Allowing people to view/edit

This commit is contained in:
Will Bradley 2014-02-09 05:13:35 -07:00
parent 2c4cd4a020
commit ee7e79a433
7 changed files with 20 additions and 11 deletions

View File

@ -12,6 +12,7 @@ class ResourcesController < ApplicationController
end end
def create def create
@resource.modified_by = current_user.id # log who modified this last
authorize! :create, @resource authorize! :create, @resource
respond_to do |format| respond_to do |format|
@ -26,6 +27,7 @@ class ResourcesController < ApplicationController
end end
def update def update
@resource.modified_by = current_user.id # log who modified this last
@resource.assign_attributes(params[:resource]) @resource.assign_attributes(params[:resource])
authorize! :update, @resource authorize! :update, @resource
@ -50,7 +52,7 @@ class ResourcesController < ApplicationController
end end
def load_users def load_users
if can? :manage, Resource then if can? :assign_user, Resource then
@users = User.accessible_by(current_ability).sort_by(&:name) @users = User.accessible_by(current_ability).sort_by(&:name)
else else
@users = [current_user] @users = [current_user]

View File

@ -14,8 +14,8 @@ class Ability
can :read_details, Mac can :read_details, Mac
can [:update], Mac, :user_id => nil can [:update], Mac, :user_id => nil
can [:create,:update], Mac, :user_id => user.id can [:create,:update], Mac, :user_id => user.id
can [:create,:update,:destroy], Resource, :user_id => user.id
can :read, Payment, :user_id => user.id can :read, Payment, :user_id => user.id
can [:create,:update], Resource, :user_id => user.id
can :read, UserCertification, :user_id => user.id can :read, UserCertification, :user_id => user.id
can :read, User, :id => user.id #TODO: why can users update themselves? Maybe because Devise doesn't check users/edit? can :read, User, :id => user.id #TODO: why can users update themselves? Maybe because Devise doesn't check users/edit?
can :compose_email, User can :compose_email, User
@ -36,6 +36,7 @@ class Ability
unless user.orientation.blank? unless user.orientation.blank?
can [:read,:new_member_report,:activity], User, :hidden => [nil,false] can [:read,:new_member_report,:activity], User, :hidden => [nil,false]
can :read, UserCertification can :read, UserCertification
can [:create,:update,:destroy], Resource, :user_id => [nil,user.id]
end end
# Accountants can manage payments # Accountants can manage payments

View File

@ -1,5 +1,5 @@
class Resource < ActiveRecord::Base class Resource < ActiveRecord::Base
attr_accessible :supercategory, :user_id, :category_id, :name, :serial, :specs, :status, :donatable, :picture, :picture_file_name, :picture_content_type, :picture_file_size, :picture_updated_at, :notes, :estimated_value, :disposed_at attr_accessible :supercategory, :user_id, :category_id, :name, :serial, :specs, :status, :donatable, :picture, :picture_file_name, :picture_content_type, :picture_file_size, :picture_updated_at, :notes, :estimated_value, :disposed_at, :modified_by
belongs_to :owner, :class_name => "ToolshareUser" #TODO: remove owner belongs_to :owner, :class_name => "ToolshareUser" #TODO: remove owner
belongs_to :user belongs_to :user

View File

@ -1,12 +1,12 @@
<div class="col-sm-2"> <div class="col-sm-2">
<div class="thumbnail"> <div class="thumbnail">
<% if resource.user %>
<span class="ownership">Owned by:<br/><%= resource.user.name %></span>
<% end %>
<% if resource.disposed_at %>
<span class="disposed">Disposed:<br/><%= resource.disposed_at.to_date %></span>
<% end %>
<%= link_to(resource) do %> <%= link_to(resource) do %>
<% if resource.user %>
<span class="ownership">Owned by:<br/><%= resource.user.name %></span>
<% end %>
<% if resource.disposed_at %>
<span class="disposed">Disposed:<br/><%= resource.disposed_at.to_date %></span>
<% end %>
<%= image_tag(resource.picture.url(:thumb)) if resource.picture? %> <%= image_tag(resource.picture.url(:thumb)) if resource.picture? %>
<h4><%=h resource.name %></h4> <h4><%=h resource.name %></h4>
<% end %> <% end %>

View File

@ -2,7 +2,7 @@
<h2><%=h @resource.name %> <h2><%=h @resource.name %>
<%= link_to 'Back', resources_path, class: "btn btn-default" %> <%= link_to 'Back', resources_path, class: "btn btn-default" %>
<%= link_to 'Edit', edit_resource_path(@resource), class: "btn btn-primary" %> <%= link_to 'Edit', edit_resource_path(@resource), class: "btn btn-primary" if can? :edit, @resource %>
</h2> </h2>
<% if @resource.user || @resource.owner %> <% if @resource.user || @resource.owner %>
<p> <p>

View File

@ -0,0 +1,5 @@
class AddModifiedByToResources < ActiveRecord::Migration
def change
add_column :resources, :modified_by, :integer
end
end

View File

@ -11,7 +11,7 @@
# #
# It's strongly recommended to check this file into your version control system. # It's strongly recommended to check this file into your version control system.
ActiveRecord::Schema.define(:version => 20140209104356) do ActiveRecord::Schema.define(:version => 20140209120648) do
create_table "cards", :force => true do |t| create_table "cards", :force => true do |t|
t.string "card_number" t.string "card_number"
@ -142,6 +142,7 @@ ActiveRecord::Schema.define(:version => 20140209104356) do
t.string "estimated_value" t.string "estimated_value"
t.integer "user_id" t.integer "user_id"
t.datetime "disposed_at" t.datetime "disposed_at"
t.integer "modified_by"
end end
create_table "settings", :force => true do |t| create_table "settings", :force => true do |t|