Allowing people to view/edit

2014-02-09 05:13:35 -07:00
parent 2c4cd4a020
commit ee7e79a433
7 changed files with 20 additions and 11 deletions
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -14,8 +14,8 @@ class Ability
      can :read_details, Mac
      can [:update], Mac, :user_id => nil
      can [:create,:update], Mac, :user_id => user.id
+      can [:create,:update,:destroy], Resource, :user_id => user.id
      can :read, Payment, :user_id => user.id
-      can [:create,:update], Resource, :user_id => user.id
      can :read, UserCertification, :user_id => user.id
      can :read, User, :id => user.id #TODO: why can users update themselves? Maybe because Devise doesn't check users/edit?
      can :compose_email, User
@@ -36,6 +36,7 @@ class Ability
      unless user.orientation.blank?
        can [:read,:new_member_report,:activity], User, :hidden => [nil,false]
        can :read, UserCertification
+        can [:create,:update,:destroy], Resource, :user_id => [nil,user.id]
      end 

      # Accountants can manage payments
--- a/app/models/resource.rb
+++ b/app/models/resource.rb
@@ -1,5 +1,5 @@
 class Resource < ActiveRecord::Base
-  attr_accessible :supercategory, :user_id, :category_id, :name, :serial, :specs, :status, :donatable, :picture, :picture_file_name, :picture_content_type, :picture_file_size, :picture_updated_at, :notes, :estimated_value, :disposed_at
+  attr_accessible :supercategory, :user_id, :category_id, :name, :serial, :specs, :status, :donatable, :picture, :picture_file_name, :picture_content_type, :picture_file_size, :picture_updated_at, :notes, :estimated_value, :disposed_at, :modified_by

  belongs_to :owner, :class_name => "ToolshareUser" #TODO: remove owner
  belongs_to :user