Permalink
Browse files

Added CanCan authorization via roles. Updated views to support permis…

…sions. Still more work to do in this area.
  • Loading branch information...
1 parent 0a97739 commit 378ec902298ff4cd011b6111dd2e58382e002ad5 @quattro004 committed Jan 30, 2011
View
@@ -8,6 +8,7 @@ gem 'rails', '3.0.3'
gem 'mysql'
gem 'rmagick'
gem 'devise'
+gem 'cancan'
# Use unicorn as the web server
# gem 'unicorn'
View
@@ -7,4 +7,4 @@ require 'rake'
require 'rake/testtask'
require 'rake/rdoctask'
-Rails::Application.load_tasks
+Recipieces::Application.load_tasks
@@ -1,4 +1,9 @@
class ApplicationController < ActionController::Base
protect_from_forgery
layout 'application'
+
+# rescue_from CanCan::AccessDenied do |exception|
+# flash[:error] = exception.message
+# redirect_to root_url
+# end
end
@@ -1,36 +1,32 @@
# Responsible for grouping recipes to aid in such things as searches.
class CategoriesController < ApplicationController
respond_to :html, :xml, :json
+ load_and_authorize_resource
def index
@categories = Category.all
respond_with(@categories)
end
def new
- @category = Category.new
respond_with(@category)
end
def edit
- @category = Category.find(params[:id])
respond_with(@category)
end
def create
- @category = Category.new(params[:category])
flash[:notice] = 'Category was successfully created.' if @category.save
respond_with(@category, :location => categories_url)
end
def update
- @category = Category.find(params[:id])
flash[:notice] = 'Category was successfully updated.' if @category.update_attributes(params[:category])
respond_with(@category, :location => categories_url)
end
def destroy
- @category = Category.find(params[:id])
@category.destroy
flash[:notice] = 'Successfully destroyed category.'
respond_with(@category)
@@ -4,44 +4,39 @@ class RecipesController < ApplicationController
attr_reader :all_categories
before_filter :get_all_categories # Only get the list of categories once.
attr_reader :current_category
+ load_and_authorize_resource
def index
- @recipes = Recipe.all
+ @recipes = Recipe.public
respond_with(@recipes)
end
def show
- @recipe = Recipe.find(params[:id])
get_current_category
respond_with(@recipe)
end
def new
- @recipe = Recipe.new
setup_defaults
respond_with(@recipe)
end
def edit
- @recipe = Recipe.find(params[:id])
respond_with(@recipe)
end
def create
# TODO: Update recipe's author with current signed on user
- @recipe = Recipe.new(params[:recipe])
flash[:notice] = 'Recipe was successfully created.' if @recipe.save
respond_with(@recipe)
end
def update
- @recipe = Recipe.find(params[:id])
flash[:notice] = 'Recipe was successfully updated.' if @recipe.update_attributes(params[:recipe])
respond_with(@recipe)
end
def destroy
- @recipe = Recipe.find(params[:id])
@recipe.destroy
flash[:notice] = 'Successfully destroyed recipe.'
respond_with(@recipe)
@@ -62,5 +57,6 @@ def setup_defaults
@recipe.picture.build
@recipe.cook_time_in_minutes = 0
@recipe.prep_time_in_minutes = 0
+ @recipe.is_public = true
end
end
View
@@ -9,10 +9,11 @@ class Recipe < ActiveRecord::Base
validates_presence_of :title
validates_presence_of :instructions
- validates_numericality_of :prep_time_in_minutes, :greater_than_or_equal_to => 1
validates_numericality_of :cook_time_in_minutes, :greater_than_or_equal_to => 1
validate :number_of_pictures?
+ scope :public, where("is_public = ?", true)
+
private
def number_of_pictures?
@@ -2,5 +2,7 @@
<%= link_to image_tag('recipieces.png', :border => 0) %>
<br/><br/>
<li><%= link_to 'Recipes', recipes_path %> </li>
- <li><%= link_to 'Categories', categories_path %> </li>
+ <% if can? :manage, :category %>
+ <li><%= link_to 'Categories', categories_path %> </li>
+ <% end %>
</ul>
@@ -70,8 +70,10 @@
<th align="left">
<%= f.label 'Cook' %>
</th>
- <th>Public</th>
- <th>Secret</th>
+ <% if can? :update, @recipe %>
+ <th>Public</th>
+ <th>Secret</th>
+ <% end %>
</tr>
<tr>
<td>
@@ -80,12 +82,14 @@
<td>
<%= f.text_field :cook_time_in_minutes, :size => 2 %>min.
</td>
- <td align="center">
- <%= f.check_box :is_public %>
- </td>
- <td align="center">
- <%= f.check_box :is_secret %>
- </td>
+ <% if can? :update, @recipe %>
+ <td align="center">
+ <%= f.check_box :is_public %>
+ </td>
+ <td align="center">
+ <%= f.check_box :is_secret %>
+ </td>
+ <% end %>
</tr>
</table>
</div>
@@ -19,8 +19,12 @@
<td><%= recipe.comment %></td>
<td><%= recipe.keywords %></td>
<td><%= link_to 'Show', recipe %></td>
- <td><%= link_to 'Edit', edit_recipe_path(recipe) %></td>
- <td><%= link_to 'Destroy', recipe, :confirm => 'Are you sure?', :method => :delete %></td>
+ <% if can? :edit, recipe %>
+ <td><%= link_to 'Edit', edit_recipe_path(recipe) %></td>
+ <% end %>
+ <% if can? :destroy, recipe %>
+ <td><%= link_to 'Destroy', recipe, :confirm => 'Are you sure?', :method => :delete %></td>
+ <% end %>
</tr>
<% end %>
</table>
@@ -79,7 +79,9 @@
</p>
<br/>
- <%= link_to 'Edit', edit_recipe_path(@recipe) %> |
+ <% if can? :update, @recipe %>
+ <%= link_to 'Edit', edit_recipe_path(@recipe) %> |
+ <% end %>
<%= link_to 'Recipes', recipes_path %> |
<%= link_to 'Home', root_path %>
</div>
@@ -2,14 +2,15 @@ class CreateRecipes < ActiveRecord::Migration
def self.up
create_table :recipes do |t|
t.string :title, :limit => 75
+ # TODO: change this into author_id and add association, a user has many recipes
t.string :author, :limit => 50
t.text :comment, :limit => 260
t.integer :category_id
t.text :instructions
t.string :keywords, :limit => 260
t.integer :prep_time_in_minutes
t.integer :cook_time_in_minutes
- t.boolean :is_public
+ t.boolean :is_public, :default => true
t.boolean :is_secret
t.string :yield, :limit => 75
t.string :original_source, :limit => 75
View
@@ -10,7 +10,7 @@
#
# It's strongly recommended to check this file into your version control system.
-ActiveRecord::Schema.define(:version => 20110123173959) do
+ActiveRecord::Schema.define(:version => 20110126130042) do
create_table "categories", :force => true do |t|
t.string "name"
@@ -52,7 +52,7 @@
t.string "keywords", :limit => 260
t.integer "prep_time_in_minutes"
t.integer "cook_time_in_minutes"
- t.boolean "is_public"
+ t.boolean "is_public", :default => true
t.boolean "is_secret"
t.string "yield", :limit => 75
t.string "original_source", :limit => 75
@@ -77,6 +77,7 @@
t.datetime "created_at"
t.datetime "updated_at"
t.string "name"
+ t.string "role"
end
add_index "users", ["email"], :name => "index_users_on_email", :unique => true

0 comments on commit 378ec90

Please sign in to comment.