From 15b70ad8c60f04f2f782390d4be82060b4597503 Mon Sep 17 00:00:00 2001
From: Andreas Stephanides <andreas.stephanides@gmail.com>
Date: Sun, 2 Aug 2015 10:03:02 +0200
Subject: [PATCH] AutoCommit Son Aug  2 10:03:02 CEST 2015

---
 app/controllers/comments_controller.rb        |  7 +++---
 app/controllers/survey/answers_controller.rb  |  2 ++
 app/controllers/survey/choices_controller.rb  |  2 ++
 .../survey/questions_controller.rb            |  2 ++
 app/models/ability.rb                         | 18 ++++++++++++++-
 app/models/comment.rb                         |  2 +-
 app/views/beispiele/_beispiel.html.erb        |  1 +
 app/views/comments/index.html.erb             | 22 -------------------
 8 files changed, 29 insertions(+), 27 deletions(-)

diff --git a/app/controllers/comments_controller.rb b/app/controllers/comments_controller.rb
index a703a10..03ef993 100644
--- a/app/controllers/comments_controller.rb
+++ b/app/controllers/comments_controller.rb
@@ -1,11 +1,11 @@
 class CommentsController < ApplicationController
-before_filter :decode_commentable_type
+  load_and_authorize_resource
+  before_filter :decode_commentable_type
   def index
     @commentable=params[:commentable_type].constantize.find(params[:commentable_id]) unless params[:commentable_type].nil? or params[:commentable_id].nil?
+   @comments=@commentable.comments.order(:created_at).roots.accessible_by(current_ability, :show).page(params[:page]).per(Comment::NUM[params[:commentable_type]]).reverse_order
 
-   @comments=@commentable.comments.order(:created_at).roots.page(params[:page]).per(Comment::NUM[params[:commentable_type]]).reverse_order
     respond_to do |format|
-      format.html # new.html.erb
       format.js
     end
 
@@ -20,6 +20,7 @@ before_filter :decode_commentable_type
     @comment = Comment.find(params[:id])
     respond_to do |format|
       format.js 
+      format.html {redirect_to @comment.commentable}
     end
   end
   def new
diff --git a/app/controllers/survey/answers_controller.rb b/app/controllers/survey/answers_controller.rb
index 3f5ff83..5ddd8a5 100644
--- a/app/controllers/survey/answers_controller.rb
+++ b/app/controllers/survey/answers_controller.rb
@@ -1,6 +1,8 @@
 class Survey::AnswersController < ApplicationController
   # GET /survey/answers
   # GET /survey/answers.json
+  load_and_authorize_resource
+
   def index
     @survey_answers = Survey::Answer.all
 
diff --git a/app/controllers/survey/choices_controller.rb b/app/controllers/survey/choices_controller.rb
index 82264cc..d6348c4 100644
--- a/app/controllers/survey/choices_controller.rb
+++ b/app/controllers/survey/choices_controller.rb
@@ -1,6 +1,8 @@
 class Survey::ChoicesController < ApplicationController
   # GET /survey/choices
   # GET /survey/choices.json
+  load_and_authorize_resource
+
   def index
     @survey_choices = Survey::Choice.all
 
diff --git a/app/controllers/survey/questions_controller.rb b/app/controllers/survey/questions_controller.rb
index 87c90e1..d8d3453 100644
--- a/app/controllers/survey/questions_controller.rb
+++ b/app/controllers/survey/questions_controller.rb
@@ -1,6 +1,8 @@
 class Survey::QuestionsController < ApplicationController
   # GET /survey/questions
   # GET /survey/questions.json
+  load_and_authorize_resource
+
   def index
     @survey_questions = Survey::Question.all
     respond_to do |format|
diff --git a/app/models/ability.rb b/app/models/ability.rb
index f0f992a..f462373 100755
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -10,8 +10,24 @@ class Ability
       end
     end
     user ||=  User.new # guest user (not logged in)
+
     can :manage, Survey::Question 
-    can :manage, Comment
+    can :manage, Survey::Choice
+    can :manage, Survey::Answer
+
+    #---------------------------------------------------
+    
+    can :index, Comment
+    can :show, Comment
+    if loggedin
+      can [:create,:new], Comment
+    end
+
+  #  can :manage, Comment
+    unless user.has_role?("fetadmin")
+      cannot :delete, Comment
+cannot :destroy, Comment
+    end
     #-----------------------------------------------------
     # Rechteverwaltung fuer Studien Modul
     can [:show, :index], Studium, :visible=>true
diff --git a/app/models/comment.rb b/app/models/comment.rb
index 3547121..9a0c5cd 100644
--- a/app/models/comment.rb
+++ b/app/models/comment.rb
@@ -1,5 +1,5 @@
 class Comment < ActiveRecord::Base
-  attr_accessible :text,:anonym, :intern, :hidden
+  attr_accessible :text,:anonym, :intern, :hidden, :commentable_id, :commentable_type
   # commentable depth, official, intern, anonym
   acts_as_votable
   acts_as_nested_set  :scope => [:commentable_id, :commentable_type]
diff --git a/app/views/beispiele/_beispiel.html.erb b/app/views/beispiele/_beispiel.html.erb
index 8499bf7..27697f5 100644
--- a/app/views/beispiele/_beispiel.html.erb
+++ b/app/views/beispiele/_beispiel.html.erb
@@ -39,3 +39,4 @@
   </div>
   <% end %>
 
+</div>
diff --git a/app/views/comments/index.html.erb b/app/views/comments/index.html.erb
index d97f147..e69de29 100644
--- a/app/views/comments/index.html.erb
+++ b/app/views/comments/index.html.erb
@@ -1,22 +0,0 @@
-<h1>Listing comments</h1>
-<%= render partial:"comments/comments", object: @comments %>
-
-<table>
-  <tr>
-    <th></th>
-    <th></th>
-    <th></th>
-  </tr>
-
-<% @comments.each do |comment| %>
-  <tr>
-    <td><%= link_to 'Show', comment %></td>
-    <td><%= link_to 'Edit', edit_comment_path(comment) %></td>
-    <td><%= link_to 'Destroy', comment, method: :delete, data: { confirm: 'Are you sure?' } %></td>
-  </tr>
-<% end %>
-</table>
-
-<br />
-
-<%= link_to 'New Comment', new_comment_path %>