-
Notifications
You must be signed in to change notification settings - Fork 140
Rearrange, not change the abilities in Ability #997
Changes from 2 commits
d00277c
27ead4d
e1b56f1
6b4664e
bfaeb99
f6da595
b172a3f
ec3c037
f84460e
dad17d8
ff1e8ba
975877f
1e5db7d
cabcae9
6e7d601
9a0f39b
e765a2b
9d685da
419bdf7
cb126b9
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,4 @@ | ||
# frozen_string_literal: true | ||
# See the wiki for details: | ||
# https://github.com/ryanb/cancan/wiki/Defining-Abilities | ||
|
||
class Ability | ||
include CanCan::Ability | ||
|
@@ -10,18 +8,50 @@ def initialize(user) | |
|
||
alias_action :create, :read, :update, :destroy, to: :crud | ||
|
||
# unconfirmed user | ||
can :read, User | ||
can :update, User, id: user.id | ||
can :resend_confirmation_instruction, User, id: user.id | ||
can :read_email, User, hide_email: false # view helper | ||
can :read, Team | ||
can :read, Project | ||
can :read, :feed_entry | ||
|
||
# confirmed user | ||
can :crud, User, id: user.id | ||
can :crud, User if user.admin? | ||
can :resend_confirmation_instruction, User, id: user.id | ||
can :resend_confirmation_instruction, User if user.admin? | ||
can :read, :mailing if signed_in?(user) | ||
can :read, Mailing do |mailing| | ||
mailing.recipient? user | ||
end | ||
can :create, Project if user.confirmed? | ||
|
||
# current_student | ||
can :crud, Conference if user.current_student? | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Would we need to add I like this organization - it seems clearer to me. Mixing "confirmed" and "unconfirmed" with user roles seems a bit odd to me, though. Update: ok, things make a bit more sense after I read the "Give permissions, don't take them away" link you posted. Doing things like There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. |
||
|
||
# visibility of email address in user profile | ||
can :read_email, User, id: user.id if !user.hide_email? | ||
can :read_email, User if user.admin? | ||
# supervisor | ||
can :read, :users_info if user.supervisor? | ||
can :read_email, User do |other_user| | ||
user.confirmed? && (supervises?(other_user, user) || !other_user.hide_email?) | ||
end | ||
|
||
# project submitter | ||
can :crud, Project, submitter_id: user.id if user.confirmed? | ||
can :use_as_template, Project do |project| | ||
user == project.submitter && !project.season&.current? | ||
end | ||
|
||
# admin | ||
if user.admin? | ||
can :manage, :all | ||
can :read_email, User if user.admin? # even when user marked email hidden # view helper | ||
# add cannot's only; after this line | ||
cannot :create, User # this only happens through GitHub | ||
end | ||
|
||
################# OLD FILE, # = moved to or rewritten above ############ | ||
# NOT everything moved yet # | ||
|
||
can :crud, Team do |team| | ||
user.admin? || signed_in?(user) && team.new_record? || on_team?(user, team) | ||
end | ||
|
@@ -62,35 +92,9 @@ def initialize(user) | |
user.admin? || (preference.team.students.include? user) | ||
end | ||
|
||
can :crud, Conference if user.admin? || user.current_student? | ||
|
||
# todo add mailing controller and view for users in their namespace, where applicable | ||
can :read, Mailing do |mailing| | ||
mailing.recipient? user | ||
end | ||
|
||
can :crud, :comments if user.admin? | ||
can :read, :users_info if user.admin? || user.supervisor? | ||
|
||
# projects | ||
can :crud, Project do |project| | ||
user.admin? || | ||
(user.confirmed? && user == project.submitter) | ||
end | ||
can :use_as_template, Project do |project| | ||
user == project.submitter && !project.season&.current? | ||
end | ||
|
||
can :create, Project if user.confirmed? | ||
cannot :create, Project if !user.confirmed? | ||
|
||
# activities | ||
can :read, :feed_entry | ||
can :read, :mailing if signed_in?(user) | ||
|
||
# applications | ||
can :create, :application_draft if user.student? && user.application_drafts.in_current_season.none? | ||
end | ||
end # initializer | ||
|
||
def signed_in?(user) | ||
user.persisted? | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
First off: forgive my questions, I'm not familiar with CanCan - I'm always using Pundit...
What does this syntax here mean?
:feed_entry
is a symbol, not a class / model... ❓There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I <3 your questions.
It is an :kind of an Activity, and used in lib/feed/item. I left it in here for now, because I am not changing abilities until they are thoroughly tested 😇