AutoCommit Mon Jun 8 22:03:14 CEST 2015

app/models/ability.rb

@@ -1,9 +1,15 @@
 # -*- coding: utf-8 -*-
 class Ability
   include CanCan::Ability
-  def initialize(user,request=nil)
+  def initialize(user,request=nil,key=nil)
     loggedin=!(user.nil?)
-    user ||= User.new # guest user (not logged in)
+    unless key.nil?
+      k=Key.find_by_uuid(key)
+      if !k.nil? && k.is_valid && k.typ == 0
+        user=k.user
+      end
+    end
+    user ||=  User.new # guest user (not logged in)
 
     
     #-----------------------------------------------------
@@ -103,7 +109,7 @@ end
     can :index, Rubrik
     can [:show], Rubrik, :public=>true
     can [:list], Neuigkeit, :cache_is_published=>true,  :rubrik=>{:public=>true}
-    can :show, Neuigkeit, :rubrik=>{:public=>true}
+    can :show, Neuigkeit, :cache_is_published=>true, :rubrik=>{:public=>true}
 
     if loggedin
     end
@@ -163,7 +169,7 @@ end
     can [:showics], Calendar
     can [:show], Calentry
 
-    if( user.has_role?("fetuser") || user.has_role?("fetadmin"))
+    if( user.has_role?("fetuser") || user.has_role?("fetadmin")|| (!k.nil? && k.typ==1 && (k.user.has_role?("fetuser")||k.user.has_role?("fetadmin"))))
       can [:show,:index], Calendar
       can  [:edit, :update,:new,:create,:verwalten], Calendar
       can  [:edit, :update,:new,:create,:verwalten,:delete], Calentry

app/models/key.rb

@@ -0,0 +1,11 @@
+class Key < ActiveRecord::Base
+  attr_accessible :expire, :is_valid,  :type, :user_id
+  belongs_to :parent, :polymorphic => true
+  belongs_to :user
+  before_create :create_unique_identifier
+  def create_unique_identifier
+    begin
+      self.uuid = SecureRandom.hex(10) # or whatever you chose like UUID tools
+    end while self.class.exists?(:uuid => uuid)
+  end
+end