Fine tuned abilities and updated how membership is tracked

2013-01-25 06:01:02 -07:00
parent 6e77b2bf68
commit 653fcc3112
25 changed files with 158 additions and 87 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,3 +1,10 @@
 class ApplicationController < ActionController::Base
  protect_from_forgery
+
+  rescue_from CanCan::AccessDenied do |exception|  
+    if current_user.orientation.blank? then
+      flash[:alert] = "Sorry, you need to complete New Member Orientation before having access to this page. <br/>Please check your email and schedule a New Member Orientation with a volunteer."
+      redirect_to root_url
+    end
+  end
 end
--- a/app/controllers/certifications_controller.rb
+++ b/app/controllers/certifications_controller.rb
@@ -17,6 +17,13 @@ class CertificationsController < ApplicationController
  # GET /certifications/1
  # GET /certifications/1.json
  def show
+    @certification_users = []
+
+    #TODO: make a better SQL query for this
+    @certification.users.each do |user|
+      @certification_users.push user if can? :read, user
+    end
+
    respond_to do |format|
      format.html # show.html.erb
      format.json { render :json => @certification }
--- a/app/controllers/user_certifications_controller.rb
+++ b/app/controllers/user_certifications_controller.rb
@@ -1,8 +1,14 @@
 class UserCertificationsController < ApplicationController
+  load_and_authorize_resource :user_certification
+  load_and_authorize_resource :user, :through => :user_certification
+  load_and_authorize_resource :certification, :through => :user_certification
+  before_filter :authenticate_user!
+
+  
  # GET /user_certifications
  # GET /user_certifications.json
  def index
-    @user_certifications = UserCertification.all
+    @grouped_user_certs = @user_certifications.group_by { |u| u.user.name }

    respond_to do |format|
      format.html # index.html.erb
@@ -13,8 +19,6 @@ class UserCertificationsController < ApplicationController
  # GET /user_certifications/1
  # GET /user_certifications/1.json
  def show
-    @user_certification = UserCertification.find(params[:id])
-
    respond_to do |format|
      format.html # show.html.erb
      format.json { render :json => @user_certification }
@@ -24,7 +28,8 @@ class UserCertificationsController < ApplicationController
  # GET /user_certifications/new
  # GET /user_certifications/new.json
  def new
-    @user_certification = UserCertification.new
+    @users = User.accessible_by(current_ability).sort_by(&:name)
+    @certifications = Certification.accessible_by(current_ability).sort_by(&:name)

    respond_to do |format|
      format.html # new.html.erb
@@ -34,17 +39,14 @@ class UserCertificationsController < ApplicationController

  # GET /user_certifications/1/edit
  def edit
-    @user_certification = UserCertification.find(params[:id])
  end

  # POST /user_certifications
  # POST /user_certifications.json
  def create
-    @user_certification = UserCertification.new(params[:user_certification])
-
    respond_to do |format|
      if @user_certification.save
-        format.html { redirect_to @user_certification, :notice => 'User certification was successfully created.' }
+        format.html { redirect_to UserCertification, :notice => 'User certification was successfully created.' }
        format.json { render :json => @user_certification, :status => :created, :location => @user_certification }
      else
        format.html { render :action => "new" }
@@ -56,11 +58,9 @@ class UserCertificationsController < ApplicationController
  # PUT /user_certifications/1
  # PUT /user_certifications/1.json
  def update
-    @user_certification = UserCertification.find(params[:id])
-
    respond_to do |format|
      if @user_certification.update_attributes(params[:user_certification])
-        format.html { redirect_to @user_certification, :notice => 'User certification was successfully updated.' }
+        format.html { redirect_to UserCertification, :notice => 'User certification was successfully updated.' }
        format.json { head :no_content }
      else
        format.html { render :action => "edit" }
@@ -72,7 +72,6 @@ class UserCertificationsController < ApplicationController
  # DELETE /user_certifications/1
  # DELETE /user_certifications/1.json
  def destroy
-    @user_certification = UserCertification.find(params[:id])
    @user_certification.destroy

    respond_to do |format|
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1,7 +1,7 @@
 class UsersController < ApplicationController
  load_and_authorize_resource
  before_filter :authenticate_user!
-  
+
  # GET /users
  # GET /users.json
  def index