-
Notifications
You must be signed in to change notification settings - Fork 7
/
ability.rb
85 lines (64 loc) · 2.02 KB
/
ability.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
# See the CanCan wiki for details:
# https://github.com/ryanb/cancan/wiki/Defining-Abilities
#
# The ability is built upon the "everything disallowed first" principle:
# Nothing is allowed if not explicitly allowed somewhere.
class Ability
include CanCan::Ability
def initialize(current_user)
define_aliases!
if current_user.nil? # Guest (not logged in)
define_abilities_for_guests current_user
else
case current_user.role.to_sym
when :user
define_abilities_for_users current_user
when :editor
define_abilities_for_editors current_user
when :admin
define_abilities_for_admins current_user
else
raise "Unknown user role #{current_user.role}!"
end
end
end
def define_aliases!
clear_aliased_actions # We want to differentiate between #read and #index actions!
alias_action :show, to: :read
alias_action :new, to: :create
alias_action :edit, to: :update
alias_action :index, :create, :read, :update, :destroy, to: :crudi
end
def define_abilities_for_guests(current_user)
can :read, Page
can :create, User
end
def define_abilities_for_users(current_user)
can :read, Page
can [:index, :read], User
can(:update, User) { |user| user == current_user }
end
def define_abilities_for_editors(current_user)
can [:index, :read], Code
can [:index, :read], Image
can :crudi, Page
can [:index, :read], User
can([:update, :destroy], User) { |user| user == current_user }
can [:index, :read], PaperTrail::Version
end
def define_abilities_for_admins(current_user)
can [:read, :edit, :update], AppConfig
can :edit_role, User do |user|
user != current_user
end
can :edit_disabled, User do |user|
user != current_user
end
can [:index, :read], Code
can [:index, :read], Image
can :crudi, Page
can [:index, :create, :read, :update], User
can(:destroy, User) { |user| user != current_user }
can [:index, :read], PaperTrail::Version
end
end