Fine tuned abilities and updated how membership is tracked

app/models/ability.rb

@@ -3,16 +3,27 @@ class Ability
 
   def initialize(user)
     if !user.nil?
+      # By default, users can only see their own stuff
+      can :read, Card, :user_id => user.id
+      can :read, Certification
+      can :read, User, :id => user.id
+      can :read, UserCertification, :user_id => user.id
+
+      # Admins can manage all
       if user.admin?
         can :manage, :all
       end
+      # Instructors can manage certs and see users
       if user.instructor? 
         can :manage, Certification
+        can :read, User
+        can :manage, UserCertification
       end
-
-      can :read, User
-      can :read, Certification
-      can :read, Card, :user_id => user.id
+      # Users can see others' stuff if they've been oriented
+      unless user.orientation.blank?
+        can :read, User
+        can :read, UserCertification
+      end 
     end 
     # Define abilities for the passed in user here. For example:
     #

app/models/card.rb

@@ -2,7 +2,7 @@ class Card < ActiveRecord::Base
   require 'open-uri'
 
   attr_accessible :id, :user_id, :name, :card_number, :card_permissions
-  validates_uniqueness_of :card_number 
+  validates_uniqueness_of :id,:card_number
   belongs_to :user
 
   def upload_to_door

app/models/user.rb

@@ -6,9 +6,23 @@ class User < ActiveRecord::Base
          :recoverable, :rememberable, :trackable, :validatable
 
   # Setup accessible (or protected) attributes for your model
-  attr_accessible :email, :password, :password_confirmation, :remember_me, :name, :admin, :instructor, :active, :emergency_name, :emergency_phone, :current_skills, :desired_skills, :waiver, :emergency_email, :phone, :payment_method, :orientation, :member_level, :certifications
+  attr_accessible :email, :password, :password_confirmation, :remember_me, :name, :admin, :instructor, :member, :emergency_name, :emergency_phone, :current_skills, :desired_skills, :waiver, :emergency_email, :phone, :payment_method, :orientation, :member_level, :certifications
 
   has_many :cards
   has_many :user_certifications
   has_many :certifications, :through => :user_certifications
+
+  def member_status
+    # 1 = inactive, show an X
+    if self.member == 1 then
+       "<span class='hoverinfo' title='Inactive'>!!</span>"
+    # 25 or higher is paying, show a check
+    elsif self.member == 25 then
+       "<span class='hoverinfo' title='25'>&#x2713;</span>"
+    elsif self.member == 50 then
+       "<span class='hoverinfo' title='50'>&#x2713;</span>"
+    elsif self.member == 100 then
+       "<span class='hoverinfo' title='100'>&#x2713;</span>"
+    end
+  end
 end

app/models/user_certification.rb

@@ -1,5 +1,8 @@
 class UserCertification < ActiveRecord::Base
   attr_accessible :certification_id, :user_id
+
+  validates_uniqueness_of :certification_id, :scope => :user_id, :message => 'already exists for this user.'  # Makes sure users don't get certified twice
+
   belongs_to :user
   belongs_to :certification
 end