From d6df7be6f7578930fa44d41bf72a713b56bc830e Mon Sep 17 00:00:00 2001 From: Andrew Tomaka Date: Sun, 7 Apr 2013 06:08:05 -0400 Subject: [PATCH] Set desired access for Alerts --- app/models/ability.rb | 32 ++++++-------------------------- 1 file changed, 6 insertions(+), 26 deletions(-) diff --git a/app/models/ability.rb b/app/models/ability.rb index e03bf9b..090b907 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -2,31 +2,11 @@ class Ability include CanCan::Ability def initialize(user) - # Define abilities for the passed in user here. For example: - # - # user ||= User.new # guest user (not logged in) - # if user.admin? - # can :manage, :all - # else - # can :read, :all - # end - # - # The first argument to `can` is the action you are giving the user - # permission to do. - # If you pass :manage it will apply to every action. Other common actions - # here are :read, :create, :update and :destroy. - # - # The second argument is the resource the user can perform the action on. - # If you pass :all it will apply to every resource. Otherwise pass a Ruby - # class of the resource. - # - # The third argument is an optional hash of conditions to further filter the - # objects. - # For example, here the user can only update published articles. - # - # can :update, Article, :published => true - # - # See the wiki for details: - # https://github.com/ryanb/cancan/wiki/Defining-Abilities + user ||= User.new + + can :read, Alert, :user_id => user.id + can :create, Alert + can :update, Alert, :user_id => user.id + can :destroy, Alert, :user_id => user.id end end