From ee7e79a433112e2e6d89a05e58f1e3a5f0a9fc7d Mon Sep 17 00:00:00 2001 From: Will Bradley Date: Sun, 9 Feb 2014 05:13:35 -0700 Subject: [PATCH] Allowing people to view/edit --- app/controllers/resources_controller.rb | 4 +++- app/models/ability.rb | 3 ++- app/models/resource.rb | 2 +- app/views/resources/_resource.html.erb | 12 ++++++------ app/views/resources/show.html.erb | 2 +- .../20140209120648_add_modified_by_to_resources.rb | 5 +++++ db/schema.rb | 3 ++- 7 files changed, 20 insertions(+), 11 deletions(-) create mode 100644 db/migrate/20140209120648_add_modified_by_to_resources.rb diff --git a/app/controllers/resources_controller.rb b/app/controllers/resources_controller.rb index ca0adcc..f111c45 100755 --- a/app/controllers/resources_controller.rb +++ b/app/controllers/resources_controller.rb @@ -12,6 +12,7 @@ class ResourcesController < ApplicationController end def create + @resource.modified_by = current_user.id # log who modified this last authorize! :create, @resource respond_to do |format| @@ -26,6 +27,7 @@ class ResourcesController < ApplicationController end def update + @resource.modified_by = current_user.id # log who modified this last @resource.assign_attributes(params[:resource]) authorize! :update, @resource @@ -50,7 +52,7 @@ class ResourcesController < ApplicationController end def load_users - if can? :manage, Resource then + if can? :assign_user, Resource then @users = User.accessible_by(current_ability).sort_by(&:name) else @users = [current_user] diff --git a/app/models/ability.rb b/app/models/ability.rb index 65c3066..e2efe81 100755 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -14,8 +14,8 @@ class Ability can :read_details, Mac can [:update], Mac, :user_id => nil can [:create,:update], Mac, :user_id => user.id + can [:create,:update,:destroy], Resource, :user_id => user.id can :read, Payment, :user_id => user.id - can [:create,:update], Resource, :user_id => user.id can :read, UserCertification, :user_id => user.id can :read, User, :id => user.id #TODO: why can users update themselves? Maybe because Devise doesn't check users/edit? can :compose_email, User @@ -36,6 +36,7 @@ class Ability unless user.orientation.blank? can [:read,:new_member_report,:activity], User, :hidden => [nil,false] can :read, UserCertification + can [:create,:update,:destroy], Resource, :user_id => [nil,user.id] end # Accountants can manage payments diff --git a/app/models/resource.rb b/app/models/resource.rb index 8b40e86..f10b457 100755 --- a/app/models/resource.rb +++ b/app/models/resource.rb @@ -1,5 +1,5 @@ class Resource < ActiveRecord::Base - attr_accessible :supercategory, :user_id, :category_id, :name, :serial, :specs, :status, :donatable, :picture, :picture_file_name, :picture_content_type, :picture_file_size, :picture_updated_at, :notes, :estimated_value, :disposed_at + attr_accessible :supercategory, :user_id, :category_id, :name, :serial, :specs, :status, :donatable, :picture, :picture_file_name, :picture_content_type, :picture_file_size, :picture_updated_at, :notes, :estimated_value, :disposed_at, :modified_by belongs_to :owner, :class_name => "ToolshareUser" #TODO: remove owner belongs_to :user diff --git a/app/views/resources/_resource.html.erb b/app/views/resources/_resource.html.erb index acb0c38..3b7cb97 100755 --- a/app/views/resources/_resource.html.erb +++ b/app/views/resources/_resource.html.erb @@ -1,12 +1,12 @@
- <% if resource.user %> - Owned by:
<%= resource.user.name %> - <% end %> - <% if resource.disposed_at %> - Disposed:
<%= resource.disposed_at.to_date %> - <% end %> <%= link_to(resource) do %> + <% if resource.user %> + Owned by:
<%= resource.user.name %> + <% end %> + <% if resource.disposed_at %> + Disposed:
<%= resource.disposed_at.to_date %> + <% end %> <%= image_tag(resource.picture.url(:thumb)) if resource.picture? %>

<%=h resource.name %>

<% end %> diff --git a/app/views/resources/show.html.erb b/app/views/resources/show.html.erb index 01efe9b..a0376d6 100644 --- a/app/views/resources/show.html.erb +++ b/app/views/resources/show.html.erb @@ -2,7 +2,7 @@

<%=h @resource.name %> <%= link_to 'Back', resources_path, class: "btn btn-default" %> -<%= link_to 'Edit', edit_resource_path(@resource), class: "btn btn-primary" %> +<%= link_to 'Edit', edit_resource_path(@resource), class: "btn btn-primary" if can? :edit, @resource %>

<% if @resource.user || @resource.owner %>

diff --git a/db/migrate/20140209120648_add_modified_by_to_resources.rb b/db/migrate/20140209120648_add_modified_by_to_resources.rb new file mode 100644 index 0000000..cb8a841 --- /dev/null +++ b/db/migrate/20140209120648_add_modified_by_to_resources.rb @@ -0,0 +1,5 @@ +class AddModifiedByToResources < ActiveRecord::Migration + def change + add_column :resources, :modified_by, :integer + end +end diff --git a/db/schema.rb b/db/schema.rb index 52fde6c..d7aeff0 100755 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended to check this file into your version control system. -ActiveRecord::Schema.define(:version => 20140209104356) do +ActiveRecord::Schema.define(:version => 20140209120648) do create_table "cards", :force => true do |t| t.string "card_number" @@ -142,6 +142,7 @@ ActiveRecord::Schema.define(:version => 20140209104356) do t.string "estimated_value" t.integer "user_id" t.datetime "disposed_at" + t.integer "modified_by" end create_table "settings", :force => true do |t|