Merge branch 'feature-cancan_authorization'

2013-04-07 06:10:20 -04:00 · 2013-04-07 06:10:20 -04:00 · b65219eb0c
parent f4c0c46680 57a3282ffb
commit b65219eb0c
5 changed files with 26 additions and 4 deletions
--- a/2
+++ b/2
@ -13,6 +13,8 @@ gem 'devise'
 gem 'omniauth'
 gem 'omniauth-kerberos'

+gem 'cancan'
+

 # Gems used only for assets and not required
 # in production environments by default.
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -47,6 +47,7 @@ GEM
      slim (~> 1.3.6)
      terminal-table (~> 1.4)
    builder (3.0.4)
+    cancan (1.6.9)
    coderay (1.0.9)
    coffee-rails (3.2.2)
      coffee-script (>= 2.2.0)
@ -187,6 +188,7 @@ DEPENDENCIES
  better_errors
  binding_of_caller
  brakeman
+  cancan
  coffee-rails (~> 3.2.1)
  devise
  jquery-rails
--- a/app/controllers/alerts_controller.rb
+++ b/app/controllers/alerts_controller.rb
@ -1,5 +1,6 @@
 class AlertsController < ApplicationController
  before_filter :authenticate_user!
+  load_and_authorize_resource
  # GET /alerts
  # GET /alerts.json
  def index
@ -13,7 +14,7 @@ class AlertsController < ApplicationController
  # GET /alerts/1
  # GET /alerts/1.json
  def show
-    @alert = Alert.user_alerts(current_user.id).find(params[:id])
+    @alert = Alert.find(params[:id])

    respond_to do |format|
      format.html # show.html.erb
@ -33,7 +34,7 @@ class AlertsController < ApplicationController

  # GET /alerts/1/edit
  def edit
-    @alert = Alert.user_alerts(current_user.id).find(params[:id])
+    @alert = Alert.find(params[:id])
  end

  # POST /alerts
@ -54,7 +55,7 @@ class AlertsController < ApplicationController
  # PUT /alerts/1
  # PUT /alerts/1.json
  def update
-    @alert = Alert.user_alerts(current_user.id).find(params[:id])
+    @alert = Alert.find(params[:id])

    respond_to do |format|
      if @alert.update_attributes(params[:alert])
@ -68,7 +69,7 @@ class AlertsController < ApplicationController
  # DELETE /alerts/1
  # DELETE /alerts/1.json
  def destroy
-    @alert = Alert.user_alerts(current_user.id).find(params[:id])
+    @alert = Alert.find(params[:id])
    @alert.destroy

    respond_to do |format|
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -1,3 +1,8 @@
 class ApplicationController < ActionController::Base
  protect_from_forgery
+
+  rescue_from CanCan::AccessDenied do |exception|
+    flash[:error] = "Access denied."
+    redirect_to root_url
+  end
 end
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@ -0,0 +1,12 @@
+class Ability
+  include CanCan::Ability
+
+  def initialize(user)
+    user ||= User.new
+
+    can :read, Alert,       :user_id => user.id
+    can :create, Alert
+    can :update, Alert,     :user_id => user.id
+    can :destroy, Alert,    :user_id => user.id
+  end
+end