will/Open-Source-Access-Control-Web-Interface
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Updated permissions for deletion and styling for hidden items

Browse Source
This commit is contained in:
Will Bradley 2013-01-25 18:21:42 -07:00
parent 3d00bbed03
commit c547af5391
5 changed files with 13 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/assets/stylesheets/scaffolds.css.scss
View File

@ -74,4 +74,4 @@ td, th { padding: 0.5em; }
dt { font-weight: bold; } dt { font-weight: bold; }
.notice { color: green; } .notice { color: green; }
.alert { color: red; } .alert { color: red; }
.hidden, .hidden a { color: #ccc; }

10
app/models/ability.rb
View File

@ -3,10 +3,11 @@ class Ability
def initialize(user) def initialize(user)
if !user.nil? if !user.nil?
# By default, users can only see their own stuff # By default, users can only see their own stuff
can :read, Card, :user_id => user.id can :read, Card, :user_id => user.id
can :read, Certification can :read, Certification
can :read, User, :id => user.id can :read, User, :id => user.id #TODO: why can users update themselves?
can :read, UserCertification, :user_id => user.id can :read, UserCertification, :user_id => user.id
# Admins can manage all # Admins can manage all
@ -24,6 +25,13 @@ class Ability
can :read, User, :hidden => [nil,false] can :read, User, :hidden => [nil,false]
can :read, UserCertification can :read, UserCertification
end end
# Prevent all destruction for now
cannot :destroy, User
cannot :destroy, Card
cannot :destroy, Certification
cannot :destroy, UserCertification
cannot :destroy, DoorLog
end end
# Define abilities for the passed in user here. For example: # Define abilities for the passed in user here. For example:
# #

2
app/views/certifications/index.html.erb
View File

@ -6,7 +6,7 @@
<% @certifications.each do |certification| %> <% @certifications.each do |certification| %>
<li><%= link_to certification.name, certification %> <li><%= link_to certification.name, certification %>
<% if can? :update, certification %> | <%= link_to 'Edit', edit_certification_path(certification) %><% end %> <% if can? :update, certification %> | <%= link_to 'Edit', edit_certification_path(certification) %><% end %>
<% if can? :delete, certification %> | <%= link_to 'Destroy', certification, :confirm => 'Are you sure?', :method => :delete %><% end %> <% if can? :destroy, certification %> | <%= link_to 'Destroy', certification, :confirm => 'Are you sure?', :method => :delete %><% end %>
</li> </li>
<% end %> <% end %>
</ul> </ul>

2
app/views/user_certifications/show.html.erb
View File

@ -21,5 +21,5 @@
<%= link_to 'Edit', edit_user_certification_path(@user_certification) %> | <%= link_to 'Edit', edit_user_certification_path(@user_certification) %> |
<%= link_to 'Back', user_certifications_path %> <%= link_to 'Back', user_certifications_path %>
<p> <p>
<%= link_to 'Destroy', @user_certification, :confirm => "Are you sure you want to destroy this user's certification?", :method => :delete %> <%= link_to 'Destroy', @user_certification, :confirm => "Are you sure you want to destroy this user's certification?", :method => :delete if can? :destroy, @user_certification %>
</p> </p>

2
app/views/users/index.html.erb
View File

@ -31,7 +31,7 @@
<% if !@users.blank? %> <% if !@users.blank? %>
<% @users.each do |user| %> <% @users.each do |user| %>
<tr> <tr<%= " class='hidden'" if user.hidden? %>>
<td><%= link_to user.name, user %></td> <td><%= link_to user.name, user %></td>
<% if current_user.admin? then %><td><%= user.email %></td><% end %> <% if current_user.admin? then %><td><%= user.email %></td><% end %>
<td><% user.certifications.each do |c| %> <td><% user.certifications.each do |c| %>