From c547af53917421790de4950c92e8b20ffa24ee06 Mon Sep 17 00:00:00 2001 From: Will Bradley Date: Fri, 25 Jan 2013 18:21:42 -0700 Subject: [PATCH] Updated permissions for deletion and styling for hidden items --- app/assets/stylesheets/scaffolds.css.scss | 2 +- app/models/ability.rb | 10 +++++++++- app/views/certifications/index.html.erb | 2 +- app/views/user_certifications/show.html.erb | 2 +- app/views/users/index.html.erb | 2 +- 5 files changed, 13 insertions(+), 5 deletions(-) diff --git a/app/assets/stylesheets/scaffolds.css.scss b/app/assets/stylesheets/scaffolds.css.scss index 61fedd4..02ff4b7 100644 --- a/app/assets/stylesheets/scaffolds.css.scss +++ b/app/assets/stylesheets/scaffolds.css.scss @@ -74,4 +74,4 @@ td, th { padding: 0.5em; } dt { font-weight: bold; } .notice { color: green; } .alert { color: red; } - +.hidden, .hidden a { color: #ccc; } diff --git a/app/models/ability.rb b/app/models/ability.rb index 57035eb..1c4ae6d 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -3,10 +3,11 @@ class Ability def initialize(user) if !user.nil? + # By default, users can only see their own stuff can :read, Card, :user_id => user.id can :read, Certification - can :read, User, :id => user.id + can :read, User, :id => user.id #TODO: why can users update themselves? can :read, UserCertification, :user_id => user.id # Admins can manage all @@ -24,6 +25,13 @@ class Ability can :read, User, :hidden => [nil,false] can :read, UserCertification end + + # Prevent all destruction for now + cannot :destroy, User + cannot :destroy, Card + cannot :destroy, Certification + cannot :destroy, UserCertification + cannot :destroy, DoorLog end # Define abilities for the passed in user here. For example: # diff --git a/app/views/certifications/index.html.erb b/app/views/certifications/index.html.erb index a429e00..222caf2 100644 --- a/app/views/certifications/index.html.erb +++ b/app/views/certifications/index.html.erb @@ -6,7 +6,7 @@ <% @certifications.each do |certification| %>
  • <%= link_to certification.name, certification %> <% if can? :update, certification %> | <%= link_to 'Edit', edit_certification_path(certification) %><% end %> - <% if can? :delete, certification %> | <%= link_to 'Destroy', certification, :confirm => 'Are you sure?', :method => :delete %><% end %> + <% if can? :destroy, certification %> | <%= link_to 'Destroy', certification, :confirm => 'Are you sure?', :method => :delete %><% end %>
    • <% end %> diff --git a/app/views/user_certifications/show.html.erb b/app/views/user_certifications/show.html.erb index ebd167a..bcd1707 100644 --- a/app/views/user_certifications/show.html.erb +++ b/app/views/user_certifications/show.html.erb @@ -21,5 +21,5 @@ <%= link_to 'Edit', edit_user_certification_path(@user_certification) %> | <%= link_to 'Back', user_certifications_path %>

    -<%= link_to 'Destroy', @user_certification, :confirm => "Are you sure you want to destroy this user's certification?", :method => :delete %> +<%= link_to 'Destroy', @user_certification, :confirm => "Are you sure you want to destroy this user's certification?", :method => :delete if can? :destroy, @user_certification %>

    diff --git a/app/views/users/index.html.erb b/app/views/users/index.html.erb index da10d93..69a5c53 100644 --- a/app/views/users/index.html.erb +++ b/app/views/users/index.html.erb @@ -31,7 +31,7 @@ <% if !@users.blank? %> <% @users.each do |user| %> - +