Allowing people to view/edit
This commit is contained in:
parent
2c4cd4a020
commit
ee7e79a433
app
controllers
models
views/resources
db
|
@ -12,6 +12,7 @@ class ResourcesController < ApplicationController
|
|||
end
|
||||
|
||||
def create
|
||||
@resource.modified_by = current_user.id # log who modified this last
|
||||
authorize! :create, @resource
|
||||
|
||||
respond_to do |format|
|
||||
|
@ -26,6 +27,7 @@ class ResourcesController < ApplicationController
|
|||
end
|
||||
|
||||
def update
|
||||
@resource.modified_by = current_user.id # log who modified this last
|
||||
@resource.assign_attributes(params[:resource])
|
||||
authorize! :update, @resource
|
||||
|
||||
|
@ -50,7 +52,7 @@ class ResourcesController < ApplicationController
|
|||
end
|
||||
|
||||
def load_users
|
||||
if can? :manage, Resource then
|
||||
if can? :assign_user, Resource then
|
||||
@users = User.accessible_by(current_ability).sort_by(&:name)
|
||||
else
|
||||
@users = [current_user]
|
||||
|
|
|
@ -14,8 +14,8 @@ class Ability
|
|||
can :read_details, Mac
|
||||
can [:update], Mac, :user_id => nil
|
||||
can [:create,:update], Mac, :user_id => user.id
|
||||
can [:create,:update,:destroy], Resource, :user_id => user.id
|
||||
can :read, Payment, :user_id => user.id
|
||||
can [:create,:update], Resource, :user_id => user.id
|
||||
can :read, UserCertification, :user_id => user.id
|
||||
can :read, User, :id => user.id #TODO: why can users update themselves? Maybe because Devise doesn't check users/edit?
|
||||
can :compose_email, User
|
||||
|
@ -36,6 +36,7 @@ class Ability
|
|||
unless user.orientation.blank?
|
||||
can [:read,:new_member_report,:activity], User, :hidden => [nil,false]
|
||||
can :read, UserCertification
|
||||
can [:create,:update,:destroy], Resource, :user_id => [nil,user.id]
|
||||
end
|
||||
|
||||
# Accountants can manage payments
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
class Resource < ActiveRecord::Base
|
||||
attr_accessible :supercategory, :user_id, :category_id, :name, :serial, :specs, :status, :donatable, :picture, :picture_file_name, :picture_content_type, :picture_file_size, :picture_updated_at, :notes, :estimated_value, :disposed_at
|
||||
attr_accessible :supercategory, :user_id, :category_id, :name, :serial, :specs, :status, :donatable, :picture, :picture_file_name, :picture_content_type, :picture_file_size, :picture_updated_at, :notes, :estimated_value, :disposed_at, :modified_by
|
||||
|
||||
belongs_to :owner, :class_name => "ToolshareUser" #TODO: remove owner
|
||||
belongs_to :user
|
||||
|
|
|
@ -1,12 +1,12 @@
|
|||
<div class="col-sm-2">
|
||||
<div class="thumbnail">
|
||||
<% if resource.user %>
|
||||
<span class="ownership">Owned by:<br/><%= resource.user.name %></span>
|
||||
<% end %>
|
||||
<% if resource.disposed_at %>
|
||||
<span class="disposed">Disposed:<br/><%= resource.disposed_at.to_date %></span>
|
||||
<% end %>
|
||||
<%= link_to(resource) do %>
|
||||
<% if resource.user %>
|
||||
<span class="ownership">Owned by:<br/><%= resource.user.name %></span>
|
||||
<% end %>
|
||||
<% if resource.disposed_at %>
|
||||
<span class="disposed">Disposed:<br/><%= resource.disposed_at.to_date %></span>
|
||||
<% end %>
|
||||
<%= image_tag(resource.picture.url(:thumb)) if resource.picture? %>
|
||||
<h4><%=h resource.name %></h4>
|
||||
<% end %>
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
<h2><%=h @resource.name %>
|
||||
<%= link_to 'Back', resources_path, class: "btn btn-default" %>
|
||||
<%= link_to 'Edit', edit_resource_path(@resource), class: "btn btn-primary" %>
|
||||
<%= link_to 'Edit', edit_resource_path(@resource), class: "btn btn-primary" if can? :edit, @resource %>
|
||||
</h2>
|
||||
<% if @resource.user || @resource.owner %>
|
||||
<p>
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
class AddModifiedByToResources < ActiveRecord::Migration
|
||||
def change
|
||||
add_column :resources, :modified_by, :integer
|
||||
end
|
||||
end
|
|
@ -11,7 +11,7 @@
|
|||
#
|
||||
# It's strongly recommended to check this file into your version control system.
|
||||
|
||||
ActiveRecord::Schema.define(:version => 20140209104356) do
|
||||
ActiveRecord::Schema.define(:version => 20140209120648) do
|
||||
|
||||
create_table "cards", :force => true do |t|
|
||||
t.string "card_number"
|
||||
|
@ -142,6 +142,7 @@ ActiveRecord::Schema.define(:version => 20140209104356) do
|
|||
t.string "estimated_value"
|
||||
t.integer "user_id"
|
||||
t.datetime "disposed_at"
|
||||
t.integer "modified_by"
|
||||
end
|
||||
|
||||
create_table "settings", :force => true do |t|
|
||||
|
|
Loading…
Reference in New Issue
Block a user