diff --git a/app/assets/stylesheets/macs.css.scss b/app/assets/stylesheets/macs.css.scss index 1f2fc52..676a728 100644 --- a/app/assets/stylesheets/macs.css.scss +++ b/app/assets/stylesheets/macs.css.scss @@ -1,3 +1,4 @@ // Place all the styles related to the pamela controller here. // They will automatically be included in application.css. // You can use Sass (SCSS) here: http://sass-lang.com/ +.hidden { color: #ccc; } diff --git a/app/controllers/mac_logs_controller.rb b/app/controllers/mac_logs_controller.rb index ad8c7ee..0008f3f 100644 --- a/app/controllers/mac_logs_controller.rb +++ b/app/controllers/mac_logs_controller.rb @@ -1,4 +1,6 @@ class MacLogsController < ApplicationController +load_and_authorize_resource :mac_log +before_filter :authenticate_user! def index @mac_logs = MacLog.desc.limit(1000) diff --git a/app/controllers/macs_controller.rb b/app/controllers/macs_controller.rb index 14083d5..043ecae 100644 --- a/app/controllers/macs_controller.rb +++ b/app/controllers/macs_controller.rb @@ -1,13 +1,23 @@ class MacsController < ApplicationController +load_and_authorize_resource :mac, :except => [:index, :scan, :import] +load_and_authorize_resource :user, :through => :mac, :except => [:index, :show, :scan, :import] #require "active_record" require "optparse" #require "rubygems" def index - @active_macs = Mac.where(:active => true, :hidden => false) - @active_macs += Mac.where(:active => true, :hidden => nil) - @hidden_macs = Mac.where(:active => true, :hidden => true) + #@active_macs = Mac.where(:active => true, :hidden => false) + #@active_macs += Mac.where(:active => true, :hidden => nil) + + # De-dupe users for the public + if can? :update, Mac then + @active_macs = Mac.where("macs.active = ? AND (macs.hidden IS NULL OR macs.hidden = ?)", true, false).includes(:user).order("users.name ASC") + else + @active_macs = Mac.where("macs.active = ? AND (macs.hidden IS NULL OR macs.hidden = ?)", true, false).includes(:user).order("users.name ASC").group("users.name") + end + + @hidden_macs = Mac.where("macs.active = ? AND macs.hidden = ?", true, true).order("note ASC") @all_macs = Mac.find(:all, :order => "LOWER(mac)") end @@ -27,7 +37,11 @@ end # GET /macs/new.json def new @mac = Mac.new - @users = User.all.sort_by(&:name) + if can? :manage, Mac then + @users = User.accessible_by(current_ability).sort_by(&:name) + else + @users = [current_user] + end respond_to do |format| format.html # new.html.erb @@ -38,15 +52,24 @@ end # GET /macs/1/edit def edit @mac = Mac.find(params[:id]) - @users = User.all.sort_by(&:name) + if can? :manage, Mac then + @users = User.accessible_by(current_ability).sort_by(&:name) + else + @users = [current_user] + end end # POST /macs # POST /user def create @mac = Mac.new(params[:mac]) - @mac.user_id = params[:user_id] - @users = User.all.sort_by(&:name) + authorize! :update, @mac + + if can? :manage, Mac then + @users = User.accessible_by(current_ability).sort_by(&:name) + else + @users = [current_user] + end respond_to do |format| if @mac.save @@ -64,10 +87,17 @@ end def update #Log who updated this @mac = Mac.find(params[:id]) - @users = User.all.sort_by(&:name) + @mac.user_id = params[:mac][:user_id] + authorize! :update, @mac + + if can? :manage, Mac then + @users = User.accessible_by(current_ability).sort_by(&:name) + else + @users = [current_user] + end respond_to do |format| - if @mac.update_attributes(params[:mac]) + if @mac.save format.html { redirect_to macs_path, :notice => 'Mac was successfully updated.' } format.json { head :no_content } else diff --git a/app/models/ability.rb b/app/models/ability.rb index 4ed0b2d..64ae4ed 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -2,11 +2,17 @@ class Ability include CanCan::Ability def initialize(user) + # Anonymous can read mac + can :read, Mac + if !user.nil? # By default, users can only see their own stuff can :read, Card, :user_id => user.id can :read, Certification + can :read_details, Mac + can [:update], Mac, :user_id => nil + can [:create,:update], Mac, :user_id => user.id can :read, User, :id => user.id #TODO: why can users update themselves? can :read, UserCertification, :user_id => user.id @@ -30,6 +36,8 @@ class Ability cannot :destroy, User cannot :destroy, Card cannot :destroy, Certification + cannot :destroy, Mac + cannot :destroy, MacLog cannot :destroy, UserCertification cannot :destroy, DoorLog end diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb index bbdabf1..303a271 100644 --- a/app/views/layouts/application.html.erb +++ b/app/views/layouts/application.html.erb @@ -18,6 +18,7 @@ <%= link_to 'Certifications', certifications_path if can? :read, Certification %> <% end %> <%= link_to 'Door Logs', door_logs_path if can? :read, DoorLog %> + <%= link_to 'Computers', macs_path if user_signed_in? && (can? :read, Mac) %> <% if user_signed_in? then %><%= link_to 'Profile', edit_user_registration_path %><% end %> <%= link_to 'Logout', destroy_user_session_path, :method => :delete if user_signed_in? %> <%= link_to 'Login', new_user_session_path unless user_signed_in? %> diff --git a/app/views/macs/index.html.erb b/app/views/macs/index.html.erb index bcfc91b..c321b6d 100644 --- a/app/views/macs/index.html.erb +++ b/app/views/macs/index.html.erb @@ -1,42 +1,46 @@