From 22c9a1723656b3cd933ce66ddda92414865037e5 Mon Sep 17 00:00:00 2001
From: Andrew Tomaka <atomaka@gmail.com>
Date: Sat, 6 Apr 2013 13:02:32 -0400
Subject: [PATCH 1/5] Add cancan gem

---
 Gemfile      | 2 ++
 Gemfile.lock | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/Gemfile b/Gemfile
index 28de950..d53a377 100644
--- a/Gemfile
+++ b/Gemfile
@@ -13,6 +13,8 @@ gem 'devise'
 gem 'omniauth'
 gem 'omniauth-kerberos'
 
+gem 'cancan'
+
 
 # Gems used only for assets and not required
 # in production environments by default.
diff --git a/Gemfile.lock b/Gemfile.lock
index 6987ab4..fd18da1 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -47,6 +47,7 @@ GEM
       slim (~> 1.3.6)
       terminal-table (~> 1.4)
     builder (3.0.4)
+    cancan (1.6.9)
     coderay (1.0.9)
     coffee-rails (3.2.2)
       coffee-script (>= 2.2.0)
@@ -187,6 +188,7 @@ DEPENDENCIES
   better_errors
   binding_of_caller
   brakeman
+  cancan
   coffee-rails (~> 3.2.1)
   devise
   jquery-rails

From d1da33abecbf621e24024ce696edc010cfe1609c Mon Sep 17 00:00:00 2001
From: Andrew Tomaka <atomaka@gmail.com>
Date: Sat, 6 Apr 2013 13:03:23 -0400
Subject: [PATCH 2/5] Add cancan ability model

---
 app/models/ability.rb | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 app/models/ability.rb

diff --git a/app/models/ability.rb b/app/models/ability.rb
new file mode 100644
index 0000000..e03bf9b
--- /dev/null
+++ b/app/models/ability.rb
@@ -0,0 +1,32 @@
+class Ability
+  include CanCan::Ability
+
+  def initialize(user)
+    # Define abilities for the passed in user here. For example:
+    #
+    #   user ||= User.new # guest user (not logged in)
+    #   if user.admin?
+    #     can :manage, :all
+    #   else
+    #     can :read, :all
+    #   end
+    #
+    # The first argument to `can` is the action you are giving the user 
+    # permission to do.
+    # If you pass :manage it will apply to every action. Other common actions
+    # here are :read, :create, :update and :destroy.
+    #
+    # The second argument is the resource the user can perform the action on. 
+    # If you pass :all it will apply to every resource. Otherwise pass a Ruby
+    # class of the resource.
+    #
+    # The third argument is an optional hash of conditions to further filter the
+    # objects.
+    # For example, here the user can only update published articles.
+    #
+    #   can :update, Article, :published => true
+    #
+    # See the wiki for details:
+    # https://github.com/ryanb/cancan/wiki/Defining-Abilities
+  end
+end

From d6df7be6f7578930fa44d41bf72a713b56bc830e Mon Sep 17 00:00:00 2001
From: Andrew Tomaka <atomaka@gmail.com>
Date: Sun, 7 Apr 2013 06:08:05 -0400
Subject: [PATCH 3/5] Set desired access for Alerts

---
 app/models/ability.rb | 32 ++++++--------------------------
 1 file changed, 6 insertions(+), 26 deletions(-)

diff --git a/app/models/ability.rb b/app/models/ability.rb
index e03bf9b..090b907 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -2,31 +2,11 @@ class Ability
   include CanCan::Ability
 
   def initialize(user)
-    # Define abilities for the passed in user here. For example:
-    #
-    #   user ||= User.new # guest user (not logged in)
-    #   if user.admin?
-    #     can :manage, :all
-    #   else
-    #     can :read, :all
-    #   end
-    #
-    # The first argument to `can` is the action you are giving the user 
-    # permission to do.
-    # If you pass :manage it will apply to every action. Other common actions
-    # here are :read, :create, :update and :destroy.
-    #
-    # The second argument is the resource the user can perform the action on. 
-    # If you pass :all it will apply to every resource. Otherwise pass a Ruby
-    # class of the resource.
-    #
-    # The third argument is an optional hash of conditions to further filter the
-    # objects.
-    # For example, here the user can only update published articles.
-    #
-    #   can :update, Article, :published => true
-    #
-    # See the wiki for details:
-    # https://github.com/ryanb/cancan/wiki/Defining-Abilities
+    user ||= User.new
+
+    can :read, Alert,       :user_id => user.id
+    can :create, Alert
+    can :update, Alert,     :user_id => user.id
+    can :destroy, Alert,    :user_id => user.id
   end
 end

From 3df815617789117d2d202bca5aae60d28b8bc7fd Mon Sep 17 00:00:00 2001
From: Andrew Tomaka <atomaka@gmail.com>
Date: Sun, 7 Apr 2013 06:08:21 -0400
Subject: [PATCH 4/5] Remove current access control and load cancan controls

---
 app/controllers/alerts_controller.rb | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/app/controllers/alerts_controller.rb b/app/controllers/alerts_controller.rb
index 47d7ec7..f6f11fa 100644
--- a/app/controllers/alerts_controller.rb
+++ b/app/controllers/alerts_controller.rb
@@ -1,5 +1,6 @@
 class AlertsController < ApplicationController
   before_filter :authenticate_user!
+  load_and_authorize_resource
   # GET /alerts
   # GET /alerts.json
   def index
@@ -13,7 +14,7 @@ class AlertsController < ApplicationController
   # GET /alerts/1
   # GET /alerts/1.json
   def show
-    @alert = Alert.user_alerts(current_user.id).find(params[:id])
+    @alert = Alert.find(params[:id])
 
     respond_to do |format|
       format.html # show.html.erb
@@ -33,7 +34,7 @@ class AlertsController < ApplicationController
 
   # GET /alerts/1/edit
   def edit
-    @alert = Alert.user_alerts(current_user.id).find(params[:id])
+    @alert = Alert.find(params[:id])
   end
 
   # POST /alerts
@@ -54,7 +55,7 @@ class AlertsController < ApplicationController
   # PUT /alerts/1
   # PUT /alerts/1.json
   def update
-    @alert = Alert.user_alerts(current_user.id).find(params[:id])
+    @alert = Alert.find(params[:id])
 
     respond_to do |format|
       if @alert.update_attributes(params[:alert])
@@ -68,7 +69,7 @@ class AlertsController < ApplicationController
   # DELETE /alerts/1
   # DELETE /alerts/1.json
   def destroy
-    @alert = Alert.user_alerts(current_user.id).find(params[:id])
+    @alert = Alert.find(params[:id])
     @alert.destroy
 
     respond_to do |format|

From 57a3282ffb5f3b9af0b081ca69ba150610cc36c9 Mon Sep 17 00:00:00 2001
From: Andrew Tomaka <atomaka@gmail.com>
Date: Sun, 7 Apr 2013 06:08:34 -0400
Subject: [PATCH 5/5] Catch cancan exception in application_controller

---
 app/controllers/application_controller.rb | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index e8065d9..d26dda4 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,3 +1,8 @@
 class ApplicationController < ActionController::Base
   protect_from_forgery
+
+  rescue_from CanCan::AccessDenied do |exception|
+    flash[:error] = "Access denied."
+    redirect_to root_url
+  end
 end