From 653fcc3112872737ae4119f12bc6b4bc0bdc7153 Mon Sep 17 00:00:00 2001 From: Will Bradley Date: Fri, 25 Jan 2013 06:01:02 -0700 Subject: [PATCH] Fine tuned abilities and updated how membership is tracked --- Gemfile | 2 +- app/controllers/application_controller.rb | 7 ++++ app/controllers/certifications_controller.rb | 7 ++++ .../user_certifications_controller.rb | 23 +++++++------ app/controllers/users_controller.rb | 2 +- app/models/ability.rb | 19 ++++++++--- app/models/card.rb | 2 +- app/models/user.rb | 16 ++++++++- app/models/user_certification.rb | 3 ++ app/views/certifications/_form.html.erb | 4 --- app/views/certifications/index.html.erb | 2 +- app/views/certifications/show.html.erb | 6 ++-- app/views/home/index.html.erb | 2 +- app/views/layouts/application.html.erb | 13 +++++--- app/views/user_certifications/_form.html.erb | 10 +++--- app/views/user_certifications/edit.html.erb | 2 +- app/views/user_certifications/index.html.erb | 33 ++++++++----------- app/views/user_certifications/new.html.erb | 2 +- app/views/user_certifications/show.html.erb | 4 +-- app/views/users/_form.html.erb | 8 +++-- app/views/users/index.html.erb | 22 +++++-------- app/views/users/show.html.erb | 31 +++++++++++++++-- ...125123317_change_users_active_to_member.rb | 6 ++++ ...25124102_change_users_member_to_integer.rb | 5 +++ db/schema.rb | 14 ++++---- 25 files changed, 158 insertions(+), 87 deletions(-) create mode 100644 db/migrate/20130125123317_change_users_active_to_member.rb create mode 100644 db/migrate/20130125124102_change_users_member_to_integer.rb diff --git a/Gemfile b/Gemfile index f5a85dc..a7ef364 100644 --- a/Gemfile +++ b/Gemfile @@ -42,4 +42,4 @@ gem 'bcrypt-ruby', '~> 3.0.0' # To use debugger # gem 'ruby-debug' -gem "paperclip", "~> 3.0" +#gem "paperclip", "~> 3.0" diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index e8065d9..0586275 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,3 +1,10 @@ class ApplicationController < ActionController::Base protect_from_forgery + + rescue_from CanCan::AccessDenied do |exception| + if current_user.orientation.blank? then + flash[:alert] = "Sorry, you need to complete New Member Orientation before having access to this page.
Please check your email and schedule a New Member Orientation with a volunteer." + redirect_to root_url + end + end end diff --git a/app/controllers/certifications_controller.rb b/app/controllers/certifications_controller.rb index 5cda4ad..8dd456b 100644 --- a/app/controllers/certifications_controller.rb +++ b/app/controllers/certifications_controller.rb @@ -17,6 +17,13 @@ class CertificationsController < ApplicationController # GET /certifications/1 # GET /certifications/1.json def show + @certification_users = [] + + #TODO: make a better SQL query for this + @certification.users.each do |user| + @certification_users.push user if can? :read, user + end + respond_to do |format| format.html # show.html.erb format.json { render :json => @certification } diff --git a/app/controllers/user_certifications_controller.rb b/app/controllers/user_certifications_controller.rb index 728d09a..f531d56 100644 --- a/app/controllers/user_certifications_controller.rb +++ b/app/controllers/user_certifications_controller.rb @@ -1,8 +1,14 @@ class UserCertificationsController < ApplicationController + load_and_authorize_resource :user_certification + load_and_authorize_resource :user, :through => :user_certification + load_and_authorize_resource :certification, :through => :user_certification + before_filter :authenticate_user! + + # GET /user_certifications # GET /user_certifications.json def index - @user_certifications = UserCertification.all + @grouped_user_certs = @user_certifications.group_by { |u| u.user.name } respond_to do |format| format.html # index.html.erb @@ -13,8 +19,6 @@ class UserCertificationsController < ApplicationController # GET /user_certifications/1 # GET /user_certifications/1.json def show - @user_certification = UserCertification.find(params[:id]) - respond_to do |format| format.html # show.html.erb format.json { render :json => @user_certification } @@ -24,7 +28,8 @@ class UserCertificationsController < ApplicationController # GET /user_certifications/new # GET /user_certifications/new.json def new - @user_certification = UserCertification.new + @users = User.accessible_by(current_ability).sort_by(&:name) + @certifications = Certification.accessible_by(current_ability).sort_by(&:name) respond_to do |format| format.html # new.html.erb @@ -34,17 +39,14 @@ class UserCertificationsController < ApplicationController # GET /user_certifications/1/edit def edit - @user_certification = UserCertification.find(params[:id]) end # POST /user_certifications # POST /user_certifications.json def create - @user_certification = UserCertification.new(params[:user_certification]) - respond_to do |format| if @user_certification.save - format.html { redirect_to @user_certification, :notice => 'User certification was successfully created.' } + format.html { redirect_to UserCertification, :notice => 'User certification was successfully created.' } format.json { render :json => @user_certification, :status => :created, :location => @user_certification } else format.html { render :action => "new" } @@ -56,11 +58,9 @@ class UserCertificationsController < ApplicationController # PUT /user_certifications/1 # PUT /user_certifications/1.json def update - @user_certification = UserCertification.find(params[:id]) - respond_to do |format| if @user_certification.update_attributes(params[:user_certification]) - format.html { redirect_to @user_certification, :notice => 'User certification was successfully updated.' } + format.html { redirect_to UserCertification, :notice => 'User certification was successfully updated.' } format.json { head :no_content } else format.html { render :action => "edit" } @@ -72,7 +72,6 @@ class UserCertificationsController < ApplicationController # DELETE /user_certifications/1 # DELETE /user_certifications/1.json def destroy - @user_certification = UserCertification.find(params[:id]) @user_certification.destroy respond_to do |format| diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 0027ffe..c0c8c8c 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -1,7 +1,7 @@ class UsersController < ApplicationController load_and_authorize_resource before_filter :authenticate_user! - + # GET /users # GET /users.json def index diff --git a/app/models/ability.rb b/app/models/ability.rb index 3201c8e..1353a0b 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -3,16 +3,27 @@ class Ability def initialize(user) if !user.nil? + # By default, users can only see their own stuff + can :read, Card, :user_id => user.id + can :read, Certification + can :read, User, :id => user.id + can :read, UserCertification, :user_id => user.id + + # Admins can manage all if user.admin? can :manage, :all end + # Instructors can manage certs and see users if user.instructor? can :manage, Certification + can :read, User + can :manage, UserCertification end - - can :read, User - can :read, Certification - can :read, Card, :user_id => user.id + # Users can see others' stuff if they've been oriented + unless user.orientation.blank? + can :read, User + can :read, UserCertification + end end # Define abilities for the passed in user here. For example: # diff --git a/app/models/card.rb b/app/models/card.rb index 469fb2f..db48fda 100644 --- a/app/models/card.rb +++ b/app/models/card.rb @@ -2,7 +2,7 @@ class Card < ActiveRecord::Base require 'open-uri' attr_accessible :id, :user_id, :name, :card_number, :card_permissions - validates_uniqueness_of :card_number + validates_uniqueness_of :id,:card_number belongs_to :user def upload_to_door diff --git a/app/models/user.rb b/app/models/user.rb index 4e72376..6c41f9f 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -6,9 +6,23 @@ class User < ActiveRecord::Base :recoverable, :rememberable, :trackable, :validatable # Setup accessible (or protected) attributes for your model - attr_accessible :email, :password, :password_confirmation, :remember_me, :name, :admin, :instructor, :active, :emergency_name, :emergency_phone, :current_skills, :desired_skills, :waiver, :emergency_email, :phone, :payment_method, :orientation, :member_level, :certifications + attr_accessible :email, :password, :password_confirmation, :remember_me, :name, :admin, :instructor, :member, :emergency_name, :emergency_phone, :current_skills, :desired_skills, :waiver, :emergency_email, :phone, :payment_method, :orientation, :member_level, :certifications has_many :cards has_many :user_certifications has_many :certifications, :through => :user_certifications + + def member_status + # 1 = inactive, show an X + if self.member == 1 then + "!!" + # 25 or higher is paying, show a check + elsif self.member == 25 then + "" + elsif self.member == 50 then + "" + elsif self.member == 100 then + "" + end + end end diff --git a/app/models/user_certification.rb b/app/models/user_certification.rb index 25c0810..e29b17c 100644 --- a/app/models/user_certification.rb +++ b/app/models/user_certification.rb @@ -1,5 +1,8 @@ class UserCertification < ActiveRecord::Base attr_accessible :certification_id, :user_id + + validates_uniqueness_of :certification_id, :scope => :user_id, :message => 'already exists for this user.' # Makes sure users don't get certified twice + belongs_to :user belongs_to :certification end diff --git a/app/views/certifications/_form.html.erb b/app/views/certifications/_form.html.erb index 0eb73e4..d4fd187 100644 --- a/app/views/certifications/_form.html.erb +++ b/app/views/certifications/_form.html.erb @@ -19,10 +19,6 @@ <%= f.label :description %>
<%= f.text_area :description %> - <% f.fields_for :users do |u| %> - <%= u.label :user %>
- <%= collection_select(:certifications_users, :user_id, User.all.sort_by(&:name), :id, :name) %> - <% end %>
<%= f.submit %>
diff --git a/app/views/certifications/index.html.erb b/app/views/certifications/index.html.erb index 5d584b4..a429e00 100644 --- a/app/views/certifications/index.html.erb +++ b/app/views/certifications/index.html.erb @@ -1,6 +1,6 @@

Listing certifications

-<%= link_to 'New Certification', new_certification_path if can? :create, Certification %> +<%= link_to 'Create Certification', new_certification_path if can? :create, Certification %>