Permalink
Browse files

user division access

  • Loading branch information...
1 parent 8a51f2b commit b3e3c51097c603408e49d83bcb3d0fea26389654 @laironald laironald committed Mar 20, 2012
@@ -5,29 +5,32 @@ class ProposalsController < ApplicationController
# GET /proposals
# GET /proposals.json
def index
- if current_user.role? :auditor
- user = current_user
- elsif params[:user]
- user = params[:user]
- @user = User.find(params[:user])
- end
- if user
- @proposals = Proposal.all(:include => :users, :conditions => ["users.id = ?", user])
- else
- @proposals = Proposal.all
+ if can? :create, User
+ # like accessible_by -- show only proposals we have access to
+ @proposal = Proposal.all.select { |prop| can? :manage, prop }
+ else
+ # This one is weird... improve it
+ @proposal = Proposal.all :include => :users, :conditions => ["users.id = ?", current_user]
end
respond_to do |format|
- format.html # index.html.erb
- format.json { render json: @proposals.to_json(:include => [:users]) }
+ format.html
+ format.json { render json: @proposal.to_json(:include => [:users]) }
end
end
+ #create a new route for this. No reason to get it all coupled together w/ above
+ def user
+ @user = User.find_by_id params[:user]
+ @proposal = Proposal.all :include => :users, :conditions => ["users.id = ?", @user.id ]
+ authorize! :assign, @user
+ render "index"
+ end
+
# GET /proposals/1
# GET /proposals/1.json
def show
@proposal = Proposal.find(params[:id])
-
respond_to do |format|
format.html # show.html.erb
format.json { render json: @proposal.to_json(:include => [:users]) }
@@ -1,15 +1,16 @@
class UsersController < ApplicationController
if User.all.length > 0
before_filter :authenticate_user!
- load_and_authorize_resource
end
+ load_and_authorize_resource
# GET /users
# GET /users.xml
# GET /users.json HTML and AJAX
#-----------------------------------------------------------------------
def index
@users = User.accessible_by(current_ability, :index)
+ #@users = User.all
respond_to do |format|
format.json { render :json => @users }
format.html
@@ -31,7 +32,7 @@ def new
respond_to do |format|
format.json { render :json => @user }
format.xml { render :xml => @user }
- format.html { render "base" }
+ format.html { render "base" }
end
end
@@ -59,6 +60,7 @@ def show
def edit
@title = "Edit User"
@action = "Update"
+ #@user = User.find_by_id(params[:id])
respond_to do |format|
format.json { render :json => @user }
format.xml { render :xml => @user }
@@ -74,12 +76,15 @@ def edit
# DELETE /users/1.json HTML AND AJAX
#-------------------------------------------------------------------
def destroy
- @user.destroy!
+ @user.destroy
respond_to do |format|
format.json { respond_to_destroy(:ajax) }
format.xml { head :ok }
- format.html { respond_to_destroy(:html) }
+ format.html {
+ flash[:notice] = "User deleted"
+ redirect_to :action => :index
+ }
end
rescue ActiveRecord::RecordNotFound
View
@@ -5,11 +5,27 @@ def initialize(user)
user ||= User.new # guest user
if user.role? :su
- can :manage, User
+ can :manage, :all
elsif user.role? :admin
can :manage, :all
+ cannot :manage, :assignDivisionCan
+ cannot :manage, User
+ cannot :manage, Proposal
+ can :manage, User, :division => user.division
+ can :manage, Proposal do |proposal|
+ @found = false
+ proposal.users.each do |u|
+ @found ||= (u.division == user.division)
+ end
+ @found
+ end
else
cannot :manage, User
+ cannot :manage, :assignRoleCan
+ cannot :manage, :assignDivisionCan
+ can :read
+
+ # haven't really looked into the stuff below
if user.role? :auditor
can :read, Proposal do |proposal|
@found = false
View
@@ -1,13 +1,13 @@
class User < ActiveRecord::Base
- ROLES = ['su', 'admin','auditor','internal']
+ ROLES = %w(su admin internal auditor)
# Include default devise modules. Others available are:
# :token_authenticatable, :encryptable, :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
# Setup accessible (or protected) attributes for your model
- attr_accessible :name, :email, :username, :password, :password_confirmation, :remember_me, :role
+ attr_accessible :name, :email, :username, :password, :password_confirmation, :remember_me, :role, :division
#validations
validates :username, :uniqueness => true
@@ -1,4 +1,4 @@
-<p>Welcome <%= @resource.email %>!</p>
+<p>Welcome <%= @resource.name %> (<%= @resource.username %>)!</p>
<p>You can confirm your account email through the link below:</p>
@@ -40,11 +40,11 @@
%ul.nav
%li= link_to "Home", pages_home_path
- if user_signed_in?
- - if current_user.role?(:admin) or current_user.role?(:su)
+ - if can? :create, User
%li= link_to "All Users", users_path
%li= link_to "Add User", new_user_path
%li= link_to "Loaded Proposals", proposals_path
- - elsif current_user.role?(:auditor)
+ - else
%li= link_to "Dashboard", proposals_path
%ul.nav.pull-right
- if user_signed_in?
@@ -1,4 +1,4 @@
-<% if current_user.role?(:admin) or current_user.role?(:su) %>
+<% if can? :create, User %>
<% if !@user.nil? %>
<div class="page-header">
<h1>Manage Assigned Proposals <small>for <%= @user.name %></small></h1>
@@ -1,6 +1,6 @@
<p id="notice"><%= notice %></p>
-<% if current_user.role?(:admin) or current_user.role?(:su) %>
+<% if can? :create, User %>
<div class="alert well">
<div>
<b>Assigned to:</b>
@@ -22,7 +22,7 @@
<td>{{lastviewed}}</td>
<td>{{panels}}</td>
<td>
-<% if current_user.role?(:admin) or current_user.role?(:su) %>
+<% if can? :create, User %>
<% if @user.nil? %>
<strong>Assigned to: </strong> {{users}}<br /><br />
<a href="#" id="proposals_refresh_{{id}}">Refresh</a><br />
@@ -1,40 +0,0 @@
-<div class="page-header">
- <h1>All Users</h1>
-</div>
-<table class="table table-striped table-bordered table-condensed">
- <thead>
- <tr>
- <th>Name</th>
- <th>Email</th>
- <th>Role</th>
- <th>Created</th>
- <th>Last Logged In</th>
- <th>Login Count</th>
- <th>Assigned Proposals</th>
- <th>Actions</th>
- </tr>
- </thead>
- <tbody>
-<% @users.each do |user| %>
- <tr>
- <td><%= user.name %></td>
- <td><%= user.email %></td>
- <td><%= user.role %></td>
- <td><%= user.created_at %></td>
- <td><%= user.last_sign_in_at %></td>
- <td><%= user.sign_in_count %></td>
- <td>
- <% if user.role?(:auditor) %>
- <%= user.proposals.size %><br /><%= link_to 'Change', "proposals/?user=#{user.id}" %>
- <% else %>
- N/A
- <% end %>
- </td>
- <td>
- <%= link_to 'Edit', edit_user_path(user) %>
- <%= link_to 'Delete', user, :method => :delete, :confirm => 'Sure?', :title => "Delete #{user.name}" unless current_user == user %>
- </td>
- </tr>
-<% end %>
- </tbody>
-</table>
View
@@ -4,9 +4,10 @@
end
get "pages/home"
-
get "pages/contact"
+ match "proposals/user/:user" => 'proposals#user', :as => 'proposal_user'
+
devise_for :users, :controllers => { :registrations => 'users' }
resources :users
View
@@ -11,7 +11,7 @@
#
# It's strongly recommended to check this file into your version control system.
-ActiveRecord::Schema.define(:version => 20120301195980) do
+ActiveRecord::Schema.define(:version => 20120319202324) do
create_table "associations", :id => false, :force => true do |t|
t.integer "user_id"
@@ -50,6 +50,7 @@
t.string "last_sign_in_ip"
t.datetime "created_at"
t.datetime "updated_at"
+ t.string "division"
end
add_index "users", ["reset_password_token"], :name => "index_users_on_reset_password_token", :unique => true

0 comments on commit b3e3c51

Please sign in to comment.