will/Open-Source-Access-Control-Web-Interface
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Updated permissions for deletion and styling for hidden items

Browse Source
This commit is contained in:
Will Bradley
2013-01-25 18:21:42 -07:00
parent 3d00bbed03
commit c547af5391
5 changed files with 13 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
app/models/ability.rb
View File

@@ -3,10 +3,11 @@ class Ability
def initialize(user)
if !user.nil?
# By default, users can only see their own stuff
can :read, Card, :user_id => user.id
can :read, Certification
can :read, User, :id => user.id
can :read, User, :id => user.id #TODO: why can users update themselves?
can :read, UserCertification, :user_id => user.id
# Admins can manage all
@@ -24,6 +25,13 @@ class Ability
can :read, User, :hidden => [nil,false]
can :read, UserCertification
end
# Prevent all destruction for now
cannot :destroy, User
cannot :destroy, Card
cannot :destroy, Certification
cannot :destroy, UserCertification
cannot :destroy, DoorLog
end
# Define abilities for the passed in user here. For example:
#