First cut of a set of permissions

2026-03-27 03:02:43 -04:00 · 2013-02-01 10:41:38 +11:00
parent ea8f30bd8d
commit f25729ce3b
1 changed files with 43 additions and 0 deletions
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -0,0 +1,43 @@
+class Ability
+  include CanCan::Ability
+
+  def initialize(member)
+    # See the wiki for details: https://github.com/ryanb/cancan/wiki/Defining-Abilities
+    member ||= Member.new # guest member (not logged in)
+
+    # everyone can do these things, even non-logged in
+    can :read, :all
+
+    if member.logged_in?
+
+      # managing your own user settings
+      can :update, Member, :id => member.id
+
+      # for now, anyone can create/edit/destroy crops
+      # (later, we probably want to limit this to a role)
+      can :create, Crop
+      can :update, Crop
+      can :destroy, Crop
+      can :create, ScientificName
+      can :update, ScientificName
+      can :destroy, ScientificName
+
+      # anyone can create a post, but only the author can edit/destroy
+      # it.
+      can :create, Post
+      can :update, Post, :author_id => member.id
+      can :destroy, Post, :author_id => member.id
+
+      # same deal for gardens and plantings
+      can :create, Garden
+      can :update, Garden, :owner_id => member.id
+      can :destroy, Garden, :owner_id => member.id
+
+      can :create, Planting
+      can :update, Planting, :garden => { :owner_id => member.id }
+      can :destroy, Planting, :garden => { :owner_id => member.id }
+
+    end
+
+  end
+end