Finished mac filtering, display, permissions, etc

app/assets/stylesheets/macs.css.scss

@@ -1,3 +1,4 @@
 // Place all the styles related to the pamela controller here.
 // They will automatically be included in application.css.
 // You can use Sass (SCSS) here: http://sass-lang.com/
+.hidden { color: #ccc;  }

app/controllers/mac_logs_controller.rb

@@ -1,4 +1,6 @@
 class MacLogsController < ApplicationController
+load_and_authorize_resource :mac_log
+before_filter :authenticate_user!
 
 def index
   @mac_logs = MacLog.desc.limit(1000)

app/controllers/macs_controller.rb

@@ -1,13 +1,23 @@
 class MacsController < ApplicationController
+load_and_authorize_resource :mac, :except => [:index, :scan, :import]
+load_and_authorize_resource :user, :through => :mac, :except => [:index, :show, :scan, :import]
 
 #require "active_record"
 require "optparse"
 #require "rubygems"
 
 def index
-  @active_macs = Mac.where(:active => true, :hidden => false)
-  @active_macs += Mac.where(:active => true, :hidden => nil)
-  @hidden_macs = Mac.where(:active => true, :hidden => true)
+  #@active_macs = Mac.where(:active => true, :hidden => false)
+  #@active_macs += Mac.where(:active => true, :hidden => nil)
+  
+  # De-dupe users for the public
+  if can? :update, Mac then
+    @active_macs = Mac.where("macs.active = ? AND (macs.hidden IS NULL OR macs.hidden = ?)", true, false).includes(:user).order("users.name ASC")
+  else
+    @active_macs = Mac.where("macs.active = ? AND (macs.hidden IS NULL OR macs.hidden = ?)", true, false).includes(:user).order("users.name ASC").group("users.name")
+  end
+
+  @hidden_macs = Mac.where("macs.active = ? AND macs.hidden = ?", true, true).order("note ASC")
 
   @all_macs = Mac.find(:all, :order => "LOWER(mac)")
 end
@@ -27,7 +37,11 @@ end
   # GET /macs/new.json
   def new
     @mac = Mac.new
-    @users = User.all.sort_by(&:name)
+    if can? :manage, Mac then
+      @users = User.accessible_by(current_ability).sort_by(&:name)
+    else 
+      @users = [current_user]
+    end
 
     respond_to do |format|
       format.html # new.html.erb
@@ -38,15 +52,24 @@ end
   # GET /macs/1/edit
   def edit
     @mac = Mac.find(params[:id])
-    @users = User.all.sort_by(&:name)
+    if can? :manage, Mac then
+      @users = User.accessible_by(current_ability).sort_by(&:name)
+    else 
+      @users = [current_user]
+    end
   end
 
   # POST /macs
   # POST /user
   def create
     @mac = Mac.new(params[:mac])
-    @mac.user_id = params[:user_id]
-    @users = User.all.sort_by(&:name)
+    authorize! :update, @mac
+
+    if can? :manage, Mac then
+      @users = User.accessible_by(current_ability).sort_by(&:name)
+    else 
+      @users = [current_user]
+    end
 
     respond_to do |format|
       if @mac.save
@@ -64,10 +87,17 @@ end
   def update
     #Log who updated this
     @mac = Mac.find(params[:id])
-    @users = User.all.sort_by(&:name)
+    @mac.user_id = params[:mac][:user_id]
+    authorize! :update, @mac
+
+    if can? :manage, Mac then
+      @users = User.accessible_by(current_ability).sort_by(&:name)
+    else 
+      @users = [current_user]
+    end
 
     respond_to do |format|
-      if @mac.update_attributes(params[:mac])
+      if @mac.save
         format.html { redirect_to macs_path, :notice => 'Mac was successfully updated.' }
         format.json { head :no_content }
       else

app/models/ability.rb

@@ -2,11 +2,17 @@ class Ability
   include CanCan::Ability
 
   def initialize(user)
+    # Anonymous can read mac
+    can :read, Mac
+
     if !user.nil?
 
       # By default, users can only see their own stuff
       can :read, Card, :user_id => user.id
       can :read, Certification
+      can :read_details, Mac
+      can [:update], Mac, :user_id => nil
+      can [:create,:update], Mac, :user_id => user.id
       can :read, User, :id => user.id #TODO: why can users update themselves?
       can :read, UserCertification, :user_id => user.id
 
@@ -30,6 +36,8 @@ class Ability
       cannot :destroy, User
       cannot :destroy, Card
       cannot :destroy, Certification
+      cannot :destroy, Mac
+      cannot :destroy, MacLog
       cannot :destroy, UserCertification
       cannot :destroy, DoorLog
     end 

app/views/layouts/application.html.erb

@@ -18,6 +18,7 @@
       <%= link_to 'Certifications', certifications_path if can? :read, Certification %>
     <% end %>
     <%= link_to 'Door Logs', door_logs_path if can? :read, DoorLog %>
+    <%= link_to 'Computers', macs_path if user_signed_in? && (can? :read, Mac) %>
     <% if user_signed_in? then %><%= link_to 'Profile', edit_user_registration_path %><% end %>
     <%= link_to 'Logout', destroy_user_session_path, :method => :delete if user_signed_in? %>
     <%= link_to 'Login', new_user_session_path unless user_signed_in? %>

app/views/macs/index.html.erb

@@ -1,42 +1,46 @@
 <h2>What machines are on our network?</h2>
-<%= link_to "New Mac", new_mac_path %>
+<%= link_to "New MAC registration", new_mac_path if can? :create, Mac %>
 
-<ul>
-<% @active_macs.each do |mac| %>
+<ul class="mac_list">
+<%
+ @active_macs.each do |mac| 
+Rails.logger.info mac.inspect %>
 <li>
-  <%= mac.user.name unless mac.user.blank? %>  
-  <%= mac.mac if mac.user.blank? && mac.note.blank? %> 
-  <%= mac.note if mac.user.blank? %> - 
-  <%= ((Time.now - mac.since) / 1.hour).round(1).to_s+" hours" %> |
-  <%= link_to 'Edit', edit_mac_path(mac) %> <br/>
+    <span title="<%= mac.mac if user_signed_in? %><%= "  -  "+mac.ip.to_s if can? :read_details, mac %><%= "  -  "+((Time.now - mac.since) / 1.hour).round(1).to_s+" hours" if can? :manage, mac %>">
+      <%= mac.user.name unless mac.user.blank? %>
+    <%= "("+mac.note+")" unless mac.note.blank? %></span>
+  <%= link_to ' Edit', edit_mac_path(mac) if can? :update, mac %> <br/>
 </li>
 <% end %>
 </ul>
 
-<ul style="display: none;">
+<% if can? :read_details, Mac %>
+<ul class="mac_list hidden">
 <% @hidden_macs.each do |mac| %>
 <li>
-  <%= mac.user.name unless mac.user.blank? %>  
-  <%= mac.mac if mac.user.blank? && mac.note.blank? %>
-  <%= mac.note if mac.user.blank? %> - 
-  <%= ((Time.now - mac.since) / 1.hour).round(1).to_s+" hours" %> |
-  <%= link_to 'Edit', edit_mac_path(mac) %> <br/>
+    <span title="<%= mac.mac %><%= "  -  "+mac.ip.to_s if can? :read_details, mac %><%= "  -  "+((Time.now - mac.since) / 1.hour).round(1).to_s+" hours" if can? :manage, mac %>">
+      <%= mac.user.name unless mac.user.blank? %>
+    <%= "("+mac.note+")" unless mac.note.blank? %></span>
+  <%= link_to ' Edit', edit_mac_path(mac) if can? :update, mac %> <br/>
 </li>
 <% end %>
 </ul>
-
-<!--
-<% @all_macs.each do |mac| %>
-  <%= '<span class="hidden">' if mac.hidden? %>
-  <%= mac.mac.downcase %> 
-  (<%= mac.note %>) 
-  <%= mac.user.name unless mac.user.blank? %>
-  <%= mac.since %>, 
-  <%= mac.refreshed %>,
-  <%= mac.active %> |
-  <%= link_to 'Edit', edit_mac_path(mac) %> <br/>
-  <%= '</span>' if mac.hidden? %>
 <% end %>
--->
+
+<% if can? :manage, Mac %>
+<h3>All Macs</h3>
+<table>
+<% @all_macs.each do |mac| %>
+<tr <%= raw('class="hidden"') if mac.hidden? %>>
+  <td><%= mac.mac.downcase %> </td>
+  <td><%= mac.user.name unless mac.user.blank? %></td>
+  <td><%= "("+mac.note+")" unless mac.note.blank? %></td>
+  <td><%= if mac.active? then raw("<strong>Here</strong>") else "Gone" end %></td>
+  <td><%= ((Time.now - mac.since) / 1.hour).round(1).to_s+" hours" unless mac.since.blank? %></td>
+  <td><%= link_to 'Edit', edit_mac_path(mac) %></td>
+</tr>
+<% end %>
+</table>
+<% end %>