atomaka/MSU-Course-Alerter
1
0
Fork 0
Code Releases Activity

Merge branch 'feature-cancan_authorization'

Browse source
This commit is contained in:
Andrew Tomaka 2013-04-07 06:10:20 -04:00
commit b65219eb0c
5 changed files with 26 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Gemfile
View file

@ -13,6 +13,8 @@ gem 'devise'
gem 'omniauth' gem 'omniauth'
gem 'omniauth-kerberos' gem 'omniauth-kerberos'
gem 'cancan'
# Gems used only for assets and not required # Gems used only for assets and not required
# in production environments by default. # in production environments by default.

2
Gemfile.lock
View file

@ -47,6 +47,7 @@ GEM
slim (~> 1.3.6) slim (~> 1.3.6)
terminal-table (~> 1.4) terminal-table (~> 1.4)
builder (3.0.4) builder (3.0.4)
cancan (1.6.9)
coderay (1.0.9) coderay (1.0.9)
coffee-rails (3.2.2) coffee-rails (3.2.2)
coffee-script (>= 2.2.0) coffee-script (>= 2.2.0)
@ -187,6 +188,7 @@ DEPENDENCIES
better_errors better_errors
binding_of_caller binding_of_caller
brakeman brakeman
cancan
coffee-rails (~> 3.2.1) coffee-rails (~> 3.2.1)
devise devise
jquery-rails jquery-rails

9
app/controllers/alerts_controller.rb
View file

@ -1,5 +1,6 @@
class AlertsController < ApplicationController class AlertsController < ApplicationController
before_filter :authenticate_user! before_filter :authenticate_user!
load_and_authorize_resource
# GET /alerts # GET /alerts
# GET /alerts.json # GET /alerts.json
def index def index
@ -13,7 +14,7 @@ class AlertsController < ApplicationController
# GET /alerts/1 # GET /alerts/1
# GET /alerts/1.json # GET /alerts/1.json
def show def show
@alert = Alert.user_alerts(current_user.id).find(params[:id]) @alert = Alert.find(params[:id])
respond_to do |format| respond_to do |format|
format.html # show.html.erb format.html # show.html.erb
@ -33,7 +34,7 @@ class AlertsController < ApplicationController
# GET /alerts/1/edit # GET /alerts/1/edit
def edit def edit
@alert = Alert.user_alerts(current_user.id).find(params[:id]) @alert = Alert.find(params[:id])
end end
# POST /alerts # POST /alerts
@ -54,7 +55,7 @@ class AlertsController < ApplicationController
# PUT /alerts/1 # PUT /alerts/1
# PUT /alerts/1.json # PUT /alerts/1.json
def update def update
@alert = Alert.user_alerts(current_user.id).find(params[:id]) @alert = Alert.find(params[:id])
respond_to do |format| respond_to do |format|
if @alert.update_attributes(params[:alert]) if @alert.update_attributes(params[:alert])
@ -68,7 +69,7 @@ class AlertsController < ApplicationController
# DELETE /alerts/1 # DELETE /alerts/1
# DELETE /alerts/1.json # DELETE /alerts/1.json
def destroy def destroy
@alert = Alert.user_alerts(current_user.id).find(params[:id]) @alert = Alert.find(params[:id])
@alert.destroy @alert.destroy
respond_to do |format| respond_to do |format|

5
app/controllers/application_controller.rb
View file

@ -1,3 +1,8 @@
class ApplicationController < ActionController::Base class ApplicationController < ActionController::Base
protect_from_forgery protect_from_forgery
rescue_from CanCan::AccessDenied do |exception|
flash[:error] = "Access denied."
redirect_to root_url
end
end end

12
app/models/ability.rb Normal file
View file

@ -0,0 +1,12 @@
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new
can :read, Alert, :user_id => user.id
can :create, Alert
can :update, Alert, :user_id => user.id
can :destroy, Alert, :user_id => user.id
end
end