Fine tuned abilities and updated how membership is tracked

Gemfile

@@ -42,4 +42,4 @@ gem 'bcrypt-ruby', '~> 3.0.0'
 # To use debugger
 # gem 'ruby-debug'
 
-gem "paperclip", "~> 3.0"
+#gem "paperclip", "~> 3.0"

app/controllers/application_controller.rb

@@ -1,3 +1,10 @@
 class ApplicationController < ActionController::Base
   protect_from_forgery
+
+  rescue_from CanCan::AccessDenied do |exception|  
+    if current_user.orientation.blank? then
+      flash[:alert] = "Sorry, you need to complete New Member Orientation before having access to this page. <br/>Please check your email and schedule a New Member Orientation with a volunteer."
+      redirect_to root_url
+    end
+  end
 end

app/controllers/certifications_controller.rb

@@ -17,6 +17,13 @@ class CertificationsController < ApplicationController
   # GET /certifications/1
   # GET /certifications/1.json
   def show
+    @certification_users = []
+
+    #TODO: make a better SQL query for this
+    @certification.users.each do |user|
+      @certification_users.push user if can? :read, user
+    end
+
     respond_to do |format|
       format.html # show.html.erb
       format.json { render :json => @certification }

app/controllers/user_certifications_controller.rb

@@ -1,8 +1,14 @@
 class UserCertificationsController < ApplicationController
+  load_and_authorize_resource :user_certification
+  load_and_authorize_resource :user, :through => :user_certification
+  load_and_authorize_resource :certification, :through => :user_certification
+  before_filter :authenticate_user!
+
+  
   # GET /user_certifications
   # GET /user_certifications.json
   def index
-    @user_certifications = UserCertification.all
+    @grouped_user_certs = @user_certifications.group_by { |u| u.user.name }
 
     respond_to do |format|
       format.html # index.html.erb
@@ -13,8 +19,6 @@ class UserCertificationsController < ApplicationController
   # GET /user_certifications/1
   # GET /user_certifications/1.json
   def show
-    @user_certification = UserCertification.find(params[:id])
-
     respond_to do |format|
       format.html # show.html.erb
       format.json { render :json => @user_certification }
@@ -24,7 +28,8 @@ class UserCertificationsController < ApplicationController
   # GET /user_certifications/new
   # GET /user_certifications/new.json
   def new
-    @user_certification = UserCertification.new
+    @users = User.accessible_by(current_ability).sort_by(&:name)
+    @certifications = Certification.accessible_by(current_ability).sort_by(&:name)
 
     respond_to do |format|
       format.html # new.html.erb
@@ -34,17 +39,14 @@ class UserCertificationsController < ApplicationController
 
   # GET /user_certifications/1/edit
   def edit
-    @user_certification = UserCertification.find(params[:id])
   end
 
   # POST /user_certifications
   # POST /user_certifications.json
   def create
-    @user_certification = UserCertification.new(params[:user_certification])
-
     respond_to do |format|
       if @user_certification.save
-        format.html { redirect_to @user_certification, :notice => 'User certification was successfully created.' }
+        format.html { redirect_to UserCertification, :notice => 'User certification was successfully created.' }
         format.json { render :json => @user_certification, :status => :created, :location => @user_certification }
       else
         format.html { render :action => "new" }
@@ -56,11 +58,9 @@ class UserCertificationsController < ApplicationController
   # PUT /user_certifications/1
   # PUT /user_certifications/1.json
   def update
-    @user_certification = UserCertification.find(params[:id])
-
     respond_to do |format|
       if @user_certification.update_attributes(params[:user_certification])
-        format.html { redirect_to @user_certification, :notice => 'User certification was successfully updated.' }
+        format.html { redirect_to UserCertification, :notice => 'User certification was successfully updated.' }
         format.json { head :no_content }
       else
         format.html { render :action => "edit" }
@@ -72,7 +72,6 @@ class UserCertificationsController < ApplicationController
   # DELETE /user_certifications/1
   # DELETE /user_certifications/1.json
   def destroy
-    @user_certification = UserCertification.find(params[:id])
     @user_certification.destroy
 
     respond_to do |format|

app/models/ability.rb

@@ -3,16 +3,27 @@ class Ability
 
   def initialize(user)
     if !user.nil?
+      # By default, users can only see their own stuff
+      can :read, Card, :user_id => user.id
+      can :read, Certification
+      can :read, User, :id => user.id
+      can :read, UserCertification, :user_id => user.id
+
+      # Admins can manage all
       if user.admin?
         can :manage, :all
       end
+      # Instructors can manage certs and see users
       if user.instructor? 
         can :manage, Certification
-      end
-
         can :read, User
-      can :read, Certification
-      can :read, Card, :user_id => user.id
+        can :manage, UserCertification
+      end
+      # Users can see others' stuff if they've been oriented
+      unless user.orientation.blank?
+        can :read, User
+        can :read, UserCertification
+      end 
     end 
     # Define abilities for the passed in user here. For example:
     #

app/models/card.rb

@@ -2,7 +2,7 @@ class Card < ActiveRecord::Base
   require 'open-uri'
 
   attr_accessible :id, :user_id, :name, :card_number, :card_permissions
-  validates_uniqueness_of :card_number 
+  validates_uniqueness_of :id,:card_number
   belongs_to :user
 
   def upload_to_door

app/models/user.rb

@@ -6,9 +6,23 @@ class User < ActiveRecord::Base
          :recoverable, :rememberable, :trackable, :validatable
 
   # Setup accessible (or protected) attributes for your model
-  attr_accessible :email, :password, :password_confirmation, :remember_me, :name, :admin, :instructor, :active, :emergency_name, :emergency_phone, :current_skills, :desired_skills, :waiver, :emergency_email, :phone, :payment_method, :orientation, :member_level, :certifications
+  attr_accessible :email, :password, :password_confirmation, :remember_me, :name, :admin, :instructor, :member, :emergency_name, :emergency_phone, :current_skills, :desired_skills, :waiver, :emergency_email, :phone, :payment_method, :orientation, :member_level, :certifications
 
   has_many :cards
   has_many :user_certifications
   has_many :certifications, :through => :user_certifications
+
+  def member_status
+    # 1 = inactive, show an X
+    if self.member == 1 then
+       "<span class='hoverinfo' title='Inactive'>!!</span>"
+    # 25 or higher is paying, show a check
+    elsif self.member == 25 then
+       "<span class='hoverinfo' title='25'>&#x2713;</span>"
+    elsif self.member == 50 then
+       "<span class='hoverinfo' title='50'>&#x2713;</span>"
+    elsif self.member == 100 then
+       "<span class='hoverinfo' title='100'>&#x2713;</span>"
+    end
+  end
 end

app/models/user_certification.rb

@@ -1,5 +1,8 @@
 class UserCertification < ActiveRecord::Base
   attr_accessible :certification_id, :user_id
+
+  validates_uniqueness_of :certification_id, :scope => :user_id, :message => 'already exists for this user.'  # Makes sure users don't get certified twice
+
   belongs_to :user
   belongs_to :certification
 end

app/views/certifications/_form.html.erb

@@ -19,10 +19,6 @@
     <%= f.label :description %><br />
     <%= f.text_area :description %>
   </div>
-  <% f.fields_for :users do |u| %>
-    <%= u.label :user %><br />
-    <%= collection_select(:certifications_users, :user_id, User.all.sort_by(&:name), :id, :name) %>
-  <% end %>
   <div class="actions">
     <%= f.submit %>
   </div>

app/views/certifications/index.html.erb

@@ -1,6 +1,6 @@
 <h1>Listing certifications</h1>
 
-<%= link_to 'New Certification', new_certification_path if can? :create, Certification %>
+<%= link_to 'Create Certification', new_certification_path if can? :create, Certification %> 
 
 <ul>
 <% @certifications.each do |certification| %>

app/views/certifications/show.html.erb

@@ -10,10 +10,10 @@
 
 <b>Certified Users:</b>
 <ul>
-  <% @certification.users.each do |user| %>
+  <% @certification_users.each do |user| %>
       <li><%= link_to user.name, user %></li>
   <% end %>
-  <% if @certification.users.blank? then %><li>n/a</li><% end %>
+  <% if @certification_users.blank? then %><li>n/a</li><% end %>
 </ul>
 
 <% if can? :update, @certification %><%= link_to 'Edit', edit_certification_path(@certification) %> |<% end %>

app/views/home/index.html.erb

@@ -1 +1 @@
-Welcome.
+<p>Welcome to the HeatSync Labs Members App.</p>

app/views/layouts/application.html.erb

@@ -9,14 +9,19 @@
 <body>
   <div id="header">
     <%= link_to 'Users', users_path if can? :read, User %>
-    <%= link_to 'Cards', cards_path if can? :read, Card %>
+    <%= link_to 'Cards', cards_path if can? :manage, Card %>
+    <% if can? :manage, UserCertification %>
+      <%= link_to 'Cert Classes', certifications_path if can? :read, Certification %>
+      <%= link_to 'User Certs', user_certifications_path if can? :create, UserCertification %>
+    <% else %>
       <%= link_to 'Certifications', certifications_path if can? :read, Certification %>
+    <% end %>
     <%= link_to 'Logs', door_logs_path if can? :read, DoorLog %>
     <%= link_to 'Sign out', destroy_user_session_path, :method => :delete if user_signed_in? %>
     <%= link_to 'Sign in', new_user_session_path unless user_signed_in? %>
   </div>
-  <p class="notice"><%= notice %></p>
-  <p class="alert"><%= alert %></p>
+  <p class="notice"><%= raw(notice) %></p>
+  <p class="alert"><%= raw(alert) %></p>
 <%= yield %>
 
 </body>

app/views/user_certifications/_form.html.erb

@@ -1,7 +1,7 @@
 <%= form_for(@user_certification) do |f| %>
   <% if @user_certification.errors.any? %>
     <div id="error_explanation">
-      <h2><%= pluralize(@user_certification.errors.count, "error") %> prohibited this user_certification from being saved:</h2>
+      <h2><%= pluralize(@user_certification.errors.count, "error") %> prohibited this User Certification from being saved:</h2>
 
       <ul>
       <% @user_certification.errors.full_messages.each do |msg| %>
@@ -12,12 +12,12 @@
   <% end %>
 
   <div class="field">
-    <%= f.label :user_id %><br />
-    <%= f.number_field :user_id %>
+    <%= f.label :user_id, "User" %><br />
+    <%= collection_select(:user_certification, :user_id, @users, :id, :name) %>
   </div>
   <div class="field">
-    <%= f.label :certification_id %><br />
-    <%= f.number_field :certification_id %>
+    <%= f.label :certification_id, "Certification" %><br />
+    <%= collection_select(:user_certification, :certification_id, @certifications, :id, :name) %>
   </div>
   <div class="actions">
     <%= f.submit %>

app/views/user_certifications/edit.html.erb

@@ -1,4 +1,4 @@
-<h1>Editing user_certification</h1>
+<h1>Editing User Certification</h1>
 
 <%= render 'form' %>
 

app/views/user_certifications/index.html.erb

@@ -1,25 +1,18 @@
-<h1>Listing user_certifications</h1>
+<h1>Listing User Certifications</h1>
 
-<table>
-  <tr>
-    <th>User</th>
-    <th>Certification</th>
-    <th></th>
-    <th></th>
-    <th></th>
-  </tr>
-
-<% @user_certifications.each do |user_certification| %>
-  <tr>
-    <td><%= user_certification.user_id %></td>
-    <td><%= user_certification.certification_id %></td>
-    <td><%= link_to 'Show', user_certification %></td>
-    <td><%= link_to 'Edit', edit_user_certification_path(user_certification) %></td>
-    <td><%= link_to 'Destroy', user_certification, :confirm => 'Are you sure?', :method => :delete %></td>
-  </tr>
+<dl>
+  <% @grouped_user_certs.sort.each do |user, user_certifications| %>
+    <dt><%= user %></dt>
+    <% user_certifications.each do |user_certification| %>
+      <dd>
+        <%= link_to user_certification.certification.name, user_certification %> | 
+        <%= link_to 'Edit', edit_user_certification_path(user_certification) %> |
+        <%= link_to 'Destroy', user_certification, :confirm => 'Are you sure?', :method => :delete %>
+      </dd>
+    <% end %>
 <% end %>
-</table>
+</dl>
 
 <br />
 
-<%= link_to 'New User certification', new_user_certification_path %>
+<%= link_to 'New User Certification', new_user_certification_path %>

app/views/user_certifications/new.html.erb

@@ -1,4 +1,4 @@
-<h1>New user_certification</h1>
+<h1>New User Certification</h1>
 
 <%= render 'form' %>
 

app/views/user_certifications/show.html.erb

@@ -1,11 +1,11 @@
 <p>
   <b>User:</b>
-  <%= @user_certification.user_id %>
+  <%= @user_certification.user.name %>
 </p>
 
 <p>
   <b>Certification:</b>
-  <%= @user_certification.certification_id %>
+  <%= @user_certification.certification.name %>
 </p>
 
 

app/views/users/_form.html.erb

@@ -74,8 +74,12 @@
   </div>
 <% end %>
   <div class="field">
-    <%= f.label :active, "Active?" %><br />
-    <%= f.check_box :active %>
+    <%= f.label :member, "Member?" %><br />
+    <%= f.select :member, [["No",0],["Inactive",1],["Volunteer",10],["Associate",25],["Basic",50],["Plus",100]]  %>
+  </div>
+  <div class="field">
+    <%= f.label :instructor, "Instructor?" %><br />
+    <%= f.check_box :instructor %>
   </div>
   <div class="field">
     <%= f.label :admin, "Admin?" %><br />

app/views/users/index.html.erb

@@ -7,15 +7,14 @@
   <tr>
     <th>Name</th>
     <th>Email</th>
-    <% if current_user.admin? then %>
-      <th>Cards</th>
-    <% end %>
     <th>Certifications</th>
-    <th>Active?</th>
-    <th>Waiver?</th>
     <% if current_user.admin? then %>
     <th>Orientation?</th>
     <% end %>
+    <th>Waiver?</th>
+    <th>Member?</th>
+    <th>Card?</th>
+    <th>Instructor?</th>
     <th>Admin?</th>
     <th></th>
     <th></th>
@@ -26,19 +25,16 @@
   <tr>
     <td><%= link_to user.name, user %></td>
     <td><%= user.email %></td>
-    <% if current_user.admin? then %><td>
-      <% user.cards.each do |c| %>
-        <%= link_to c.card_number, card_url(c) %><%= "," unless c == user.cards.last %>
-      <% end %>
-    </td><% end %>
     <td><% user.certifications.each do |c| %>
-      <%= link_to c.name, c %><%= "," unless c == user.certifications.last %>
+      <%= link_to c.name, c %><%= "," unless c.id == user.certifications.last.id %>
     <% end %></td>
-    <td><%= if user.active? then raw("&#x2713;") end %></td>
-    <td><%= unless user.waiver.blank? then raw("<span class='hoverinfo' title='"+user.waiver.strftime("%B %d %Y")+"'>&#x2713;</span>") end %></td>
     <% if current_user.admin? then %><td>
       <%= unless user.orientation.blank? then raw("<span class='hoverinfo' title='"+user.orientation.strftime("%B %d %Y")+"'>&#x2713;</span>") end %>
     </td><% end %>
+    <td><%= unless user.waiver.blank? then raw("<span class='hoverinfo' title='"+user.waiver.strftime("%B %d %Y")+"'>&#x2713;</span>") end %></td>
+    <td><%= raw(user.member_status) %></td>
+    <td><%= unless user.cards.blank? then raw("&#x2713;") end %></td>
+    <td><%= if user.instructor? then raw("&#x2713;") end %></td>
     <td><%= if user.admin? then raw("&#x2713;") end %></td>
     <td><%= link_to 'Edit', edit_user_path(user) if can? :update, user %></td>
     <td><%= link_to 'Destroy', user, :confirm => 'Are you sure? WARNING: THIS DOES NOT REMOVE THE USER FROM THE DOOR SYSTEM! DISABLE THEM FIRST.', :method => :delete if can? :destroy, user %></td>

app/views/users/show.html.erb

@@ -10,8 +10,25 @@
 </p>
 
 <p>
-  <b>Active?</b>
-  <%= @user.active %>
+  <b>Waiver?</b>
+  <%= @user.waiver %>
+</p>
+
+<% if current_user.admin? then %>
+<p>
+  <b>Orientation?</b>
+  <%= @user.orientation %>
+</p>
+<% end %>
+
+<p>
+  <b>Member?</b>
+  <%= @user.member %>
+</p>
+
+<p>
+  <b>Instructor?</b>
+  <%= @user.instructor %>
 </p>
 
 <p>
@@ -19,6 +36,15 @@
   <%= @user.admin %>
 </p>
 
+<% if current_user.admin? then %>
+<p>
+  <b>Cards:</b>
+  <% @user.cards.each do |c| %>
+    <%= link_to c.card_number, c %><%= "," unless c == @user.cards.last %>
+  <% end %>
+</p>
+<% end %>
+
 <b>Certifications:</b>
 <ul>
   <% @user.certifications.each do |certification| %>
@@ -27,6 +53,5 @@
   <% if @user.certifications.blank? %><li>n/a</li><% end %>
 </ul>
 
-
 <%= link_to 'Edit', edit_user_path(@user) %> |
 <%= link_to 'Back', users_path %>

db/migrate/20130125123317_change_users_active_to_member.rb

@@ -0,0 +1,6 @@
+class ChangeUsersActiveToMember < ActiveRecord::Migration
+  def change
+    change_column :users, :active, :string
+    rename_column :users, :active, :member
+  end
+end

db/migrate/20130125124102_change_users_member_to_integer.rb

@@ -0,0 +1,5 @@
+class ChangeUsersMemberToInteger < ActiveRecord::Migration
+  def change
+    change_column :users, :member, :integer
+  end
+end

db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended to check this file into your version control system.
 
-ActiveRecord::Schema.define(:version => 20130125102002) do
+ActiveRecord::Schema.define(:version => 20130125124102) do
 
   create_table "cards", :force => true do |t|
     t.string   "card_number"
@@ -57,7 +57,7 @@ ActiveRecord::Schema.define(:version => 20130125102002) do
     t.string   "current_sign_in_ip"
     t.string   "last_sign_in_ip"
     t.boolean  "admin"
-    t.boolean  "active"
+    t.integer  "member",                 :limit => 255
     t.datetime "waiver"
     t.datetime "orientation"
     t.string   "emergency_name"