Updating settings & fixing auth of objects through other objects cancan bug?
This commit is contained in:
parent
9e08a0d036
commit
42679aa410
|
@ -1,6 +1,6 @@
|
|||
class CertificationsController < ApplicationController
|
||||
load_and_authorize_resource :certification
|
||||
load_and_authorize_resource :user, :through => :certification
|
||||
#load_and_authorize_resource :user, :through => :certification
|
||||
before_filter :authenticate_user!
|
||||
|
||||
# GET /certifications
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
class UserCertificationsController < ApplicationController
|
||||
load_and_authorize_resource :user_certification
|
||||
load_and_authorize_resource :user, :through => :user_certification
|
||||
load_and_authorize_resource :certification, :through => :user_certification
|
||||
#load_and_authorize_resource :user, :through => :user_certification
|
||||
#load_and_authorize_resource :certification, :through => :user_certification
|
||||
before_filter :authenticate_user!
|
||||
|
||||
# Load users and certs based on current ability
|
||||
|
|
|
@ -2,21 +2,15 @@ class Ability
|
|||
include CanCan::Ability
|
||||
|
||||
def initialize(user)
|
||||
# Anonymous can read mac
|
||||
today = Date.today
|
||||
event = Date.new(2013,9,1)
|
||||
|
||||
unless today == event
|
||||
can :read, Mac
|
||||
can :read, Mac # Anonymous can read mac
|
||||
can :scan, Mac # Need anonymous so CRON can scan
|
||||
end
|
||||
|
||||
if !user.nil?
|
||||
|
||||
# By default, users can only see their own stuff
|
||||
can :read, Card, :user_id => user.id
|
||||
can :read, Certification
|
||||
can :read_details, Mac unless today == event
|
||||
can :read_details, Mac
|
||||
can [:update], Mac, :user_id => nil
|
||||
can [:create,:update], Mac, :user_id => user.id
|
||||
can :read, User, :id => user.id #TODO: why can users update themselves?
|
||||
|
@ -44,6 +38,8 @@ class Ability
|
|||
|
||||
# Admins can manage all
|
||||
if user.admin?
|
||||
Rails.logger.info user.inspect
|
||||
Rails.logger.info "IS ADMIN"
|
||||
can :manage, :all
|
||||
end
|
||||
|
||||
|
|
|
@ -19,6 +19,7 @@
|
|||
<% end %>
|
||||
<%= link_to 'Payments', payments_path if can? :read, Payment %>
|
||||
<%= link_to 'Computers', macs_path if user_signed_in? || (can? :read, Mac) %>
|
||||
<%= link_to 'Settings', settings_path if can? :read, Setting %>
|
||||
<% if user_signed_in? then %><%= link_to 'Profile', edit_user_registration_path %><% end %>
|
||||
<%= link_to 'Logout', destroy_user_session_path, :method => :delete if user_signed_in? %>
|
||||
<%= link_to 'Login', new_user_session_path unless user_signed_in? %>
|
||||
|
|
|
@ -8,7 +8,6 @@ $(function(){
|
|||
<h3>Editing <%= @setting[:var].titleize %></h3>
|
||||
<div class="field">
|
||||
<%= text_area_tag :value, @setting[:value], :cols => 50, :class => "wysiwyg" %><br/>
|
||||
<em>Use %{provider_name} or %{client_name} to include names in messages.</em>
|
||||
</div>
|
||||
|
||||
<div class="field">
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
<% @settings.each do |setting| %>
|
||||
<tr>
|
||||
<td><%= setting.first.titleize %></td>
|
||||
<td>"<%= setting.last %>"</td>
|
||||
<td>"<%= setting.last.truncate(140) %>"</td>
|
||||
<% if can? :update, setting %>
|
||||
<td><%= link_to 'Edit', edit_setting_path(setting.first) %></td>
|
||||
<% end %>
|
||||
|
|
|
@ -1,29 +1,8 @@
|
|||
@@default_settings = {
|
||||
:welcome_title => "Welcome to the Hackerspace Members Site", #Welcome to the HeatSync Labs Members App.
|
||||
:welcome_body => "<p>We are a member-driven community workshop where you can learn, make cool stuff, meet other cool people, and make your city a better place to live!</p><p>You don't have to be a member to come visit, but if you're interested in volunteering or being a member, feel free to sign up here! For more information, <a href=\"/more_info\">Click Here</a>.</p>", # <p>You can sign up to become a member here!</p>
|
||||
:welcome_title => "Welcome to the Hackerspace Members Site",
|
||||
:welcome_body => "<p>We are a member-driven community workshop where you can learn, make cool stuff, meet other cool people, and make your city a better place to live!</p><p>You don't have to be a member to come visit, but if you're interested in volunteering or being a member, feel free to sign up here! For more information, <a href=\"/more_info\">Click Here</a>.</p>",
|
||||
:more_info_page => "No info here yet, bug a member about filling this part out!",
|
||||
:member_resources_inset => "No info here yet, bug a member about filling this part out!"
|
||||
# <ul>
|
||||
# <li><%= link_to "Wiki", "http://wiki.heatsynclabs.org" %></li>
|
||||
# <li><%= link_to "Discussion Group", "http://groups.google.com/group/heatsynclabs" %></li>
|
||||
# <li><%= link_to "IRC", "irc://irc.freenode.net#heatsynclabs" %></li>
|
||||
# <li><%= link_to "Live Webcams", "http://live.heatsynclabs.org/" %></li>
|
||||
# <li>Lab Phone: (480) 751-1929</li>
|
||||
# <li>
|
||||
# <style type="text/css">
|
||||
# form input {font-family: 'Lucida Console', Monaco, monospace; }
|
||||
# </style>
|
||||
|
||||
# <b>Send a Message!</b>
|
||||
# <form method="post" action="http://tweet.zyphon.com/signage.php">
|
||||
# <em>Type here and your message will show up on the LED sign in the front window!</em><br/>
|
||||
# <em>(Please be nice!)</em><br/>
|
||||
# <input type="text" name="msg" id="msg" value=" Hello" size="9" /> (max 9 chars per line)<br/>
|
||||
# <input type="text" name="msg2" id="msg2" value=" World" size="9" /><br/>
|
||||
# <input type="submit" name="submitbutton" id="submitbutton" value="Go!" />
|
||||
# </form>
|
||||
# </li>
|
||||
# </ul>
|
||||
}
|
||||
|
||||
if ActiveRecord::Base.connection.tables.include?('settings') and !defined?(::Rake)
|
||||
|
|
Loading…
Reference in New Issue
Block a user