Merge branch 'feature-cancan_authorization'
This commit is contained in:
commit
b65219eb0c
5 changed files with 26 additions and 4 deletions
2
Gemfile
2
Gemfile
|
|
@ -13,6 +13,8 @@ gem 'devise'
|
|||
gem 'omniauth'
|
||||
gem 'omniauth-kerberos'
|
||||
|
||||
gem 'cancan'
|
||||
|
||||
|
||||
# Gems used only for assets and not required
|
||||
# in production environments by default.
|
||||
|
|
|
|||
|
|
@ -47,6 +47,7 @@ GEM
|
|||
slim (~> 1.3.6)
|
||||
terminal-table (~> 1.4)
|
||||
builder (3.0.4)
|
||||
cancan (1.6.9)
|
||||
coderay (1.0.9)
|
||||
coffee-rails (3.2.2)
|
||||
coffee-script (>= 2.2.0)
|
||||
|
|
@ -187,6 +188,7 @@ DEPENDENCIES
|
|||
better_errors
|
||||
binding_of_caller
|
||||
brakeman
|
||||
cancan
|
||||
coffee-rails (~> 3.2.1)
|
||||
devise
|
||||
jquery-rails
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
class AlertsController < ApplicationController
|
||||
before_filter :authenticate_user!
|
||||
load_and_authorize_resource
|
||||
# GET /alerts
|
||||
# GET /alerts.json
|
||||
def index
|
||||
|
|
@ -13,7 +14,7 @@ class AlertsController < ApplicationController
|
|||
# GET /alerts/1
|
||||
# GET /alerts/1.json
|
||||
def show
|
||||
@alert = Alert.user_alerts(current_user.id).find(params[:id])
|
||||
@alert = Alert.find(params[:id])
|
||||
|
||||
respond_to do |format|
|
||||
format.html # show.html.erb
|
||||
|
|
@ -33,7 +34,7 @@ class AlertsController < ApplicationController
|
|||
|
||||
# GET /alerts/1/edit
|
||||
def edit
|
||||
@alert = Alert.user_alerts(current_user.id).find(params[:id])
|
||||
@alert = Alert.find(params[:id])
|
||||
end
|
||||
|
||||
# POST /alerts
|
||||
|
|
@ -54,7 +55,7 @@ class AlertsController < ApplicationController
|
|||
# PUT /alerts/1
|
||||
# PUT /alerts/1.json
|
||||
def update
|
||||
@alert = Alert.user_alerts(current_user.id).find(params[:id])
|
||||
@alert = Alert.find(params[:id])
|
||||
|
||||
respond_to do |format|
|
||||
if @alert.update_attributes(params[:alert])
|
||||
|
|
@ -68,7 +69,7 @@ class AlertsController < ApplicationController
|
|||
# DELETE /alerts/1
|
||||
# DELETE /alerts/1.json
|
||||
def destroy
|
||||
@alert = Alert.user_alerts(current_user.id).find(params[:id])
|
||||
@alert = Alert.find(params[:id])
|
||||
@alert.destroy
|
||||
|
||||
respond_to do |format|
|
||||
|
|
|
|||
|
|
@ -1,3 +1,8 @@
|
|||
class ApplicationController < ActionController::Base
|
||||
protect_from_forgery
|
||||
|
||||
rescue_from CanCan::AccessDenied do |exception|
|
||||
flash[:error] = "Access denied."
|
||||
redirect_to root_url
|
||||
end
|
||||
end
|
||||
|
|
|
|||
12
app/models/ability.rb
Normal file
12
app/models/ability.rb
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
class Ability
|
||||
include CanCan::Ability
|
||||
|
||||
def initialize(user)
|
||||
user ||= User.new
|
||||
|
||||
can :read, Alert, :user_id => user.id
|
||||
can :create, Alert
|
||||
can :update, Alert, :user_id => user.id
|
||||
can :destroy, Alert, :user_id => user.id
|
||||
end
|
||||
end
|
||||
Loading…
Reference in a new issue