mirror/growstuff
1
0
Fork 0
mirror of https://github.com/Growstuff/growstuff.git synced 2026-01-30 20:20:59 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
2f5de1f98e3791870561663dfb4daff2e46a48fc
growstuff/app/models/ability.rb
Brenda Wallace f9d4e1d6ae Ancestry of food. Seeds -> Planting -> Seeds -> Planting (#1550) 
* Add seed ancestry, and seeds.finished_at
* Plantings and seeds produce each other
* Permissions for seeds actions
* View update, for seed actions, and planting ancestry
* Routes for seeds
* Scopes for harvests
* Spec updates for seeds
* Removed in-line style
* Add seed ancestry, and seeds.finished_at
* Plantings and seeds produce each other
* Permissions for seeds actions
* View update, for seed actions, and planting ancestry
* Routes for seeds
* Scopes for harvests
* Spec updates for seeds
* Moved finishable to a concern
* Seeds.finished_at
* rubocop fixes
* Made seeds sown migration the most recent
* Specs for home page
* Only show current seeds on home page
* Seeds appear for logged in or not
* Buttons to mark seeds finished
* JS for marking seeds finished
* Some actions only appear if seed or planting is active
* Fixed up display of home page
* Fixed typo in admin members#index
* Tidying up actions on all the things
* Harvest description in #index
* Truncate garden description if long
* Updated link label in view spec
* Show planted_from always, becuase it might be a parent seed
* find correct link in spec adding photos to garden
* fixed spec finding link to edit garden
* Better harvest description truncation
* Helping spec find the edit button
* specs for the home page
* Re-instate crops js, but in the correct file now
* Fixed link to garden in actions
* Tweaking mobile view
2018-03-12 08:39:32 +13:00

142 lines
4.7 KiB
Ruby
Raw Blame History

class Ability
include CanCan::Ability
def initialize(member)
anon_abilities(member)
member_abilities(member) if member.present?
admin_abilities(member) if member.present? && member.role?(:admin)
end
def anon_abilities(_member)
# See the wiki for details: https://github.com/ryanb/cancan/wiki/Defining-Abilities
# everyone can do these things, even non-logged in
can :read, :all
can :view_follows, Member
can :view_followers, Member
# Everyone can see the charts
can :timeline, Garden
can :sunniness, Crop
can :planted_from, Crop
can :harvested_for, Crop
# except these, which don't make sense if you're not logged in
cannot :read, Notification
cannot :read, Authentication
# and nobody should be able to view this except admins
cannot :read, Role
# nobody should be able to view unapproved crops unless they
# are wranglers or admins
cannot :read, Crop
can :read, Crop, approval_status: "approved"
# scientific names should only be viewable if associated crop is approved
cannot :read, ScientificName
can :read, ScientificName do |sn|
sn.crop.approved?
end
# ... same for alternate names
cannot :read, AlternateName
can :read, AlternateName do |an|
an.crop.approved?
end
end
def member_abilities(member) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
return unless member
# members can see even rejected or pending crops if they requested it
can :read, Crop, requester_id: member.id
can :requested, Crop # see list of crops they've requested
# managing your own user settings
can :update, Member, id: member.id
# can read/delete notifications that were sent to them
can :read, Notification, recipient_id: member.id
can :destroy, Notification, recipient_id: member.id
can :reply, Notification, recipient_id: member.id
# can send a private message to anyone but themselves
# note: sadly, we can't test for this from the view, but it works
# for the model/controller
can :create, Notification do |n|
n.recipient_id != member.id
end
# note we don't support update for notifications
# only crop wranglers can create/edit/destroy crops
if member.role? :crop_wrangler
can :wrangle, Crop
can :manage, Crop
can :manage, ScientificName
can :manage, AlternateName
end
# any member can create a crop provisionally
can :create, Crop
# can create & destroy their own authentications against other sites.
can :create, Authentication
can :destroy, Authentication, member_id: member.id
# anyone can create a post, like, or comment on a post,
# but only the author can edit/destroy it.
can :create, Post
can :update, Post, author_id: member.id
can :destroy, Post, author_id: member.id
can :create, Like
can :destroy, Like, member_id: member.id
can :create, Comment
can :update, Comment, author_id: member.id
can :destroy, Comment, author_id: member.id
# same deal for gardens and plantings
can :create, Garden
can :update, Garden, owner_id: member.id
can :destroy, Garden, owner_id: member.id
can :create, Planting
can :update, Planting, garden: { owner_id: member.id }, crop: { approval_status: 'approved' }
can :destroy, Planting, garden: { owner_id: member.id }, crop: { approval_status: 'approved' }
can :create, Harvest
can :update, Harvest, owner_id: member.id
can :destroy, Harvest, owner_id: member.id
can :update, Harvest, owner_id: member.id, planting: { owner_id: member.id }
can :destroy, Harvest, owner_id: member.id, planting: { owner_id: member.id }
can :create, Photo
can :update, Photo, owner_id: member.id
can :destroy, Photo, owner_id: member.id
can :create, Seed
can :update, Seed, owner_id: member.id
can :destroy, Seed, owner_id: member.id
can :create, Seed, owner_id: member.id, parent_planting: { owner_id: member.id }
can :update, Seed, owner_id: member.id, parent_planting: { owner_id: member.id }
can :destroy, Seed, owner_id: member.id, parent_planting: { owner_id: member.id }
# following/unfollowing permissions
can :create, Follow
cannot :create, Follow, followed_id: member.id # can't follow yourself
can :destroy, Follow
cannot :destroy, Follow, followed_id: member.id # can't unfollow yourself
end
def admin_abilities(member)
return unless member.role? :admin
can :read, :all
can :manage, :all
# can't delete plant parts if they have harvests associated with them
cannot :destroy, PlantPart
can :destroy, PlantPart do |pp|
pp.harvests.empty?
end
end
end
Reference in New Issue View Git Blame Copy Permalink