small ACL fixes for data entry opertors

added proper return url in form. enabled searches for data entry operator can now do bulk creation of clients
Mostfit · Feb 10, 2012 · e8a5958 · e8a5958
1 parent b2a4d52
commit e8a5958
Show file tree

Hide file tree

Showing 5 changed files with 13 additions and 4 deletions.
diff --git a/app/controllers/centers.rb b/app/controllers/centers.rb
@@ -101,6 +101,7 @@ def create(center)
       @center.branch = @branch  # set direct context
     end
     if @center.save
+      debugger
       @center_meeting_day.center_id = @center.id
       @center_meeting_day.save
       if params[:format] and API_SUPPORT_FORMAT.include?(params[:format])

diff --git a/app/controllers/clients.rb b/app/controllers/clients.rb
@@ -233,7 +233,8 @@ def bulk_entry
       if params[:clients].keys.length > 0 # there are some errors
         render # errors will be shown
       else
-        redirect resource(@center), :message => {:notice => "all clients succesfully added"}
+        return_to = session.user.role == :data_entry ? url(:data_entry) : resource(@center)
+        redirect return_to, :message => {:notice => "all clients succesfully added"}
       end
     end
   end

diff --git a/app/views/centers/_fields.html.haml b/app/views/centers/_fields.html.haml
@@ -1,3 +1,5 @@
+- if session.user.role == :data_entry
+  = hidden_field :name => "return", :value => "/data_entry"
 %table{:style => "width: 80%"}
   %tr
     %td

diff --git a/config/misfit.rb b/config/misfit.rb
@@ -35,7 +35,7 @@ def controllers_from_models(role)
       :admin => all_models,
       :mis_manager => all_models_except([:user, :admin]),
       :data_entry => {
-        :all => [:client, :loan, :payment, :document, :client_group, :group, :insurance_company, :insurance_policy, :cgt, :grt, :staff_member],
+        :all => [:client, :loan, :payment, :document, :client_group, :group, :insurance_company, :insurance_policy, :cgt, :grt, :staff_member, :center],
       },
       :staff_member => {
         :all => [:center, :client, :loan, :payment, :document, :client_group, :group, :comment, :insurance_company, :staff_member, :location, :branch_diary, :stock_register, :asset_register]

diff --git a/lib/extensions.rb b/lib/extensions.rb
@@ -111,7 +111,8 @@ def allow_read_only
         return rights_from_access_rules
       end
 
-      def _can_access?(route, params = nil)       
+      def _can_access?(route, params = nil)     
+        # boy, we really do need a new ACL!!
         user_role = self.role
         return true  if user_role == :admin
         return false if route[:controller] == "journals" and route[:action] == "edit"
@@ -144,6 +145,7 @@ def _can_access?(route, params = nil)
           return(is_funder? and allow_read_only)
         end
 
+
         @staff ||= self.staff_member
         return true if @action == "redirect_to_show"
         if @controller=="documents" and CUD_Actions.include?(@action)
@@ -155,7 +157,10 @@ def _can_access?(route, params = nil)
         end
 
         if role == :data_entry 
-          return ["new", "edit", "create", "update"].include?(@action) if ["clients", "loans", "client_groups"].include?(@controller)
+          return true if @controller == "searches"
+          return ["new", "edit", "create", "update", "bulk_entry"].include?(@action) if ["clients", "loans", "client_groups", "centers", "data_entry/centers"].include?(@controller)
+          return ["centers"].include?(@action) if ["branches"].include?(@controller) # this is so data entry can get a list of centers on bulk add clients page.
+
           return (@action == "disbursement_sheet" or @action == "day_sheet") if @controller == "staff_members"
         end