From bd4f84e7ec6f45cbb453270787efe9ffb8b52d83 Mon Sep 17 00:00:00 2001
From: Andreas Stephanides <andis@fet.at>
Date: Mon, 21 Jul 2014 23:41:56 +0530
Subject: [PATCH] ability rework

---
 app/models/ability.rb | 140 +++++++++++++++++++++++++++++-------------
 app/models/user.rb    |  34 ++++------
 2 files changed, 112 insertions(+), 62 deletions(-)

diff --git a/app/models/ability.rb b/app/models/ability.rb
index de4778b..616979b 100755
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -2,21 +2,113 @@
 class Ability
   include CanCan::Ability
   def initialize(user)
+    loggedin=!(user.nil?)
     user ||= User.new # guest user (not logged in)
-
+    #-----------------------------------------------------
     # Rechteverwaltung fuer Studien Modul
     can [:show, :index], Studium
     can [:show, :index], Modulgruppe
     can [:show, :index], Modul
     can [:show, :index], Lva
     can [:create, :show], Beispiel
+    if loggedin
+      can :like, Beispiel
+      can :dislike, Beispiel
+    end
+    if( user.has_role?("fetuser") || user.has_role?("fetadmin"))
+      can :manage, Modulgruppe
+      can :manage, Modul
+      can :manage, Lva
+      can :manage, Studium
+    end
+    unless user.has_role?("fetadmin")
+      cannot :delete, Studium    
+      cannot :delete, Modulgruppe
+      cannot :delete, Modul
+    end
+
+    #-----------------------------------------------------
+    # Rechteverwaltung fuer Informationen
+    can [:show, :index,:faqs], Themengruppe, :public=>true  
+    can [:show], Thema, :isdraft=>false
+    can :show, Frage
+    if loggedin
+    end
+    if( user.has_role?("fetuser") || user.has_role?("fetadmin"))
+      can :manage, Frage
+      can :showdraft , Thema
+      can :showintern, Thema
+      can :manage, Thema
+      can :manage, Themengruppe
+    end
+    unless user.has_role?("fetadmin")
+      cannot :delete, Themengruppe
+      cannot :delete, Thema
+    end
+
+    #-----------------------------------------------------
+    # Rechteverwaltung fuer Fotos
 
     can [:show,:index], Gallery
-    can [:show, :index,:faqs], Themengruppe
-    can [:show], Thema, :isdraft=>false
-
+    if loggedin
+    end
+    if( user.has_role?("fetuser") || user.has_role?("fetadmin"))
+      can :manage, Gallery
+    end
+    unless user.has_role?("fetadmin")
+      cannot :delete, Gallery
+    end
+    
+    #-----------------------------------------------------
+    # Rechteverwaltung fuer Mitarbeiter
     can [:show, :index], Fetprofile
     can [:show, :index],Gremium
+    if loggedin
+    end
+    if( user.has_role?("fetuser") || user.has_role?("fetadmin"))
+      can :manage, Fetprofile
+      can :manage, Gremium
+      can :manage, Membership
+    end
+    unless user.has_role?("fetadmin")
+      cannot :delete, Fetprofile
+      cannot :delete ,Gremium
+    end
+    
+    #-----------------------------------------------------
+    # Rechteverwaltung fuer Neuigkeiten
+    can [:show,:index], Rubrik, :public=>true
+    can :show, Neuigkeit, :rubrik=>{:public=>true}
+
+    if loggedin
+    end
+    if( user.has_role?("fetuser") || user.has_role?("fetadmin"))
+      can :showintern, Neuigkeit
+      can :showintern, Rubrik
+      can :seeintern, User
+      can :shownonpublic, Rubrik
+
+    end
+    if user.has_role?("newsadmin") || user.has_role?("fetadmin") 
+      can :addmoderator, Rubrik
+    end    
+    if user.has_role?("fetadmin")
+      can :addfetuser, User
+      can :addfetadmin, User
+    end
+    
+    if user.has_role?("newsadmin") || user.has_role?( "fetadmin") || user.has_role?( "fetuser") 
+      can :manage, Rubrik
+      can :manage, Neuigkeit
+      can :showunpublished, Neuigkeit
+    end
+    unless user.has_role?("fetadmin")
+      cannot :delete, Rubrik
+      cannot :delete, Neuigkeit
+
+    end
+    
+
 
     # Rechteverwaltung Kalender 
     can [:show, :index], Calendar, :public => true 
@@ -24,12 +116,8 @@ class Ability
     can [:show], Calentry
 
     if( user.has_role?("fetuser") || user.has_role?("fetadmin"))
-      can :manage,:all
-      can :manage, Modulgruppe
-      can :showdraft , Thema
-      can :showintern, Thema
-      can :showintern, Neuigkeit
-      can :showintern, Rubrik
+
+
       can [:show,:index], Calendar
       can  [:edit, :update,:new,:create,:verwalten], Calendar
       can  [:edit, :update,:new,:create,:verwalten], Calentry
@@ -39,39 +127,9 @@ class Ability
       can [:delete],Calentry
       can :doadmin, User
     end
+
     unless user.has_role?("fetadmin")
-      cannot :delete, Modulgruppe
-      cannot :delete, Rubrik
-      cannot :delete, Themengruppe
-      cannot :delete, Fetprofile
-      cannot :delete, Studium
-      cannot :delete, Modul
-      cannot :delete ,Gremium
-     end
-    # Rechteverwaltung fuer Neuigkeiten
-
-#    can :write, Neuigkeit if user.has_role?("newsmoderator", Neuigkeit.rubrik)
-
-   if user.has_role?("newsadmin") || user.has_role?("fetadmin") 
-      can :addmoderator, Rubrik
-   end    
-    can [:show,:index], Rubrik, :public=>true
-  
-    can :show, Neuigkeit, :rubrik=>{:public=>true}
-    if user.has_role?("fetadmin")
-      can :addfetuser, User
-      can :addfetadmin, User
     end
-   
-   if user.has_role?("newsadmin") || user.has_role?( "fetadmin") || user.has_role?( "fetuser") 
-	  can :manage, Rubrik
-	  can :manage, Neuigkeit
-          can :shownonpublic, Rubrik
-          can :showunpublished, Neuigkeit
-     can :seeintern, User
     
-   end
-  
-  
   end
 end
diff --git a/app/models/user.rb b/app/models/user.rb
index a81f497..bcc6096 100755
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -30,7 +30,7 @@ class User < ActiveRecord::Base
   # :token_authenticatable, :confirmable,
   # :lockable, :timeoutable and :omniauthable
   devise :database_authenticatable, :recoverable, :rememberable, :trackable, :validatable,:omniauthable, :omniauth_providers => [:facebook,:ldap]
-
+  acts_as_voter
   # Setup accessible (or protected) attributes for your model
   attr_accessible :email, :password, :password_confirmation, :remember_me, :provider, :uid, :name
 belongs_to :fetprofile
@@ -51,27 +51,19 @@ logger.debug auth.to_s
     
     user
   end
- def self.find_for_ldap_oauth(auth,signed_in_resource=nil)
-  # debug "sdfg"
+  def self.find_for_ldap_oauth(auth,signed_in_resource=nil)
+    # debug "sdfg"
 
-   user= User.where(:provider=>auth.provider,:uid=>auth.extra.raw_info.uid).first
-   unless user
-     user= User.create(name:auth.extra.raw_info.uid.first,
-                       provider:auth.provider,
-                       uid:auth.extra.raw_info.uid.first,
-                       email:auth.extra.raw_info.mail.first.to_s,
-                       password:Devise.friendly_token[0,20])
-    user.add_role("fetuser")
-logger.debug(auth.extra.raw_info.to_s)
-   end
-   unless user
-    # user=User.create(name:"fail",
-    #                  provider:"ldap",
-    #                  uid:"sdf",
-    #                  email:"sdf@fet.at",
-    #                  password:Devise.friendly_token[0,20])
-   
-   end
+    user= User.where(:provider=>auth.provider,:uid=>auth.extra.raw_info.uid).first
+    unless user
+      user= User.create(name:auth.extra.raw_info.uid.first,
+                        provider:auth.provider,
+                        uid:auth.extra.raw_info.uid.first,
+                        email:auth.extra.raw_info.mail.first.to_s,
+                        password:Devise.friendly_token[0,20])
+      user.add_role("fetuser")
+      logger.debug(auth.extra.raw_info.to_s)
+    end
    user
  end