base.connection.tables.include?('settings') and !defined?(::Rake)
|
||||||
|
|
Loading…
Reference in New Issue
Block a user