adding authorization/role logic to Groups#show. closes #69

app/controllers/groups_controller.rb

@@ -14,6 +14,7 @@ def index
   # GET /groups/1.xml
   def show
     @group = Group.find(params[:id])
+    @membership = Membership.where(:group_id => @group.id, :user_id => current_user.id).first
 
     respond_to do |format|
       format.html # show.html.erb
@@ -41,7 +42,7 @@ def edit
   # POST /groups.xml
   def create
     @group = Group.new(params[:group])
-    
+
     respond_to do |format|
       if @group.save
         @membership = Membership.new(:group => @group, :user => current_user, :level => Membership::LEVELS[:leader])

app/models/membership.rb

@@ -27,17 +27,22 @@ class Membership < ActiveRecord::Base
   # Scoping shortcuts for approved/pending
   scope :approved, where(":level > Membership::LEVELS[:pending]")
   scope :pending, where(:level => Membership::LEVELS[:pending])
-
+
+  # Get level name of a membership
+  def level_name
+    name = (Membership::LEVELS.respond_to?(:key) ?  Membership::LEVELS.key(level) :  Membership::LEVELS.index(level)).to_s
+  end
+
   # Test if the membership has been approved.
   def is_approved?
     level > Membership::LEVELS[:pending]
   end
-  
+
   # Test if the membership has been denied.
   def is_denied?
     level == Membership::LEVELS[:denied]
   end
-  
+
   # Test if the membership is pending.
   def is_pending?
     level == Membership::LEVELS[:pending]
@@ -57,7 +62,7 @@ def approve()
        false
      end
   end
-  
+
   # Deny a user in group
   def deny()
     if update_attributes({:level => Membership::LEVELS[:denied]})

app/views/groups/_show_body.html.erb

@@ -12,11 +12,12 @@
       <tr>
         <td><%= membership.user.name %></td>
 
-        <! add logic to limit to group leaders -->
         <td>
-          <%= form_for([@group, membership]) do |f| %>
-            <%= f.select :level, Membership::LEVELS %>
-            <%= f.submit %>
+          <% if @membership.is_leader? %>
+            <%= form_for([@group, membership]) do |f| %>
+              <%= f.select :level, Membership::LEVELS %>
+              <%= f.submit %>
+            <% end %>
           <% end %>
         </td>
       </tr>
@@ -37,62 +38,72 @@
       <tr>
         <td><%= membership.user.name %></td>
 
-        <! add logic to limit to group leaders -->
         <td>
-          <%= form_for([@group, membership]) do |f| %>
-            <%= f.select :level, Membership::LEVELS %>
-            <%= f.submit %>
+          <% if @membership.is_leader? %>
+            <%= form_for([@group, membership]) do |f| %>
+              <%= f.select :level, Membership::LEVELS %>
+              <%= f.submit %>
+            <% end %>
           <% end %>
         </td>
       </tr>
       <% end %>
 
     </table>
-
-    <b>Add Member</b>
-    <%= form_for([@group, @group.memberships.new]) do |f| %>
-      <%= f.collection_select :user_id, User.all - @group.all_users, :id, :name %>
-      <%= hidden_field_tag 'autoconfirm', true %>
-      <%= f.submit %>
+
+    <% if @membership.is_leader? %>
+      <b>Add Member</b>
+      <%= form_for([@group, @group.memberships.new]) do |f| %>
+        <%= f.collection_select :user_id, User.all - @group.all_users, :id, :name %>
+        <%= hidden_field_tag 'autoconfirm', true %>
+        <%= f.submit %>
+      <% end %>
     <% end %>
 
-    <br /><br />
+    <% if @membership.is_leader? %>
 
-    <h2>Pending Members</h2>
+      <br /><br />
 
-    <table>
-      <tr>
-  		  <th>Name</th>
-	  		<th>Actions</th>
-  		</tr>
+      <h2>Pending Members</h2>
 
-      <% @group.memberships.pending.each do |membership| %>
-      <tr>
-        <td><%= membership.user.name %></td>
+      <table>
+        <tr>
+  		    <th>Name</th>
+	  		  <th>Actions</th>
+  		  </tr>
 
-        <td>
-          <%= link_to "Approve", approve_group_membership_path(@group, membership), :confirm => 'Are you sure?', :method => :put, :class => "btn success" %> <%= link_to "Deny", deny_group_membership_path(@group, membership), :confirm => 'Are you sure?', :method => :put, :class => "btn danger" %>
-        </td>
-      </tr>
-      <% end %>
+        <% @group.memberships.pending.each do |membership| %>
+        <tr>
+          <td><%= membership.user.name %></td>
 
-    </table>
+          <td>
+            <%= link_to "Approve", approve_group_membership_path(@group, membership), :confirm => 'Are you sure?', :method => :put, :class => "btn success" %>
+            <%= link_to "Deny", deny_group_membership_path(@group, membership), :confirm => 'Are you sure?', :method => :put, :class => "btn danger" %>
+          </td>
+        </tr>
+        <% end %>
+
+      </table>
+    <% end %>
   </div>
 
 </article>
 
 <aside>
 
   <div>
-    <% if user_signed_in? & !@group.made_request?(current_user) %>
-      <%= link_to("Join Group", group_memberships_path(:group_id => @group.id, :membership => {:user_id => current_user.id}), :method => :post, :class => "btn large") %>
+    <% if @group.made_request?(current_user) %>
+      <p><b>You are currently a <%= @membership.level_name %> of this group.</b></p>
+      <% if @group.has_member?(current_user) %>
+        <%= link_to("Leave Group", group_membership_path(:group_id => @group.id, :id => @membership.id), :method => :delete, :class => "btn") %>
+        <% if @membership.is_leader? %>
+          <%= link_to 'Edit Group Details', edit_group_path(@group), :class => "btn" %>
+        <% end %>
+      <% end %>
     <% else %>
-      <p><b>You are currently a member of this group.</b></p>
+      <p><b>You are not currently in this group.</b></p>
+      <%= link_to("Join Group", group_memberships_path(:group_id => @group.id, :membership => {:user_id => current_user.id}), :method => :post, :class => "btn") %>
     <% end %>
-
-    <br />
-    <%= link_to 'Edit Group Details', edit_group_path(@group), :class => "btn" %>
-    <br /><br />
   </div>
 
 </aside>