will/Open-Source-Access-Control-Web-Interface
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fine tuned abilities and updated how membership is tracked

Browse Source
This commit is contained in:
Will Bradley 2013-01-25 06:01:02 -07:00
parent 6e77b2bf68
commit 653fcc3112
25 changed files with 158 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Gemfile
View File

@ -42,4 +42,4 @@ gem 'bcrypt-ruby', '~> 3.0.0'
# To use debugger
# gem 'ruby-debug'
gem "paperclip", "~> 3.0"
#gem "paperclip", "~> 3.0"

7
app/controllers/application_controller.rb
View File

@ -1,3 +1,10 @@
class ApplicationController < ActionController::Base
protect_from_forgery
rescue_from CanCan::AccessDenied do |exception|
if current_user.orientation.blank? then
flash[:alert] = "Sorry, you need to complete New Member Orientation before having access to this page. <br/>Please check your email and schedule a New Member Orientation with a volunteer."
redirect_to root_url
end
end
end

7
app/controllers/certifications_controller.rb
View File

@ -17,6 +17,13 @@ class CertificationsController < ApplicationController
# GET /certifications/1
# GET /certifications/1.json
def show
@certification_users = []
#TODO: make a better SQL query for this
@certification.users.each do |user|
@certification_users.push user if can? :read, user
end
respond_to do |format|
format.html # show.html.erb
format.json { render :json => @certification }

23
app/controllers/user_certifications_controller.rb
View File

@ -1,8 +1,14 @@
class UserCertificationsController < ApplicationController
load_and_authorize_resource :user_certification
load_and_authorize_resource :user, :through => :user_certification
load_and_authorize_resource :certification, :through => :user_certification
before_filter :authenticate_user!
# GET /user_certifications
# GET /user_certifications.json
def index
@user_certifications = UserCertification.all
@grouped_user_certs = @user_certifications.group_by { |u| u.user.name }
respond_to do |format|
format.html # index.html.erb
@ -13,8 +19,6 @@ class UserCertificationsController < ApplicationController
# GET /user_certifications/1
# GET /user_certifications/1.json
def show
@user_certification = UserCertification.find(params[:id])
respond_to do |format|
format.html # show.html.erb
format.json { render :json => @user_certification }
@ -24,7 +28,8 @@ class UserCertificationsController < ApplicationController
# GET /user_certifications/new
# GET /user_certifications/new.json
def new
@user_certification = UserCertification.new
@users = User.accessible_by(current_ability).sort_by(&:name)
@certifications = Certification.accessible_by(current_ability).sort_by(&:name)
respond_to do |format|
format.html # new.html.erb
@ -34,17 +39,14 @@ class UserCertificationsController < ApplicationController
# GET /user_certifications/1/edit
def edit
@user_certification = UserCertification.find(params[:id])
end
# POST /user_certifications
# POST /user_certifications.json
def create
@user_certification = UserCertification.new(params[:user_certification])
respond_to do |format|
if @user_certification.save
format.html { redirect_to @user_certification, :notice => 'User certification was successfully created.' }
format.html { redirect_to UserCertification, :notice => 'User certification was successfully created.' }
format.json { render :json => @user_certification, :status => :created, :location => @user_certification }
else
format.html { render :action => "new" }
@ -56,11 +58,9 @@ class UserCertificationsController < ApplicationController
# PUT /user_certifications/1
# PUT /user_certifications/1.json
def update
@user_certification = UserCertification.find(params[:id])
respond_to do |format|
if @user_certification.update_attributes(params[:user_certification])
format.html { redirect_to @user_certification, :notice => 'User certification was successfully updated.' }
format.html { redirect_to UserCertification, :notice => 'User certification was successfully updated.' }
format.json { head :no_content }
else
format.html { render :action => "edit" }
@ -72,7 +72,6 @@ class UserCertificationsController < ApplicationController
# DELETE /user_certifications/1
# DELETE /user_certifications/1.json
def destroy
@user_certification = UserCertification.find(params[:id])
@user_certification.destroy
respond_to do |format|

2
app/controllers/users_controller.rb
View File

@ -1,7 +1,7 @@
class UsersController < ApplicationController
load_and_authorize_resource
before_filter :authenticate_user!
# GET /users
# GET /users.json
def index

19
app/models/ability.rb
View File

@ -3,16 +3,27 @@ class Ability
def initialize(user)
if !user.nil?
# By default, users can only see their own stuff
can :read, Card, :user_id => user.id
can :read, Certification
can :read, User, :id => user.id
can :read, UserCertification, :user_id => user.id
# Admins can manage all
if user.admin?
can :manage, :all
end
# Instructors can manage certs and see users
if user.instructor?
can :manage, Certification
can :read, User
can :manage, UserCertification
end
can :read, User
can :read, Certification
can :read, Card, :user_id => user.id
# Users can see others' stuff if they've been oriented
unless user.orientation.blank?
can :read, User
can :read, UserCertification
end
end
# Define abilities for the passed in user here. For example:
#

2
app/models/card.rb
View File

@ -2,7 +2,7 @@ class Card < ActiveRecord::Base
require 'open-uri'
attr_accessible :id, :user_id, :name, :card_number, :card_permissions
validates_uniqueness_of :card_number
validates_uniqueness_of :id,:card_number
belongs_to :user
def upload_to_door

16
app/models/user.rb
View File

@ -6,9 +6,23 @@ class User < ActiveRecord::Base
:recoverable, :rememberable, :trackable, :validatable
# Setup accessible (or protected) attributes for your model
attr_accessible :email, :password, :password_confirmation, :remember_me, :name, :admin, :instructor, :active, :emergency_name, :emergency_phone, :current_skills, :desired_skills, :waiver, :emergency_email, :phone, :payment_method, :orientation, :member_level, :certifications
attr_accessible :email, :password, :password_confirmation, :remember_me, :name, :admin, :instructor, :member, :emergency_name, :emergency_phone, :current_skills, :desired_skills, :waiver, :emergency_email, :phone, :payment_method, :orientation, :member_level, :certifications
has_many :cards
has_many :user_certifications
has_many :certifications, :through => :user_certifications
def member_status
# 1 = inactive, show an X
if self.member == 1 then
"<span class='hoverinfo' title='Inactive'>!!</span>"
# 25 or higher is paying, show a check
elsif self.member == 25 then
"<span class='hoverinfo' title='25'>&#x2713;</span>"
elsif self.member == 50 then
"<span class='hoverinfo' title='50'>&#x2713;</span>"
elsif self.member == 100 then
"<span class='hoverinfo' title='100'>&#x2713;</span>"
end
end
end

3
app/models/user_certification.rb
View File

@ -1,5 +1,8 @@
class UserCertification < ActiveRecord::Base
attr_accessible :certification_id, :user_id
validates_uniqueness_of :certification_id, :scope => :user_id, :message => 'already exists for this user.' # Makes sure users don't get certified twice
belongs_to :user
belongs_to :certification
end

4
app/views/certifications/_form.html.erb
View File

@ -19,10 +19,6 @@
<%= f.label :description %><br />
<%= f.text_area :description %>
</div>
<% f.fields_for :users do |u| %>
<%= u.label :user %><br />
<%= collection_select(:certifications_users, :user_id, User.all.sort_by(&:name), :id, :name) %>
<% end %>
<div class="actions">
<%= f.submit %>
</div>

2
app/views/certifications/index.html.erb
View File

@ -1,6 +1,6 @@
<h1>Listing certifications</h1>
<%= link_to 'New Certification', new_certification_path if can? :create, Certification %>
<%= link_to 'Create Certification', new_certification_path if can? :create, Certification %>
<ul>
<% @certifications.each do |certification| %>

6
app/views/certifications/show.html.erb
View File

@ -10,10 +10,10 @@
<b>Certified Users:</b>
<ul>
<% @certification.users.each do |user| %>
<li><%= link_to user.name, user %></li>
<% @certification_users.each do |user| %>
<li><%= link_to user.name, user %></li>
<% end %>
<% if @certification.users.blank? then %><li>n/a</li><% end %>
<% if @certification_users.blank? then %><li>n/a</li><% end %>
</ul>
<% if can? :update, @certification %><%= link_to 'Edit', edit_certification_path(@certification) %> |<% end %>

2
app/views/home/index.html.erb
View File

@ -1 +1 @@
Welcome.
<p>Welcome to the HeatSync Labs Members App.</p>

13
app/views/layouts/application.html.erb
View File

@ -9,14 +9,19 @@
<body>
<div id="header">
<%= link_to 'Users', users_path if can? :read, User %>
<%= link_to 'Cards', cards_path if can? :read, Card %>
<%= link_to 'Certifications', certifications_path if can? :read, Certification %>
<%= link_to 'Cards', cards_path if can? :manage, Card %>
<% if can? :manage, UserCertification %>
<%= link_to 'Cert Classes', certifications_path if can? :read, Certification %>
<%= link_to 'User Certs', user_certifications_path if can? :create, UserCertification %>
<% else %>
<%= link_to 'Certifications', certifications_path if can? :read, Certification %>
<% end %>
<%= link_to 'Logs', door_logs_path if can? :read, DoorLog %>
<%= link_to 'Sign out', destroy_user_session_path, :method => :delete if user_signed_in? %>
<%= link_to 'Sign in', new_user_session_path unless user_signed_in? %>
</div>
<p class="notice"><%= notice %></p>
<p class="alert"><%= alert %></p>
<p class="notice"><%= raw(notice) %></p>
<p class="alert"><%= raw(alert) %></p>
<%= yield %>
</body>

10
app/views/user_certifications/_form.html.erb
View File

@ -1,7 +1,7 @@
<%= form_for(@user_certification) do |f| %>
<% if @user_certification.errors.any? %>
<div id="error_explanation">
<h2><%= pluralize(@user_certification.errors.count, "error") %> prohibited this user_certification from being saved:</h2>
<h2><%= pluralize(@user_certification.errors.count, "error") %> prohibited this User Certification from being saved:</h2>
<ul>
<% @user_certification.errors.full_messages.each do |msg| %>
@ -12,12 +12,12 @@
<% end %>
<div class="field">
<%= f.label :user_id %><br />
<%= f.number_field :user_id %>
<%= f.label :user_id, "User" %><br />
<%= collection_select(:user_certification, :user_id, @users, :id, :name) %>
</div>
<div class="field">
<%= f.label :certification_id %><br />
<%= f.number_field :certification_id %>
<%= f.label :certification_id, "Certification" %><br />
<%= collection_select(:user_certification, :certification_id, @certifications, :id, :name) %>
</div>
<div class="actions">
<%= f.submit %>

2
app/views/user_certifications/edit.html.erb
View File

@ -1,4 +1,4 @@
<h1>Editing user_certification</h1>
<h1>Editing User Certification</h1>
<%= render 'form' %>

33
app/views/user_certifications/index.html.erb
View File

@ -1,25 +1,18 @@
<h1>Listing user_certifications</h1>
<h1>Listing User Certifications</h1>
<table>
<tr>
<th>User</th>
<th>Certification</th>
<th></th>
<th></th>
<th></th>
</tr>
<% @user_certifications.each do |user_certification| %>
<tr>
<td><%= user_certification.user_id %></td>
<td><%= user_certification.certification_id %></td>
<td><%= link_to 'Show', user_certification %></td>
<td><%= link_to 'Edit', edit_user_certification_path(user_certification) %></td>
<td><%= link_to 'Destroy', user_certification, :confirm => 'Are you sure?', :method => :delete %></td>
</tr>
<dl>
<% @grouped_user_certs.sort.each do |user, user_certifications| %>
<dt><%= user %></dt>
<% user_certifications.each do |user_certification| %>
<dd>
<%= link_to user_certification.certification.name, user_certification %> |
<%= link_to 'Edit', edit_user_certification_path(user_certification) %> |
<%= link_to 'Destroy', user_certification, :confirm => 'Are you sure?', :method => :delete %>
</dd>
<% end %>
<% end %>
</table>
</dl>
<br />
<%= link_to 'New User certification', new_user_certification_path %>
<%= link_to 'New User Certification', new_user_certification_path %>

2
app/views/user_certifications/new.html.erb
View File

@ -1,4 +1,4 @@
<h1>New user_certification</h1>
<h1>New User Certification</h1>
<%= render 'form' %>

4
app/views/user_certifications/show.html.erb
View File

@ -1,11 +1,11 @@
<p>
<b>User:</b>
<%= @user_certification.user_id %>
<%= @user_certification.user.name %>
</p>
<p>
<b>Certification:</b>
<%= @user_certification.certification_id %>
<%= @user_certification.certification.name %>
</p>

8
app/views/users/_form.html.erb
View File

@ -74,8 +74,12 @@
</div>
<% end %>
<div class="field">
<%= f.label :active, "Active?" %><br />
<%= f.check_box :active %>
<%= f.label :member, "Member?" %><br />
<%= f.select :member, [["No",0],["Inactive",1],["Volunteer",10],["Associate",25],["Basic",50],["Plus",100]] %>
</div>
<div class="field">
<%= f.label :instructor, "Instructor?" %><br />
<%= f.check_box :instructor %>
</div>
<div class="field">
<%= f.label :admin, "Admin?" %><br />

22
app/views/users/index.html.erb
View File

@ -7,15 +7,14 @@
<tr>
<th>Name</th>
<th>Email</th>
<% if current_user.admin? then %>
<th>Cards</th>
<% end %>
<th>Certifications</th>
<th>Active?</th>
<th>Waiver?</th>
<% if current_user.admin? then %>
<th>Orientation?</th>
<% end %>
<th>Waiver?</th>
<th>Member?</th>
<th>Card?</th>
<th>Instructor?</th>
<th>Admin?</th>
<th></th>
<th></th>
@ -26,19 +25,16 @@
<tr>
<td><%= link_to user.name, user %></td>
<td><%= user.email %></td>
<% if current_user.admin? then %><td>
<% user.cards.each do |c| %>
<%= link_to c.card_number, card_url(c) %><%= "," unless c == user.cards.last %>
<% end %>
</td><% end %>
<td><% user.certifications.each do |c| %>
<%= link_to c.name, c %><%= "," unless c == user.certifications.last %>
<%= link_to c.name, c %><%= "," unless c.id == user.certifications.last.id %>
<% end %></td>
<td><%= if user.active? then raw("&#x2713;") end %></td>
<td><%= unless user.waiver.blank? then raw("<span class='hoverinfo' title='"+user.waiver.strftime("%B %d %Y")+"'>&#x2713;</span>") end %></td>
<% if current_user.admin? then %><td>
<%= unless user.orientation.blank? then raw("<span class='hoverinfo' title='"+user.orientation.strftime("%B %d %Y")+"'>&#x2713;</span>") end %>
</td><% end %>
<td><%= unless user.waiver.blank? then raw("<span class='hoverinfo' title='"+user.waiver.strftime("%B %d %Y")+"'>&#x2713;</span>") end %></td>
<td><%= raw(user.member_status) %></td>
<td><%= unless user.cards.blank? then raw("&#x2713;") end %></td>
<td><%= if user.instructor? then raw("&#x2713;") end %></td>
<td><%= if user.admin? then raw("&#x2713;") end %></td>
<td><%= link_to 'Edit', edit_user_path(user) if can? :update, user %></td>
<td><%= link_to 'Destroy', user, :confirm => 'Are you sure? WARNING: THIS DOES NOT REMOVE THE USER FROM THE DOOR SYSTEM! DISABLE THEM FIRST.', :method => :delete if can? :destroy, user %></td>

31
app/views/users/show.html.erb
View File

@ -10,8 +10,25 @@
</p>
<p>
<b>Active?</b>
<%= @user.active %>
<b>Waiver?</b>
<%= @user.waiver %>
</p>
<% if current_user.admin? then %>
<p>
<b>Orientation?</b>
<%= @user.orientation %>
</p>
<% end %>
<p>
<b>Member?</b>
<%= @user.member %>
</p>
<p>
<b>Instructor?</b>
<%= @user.instructor %>
</p>
<p>
@ -19,6 +36,15 @@
<%= @user.admin %>
</p>
<% if current_user.admin? then %>
<p>
<b>Cards:</b>
<% @user.cards.each do |c| %>
<%= link_to c.card_number, c %><%= "," unless c == @user.cards.last %>
<% end %>
</p>
<% end %>
<b>Certifications:</b>
<ul>
<% @user.certifications.each do |certification| %>
@ -27,6 +53,5 @@
<% if @user.certifications.blank? %><li>n/a</li><% end %>
</ul>
<%= link_to 'Edit', edit_user_path(@user) %> |
<%= link_to 'Back', users_path %>

6
db/migrate/20130125123317_change_users_active_to_member.rb Normal file
View File

@ -0,0 +1,6 @@
class ChangeUsersActiveToMember < ActiveRecord::Migration
def change
change_column :users, :active, :string
rename_column :users, :active, :member
end
end

5
db/migrate/20130125124102_change_users_member_to_integer.rb Normal file
View File

@ -0,0 +1,5 @@
class ChangeUsersMemberToInteger < ActiveRecord::Migration
def change
change_column :users, :member, :integer
end
end

14
db/schema.rb
View File

@ -10,7 +10,7 @@
#
# It's strongly recommended to check this file into your version control system.
ActiveRecord::Schema.define(:version => 20130125102002) do
ActiveRecord::Schema.define(:version => 20130125124102) do
create_table "cards", :force => true do |t|
t.string "card_number"
@ -44,20 +44,20 @@ ActiveRecord::Schema.define(:version => 20130125102002) do
create_table "users", :force => true do |t|
t.string "name"
t.datetime "created_at", :null => false
t.datetime "updated_at", :null => false
t.string "email", :default => "", :null => false
t.string "encrypted_password", :default => "", :null => false
t.datetime "created_at", :null => false
t.datetime "updated_at", :null => false
t.string "email", :default => "", :null => false
t.string "encrypted_password", :default => "", :null => false
t.string "reset_password_token"
t.datetime "reset_password_sent_at"
t.datetime "remember_created_at"
t.integer "sign_in_count", :default => 0
t.integer "sign_in_count", :default => 0
t.datetime "current_sign_in_at"
t.datetime "last_sign_in_at"
t.string "current_sign_in_ip"
t.string "last_sign_in_ip"
t.boolean "admin"
t.boolean "active"
t.integer "member", :limit => 255
t.datetime "waiver"
t.datetime "orientation"
t.string "emergency_name"