will/Open-Source-Access-Control-Web-Interface
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixing user-emailing abilities

Browse Source
This commit is contained in:
Will Bradley 2013-12-13 03:34:52 -07:00
parent ef590793f2
commit cbadcc5c73
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/controllers/users_controller.rb
View File

@ -73,12 +73,10 @@ class UsersController < ApplicationController
def compose_email
@user = User.find(params[:user_id])
authorize! :read, @user
end
def send_email
@user = User.find(params[:user_id])
authorize! :read, @user
@subject = params[:subject]
@body = params[:body]
if @user.send_email(current_user,@subject,@body)

2
app/models/ability.rb
View File

@ -16,6 +16,8 @@ class Ability
can :read, Payment, :user_id => user.id
can [:read,:new_member_report], User, :id => user.id #TODO: why can users update themselves? Maybe because Devise doesn't check users/edit?
can :read, UserCertification, :user_id => user.id
can :compose_email, User
can :send_email, User
if user.card_access_enabled
can :access_doors_remotely, :door_access