mirror/growstuff
1
0
Fork 0
mirror of https://github.com/Growstuff/growstuff.git synced 2026-01-18 14:27:49 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
c2ef94de8a60a1f3e9c30ebd63b503f2cb6c257a
growstuff/app/models/ability.rb
Miles Gould 0db5826898 Remove unused methods on authentications.
2013-04-09 17:26:47 +01:00

71 lines
2.2 KiB
Ruby
Raw Blame History

class Ability
include CanCan::Ability
def initialize(member)
# See the wiki for details: https://github.com/ryanb/cancan/wiki/Defining-Abilities
# everyone can do these things, even non-logged in
can :read, :all
cannot :read, Notification
cannot :create, Notification
cannot :read, Authentication
# nobody should be able to view this except admins
cannot :read, Role
if member
if member.has_role? :admin
# admin user roles (for authorization)
can :read, Role
can :manage, Role
# for now, only admins can create/edit forums
can :manage, Forum
end
# managing your own user settings
can :update, Member, :id => member.id
# can read/delete notifications that were sent to them
can :read, Notification, :recipient_id => member.id
can :destroy, Notification, :recipient_id => member.id
# can send a private message to anyone but themselves
# note: sadly, we can't test for this from the view, but it works
# for the model/controller
can :create, Notification do |n|
n.recipient_id != member.id
end
# note we don't support update for notifications
# only crop wranglers can create/edit/destroy crops
if member.has_role? :crop_wrangler
can :manage, Crop
can :manage, ScientificName
end
# can create & destroy their own authentications against other sites.
can :create, Authentication
can :destroy, Authentication, :member_id => member.id
# anyone can create a post, or comment on a post,
# but only the author can edit/destroy it.
can :create, Post
can :update, Post, :author_id => member.id
can :destroy, Post, :author_id => member.id
can :create, Comment
can :update, Comment, :author_id => member.id
can :destroy, Comment, :author_id => member.id
# same deal for gardens and plantings
can :create, Garden
can :update, Garden, :owner_id => member.id
can :destroy, Garden, :owner_id => member.id
can :create, Planting
can :update, Planting, :garden => { :owner_id => member.id }
can :destroy, Planting, :garden => { :owner_id => member.id }
end
end
end
Reference in New Issue View Git Blame Copy Permalink