bofh/fetsite
9
0
Fork 1
Code Issues Pull Requests Releases Wiki Activity

ability rework

Browse Source
This commit is contained in:
Andreas Stephanides
2014-07-21 23:41:56 +05:30
parent 44a0dc2f98
commit bd4f84e7ec
2 changed files with 112 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

140
app/models/ability.rb
View File

@@ -2,21 +2,113 @@
class Ability
include CanCan::Ability
def initialize(user)
loggedin=!(user.nil?)
user ||= User.new # guest user (not logged in)
#-----------------------------------------------------
# Rechteverwaltung fuer Studien Modul
can [:show, :index], Studium
can [:show, :index], Modulgruppe
can [:show, :index], Modul
can [:show, :index], Lva
can [:create, :show], Beispiel
if loggedin
can :like, Beispiel
can :dislike, Beispiel
end
if( user.has_role?("fetuser") || user.has_role?("fetadmin"))
can :manage, Modulgruppe
can :manage, Modul
can :manage, Lva
can :manage, Studium
end
unless user.has_role?("fetadmin")
cannot :delete, Studium
cannot :delete, Modulgruppe
cannot :delete, Modul
end
#-----------------------------------------------------
# Rechteverwaltung fuer Informationen
can [:show, :index,:faqs], Themengruppe, :public=>true
can [:show], Thema, :isdraft=>false
can :show, Frage
if loggedin
end
if( user.has_role?("fetuser") || user.has_role?("fetadmin"))
can :manage, Frage
can :showdraft , Thema
can :showintern, Thema
can :manage, Thema
can :manage, Themengruppe
end
unless user.has_role?("fetadmin")
cannot :delete, Themengruppe
cannot :delete, Thema
end
#-----------------------------------------------------
# Rechteverwaltung fuer Fotos
can [:show,:index], Gallery
can [:show, :index,:faqs], Themengruppe
can [:show], Thema, :isdraft=>false
if loggedin
end
if( user.has_role?("fetuser") || user.has_role?("fetadmin"))
can :manage, Gallery
end
unless user.has_role?("fetadmin")
cannot :delete, Gallery
end
#-----------------------------------------------------
# Rechteverwaltung fuer Mitarbeiter
can [:show, :index], Fetprofile
can [:show, :index],Gremium
if loggedin
end
if( user.has_role?("fetuser") || user.has_role?("fetadmin"))
can :manage, Fetprofile
can :manage, Gremium
can :manage, Membership
end
unless user.has_role?("fetadmin")
cannot :delete, Fetprofile
cannot :delete ,Gremium
end
#-----------------------------------------------------
# Rechteverwaltung fuer Neuigkeiten
can [:show,:index], Rubrik, :public=>true
can :show, Neuigkeit, :rubrik=>{:public=>true}
if loggedin
end
if( user.has_role?("fetuser") || user.has_role?("fetadmin"))
can :showintern, Neuigkeit
can :showintern, Rubrik
can :seeintern, User
can :shownonpublic, Rubrik
end
if user.has_role?("newsadmin") || user.has_role?("fetadmin")
can :addmoderator, Rubrik
end
if user.has_role?("fetadmin")
can :addfetuser, User
can :addfetadmin, User
end
if user.has_role?("newsadmin") || user.has_role?( "fetadmin") || user.has_role?( "fetuser")
can :manage, Rubrik
can :manage, Neuigkeit
can :showunpublished, Neuigkeit
end
unless user.has_role?("fetadmin")
cannot :delete, Rubrik
cannot :delete, Neuigkeit
end
# Rechteverwaltung Kalender
can [:show, :index], Calendar, :public => true
@@ -24,12 +116,8 @@ class Ability
can [:show], Calentry
if( user.has_role?("fetuser") || user.has_role?("fetadmin"))
can :manage,:all
can :manage, Modulgruppe
can :showdraft , Thema
can :showintern, Thema
can :showintern, Neuigkeit
can :showintern, Rubrik
can [:show,:index], Calendar
can [:edit, :update,:new,:create,:verwalten], Calendar
can [:edit, :update,:new,:create,:verwalten], Calentry
@@ -39,39 +127,9 @@ class Ability
can [:delete],Calentry
can :doadmin, User
end
unless user.has_role?("fetadmin")
cannot :delete, Modulgruppe
cannot :delete, Rubrik
cannot :delete, Themengruppe
cannot :delete, Fetprofile
cannot :delete, Studium
cannot :delete, Modul
cannot :delete ,Gremium
end
# Rechteverwaltung fuer Neuigkeiten
# can :write, Neuigkeit if user.has_role?("newsmoderator", Neuigkeit.rubrik)
if user.has_role?("newsadmin") || user.has_role?("fetadmin")
can :addmoderator, Rubrik
end
can [:show,:index], Rubrik, :public=>true
can :show, Neuigkeit, :rubrik=>{:public=>true}
if user.has_role?("fetadmin")
can :addfetuser, User
can :addfetadmin, User
end
if user.has_role?("newsadmin") || user.has_role?( "fetadmin") || user.has_role?( "fetuser")
can :manage, Rubrik
can :manage, Neuigkeit
can :shownonpublic, Rubrik
can :showunpublished, Neuigkeit
can :seeintern, User
end
end
end

34
app/models/user.rb
View File

@@ -30,7 +30,7 @@ class User < ActiveRecord::Base
# :token_authenticatable, :confirmable,
# :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :recoverable, :rememberable, :trackable, :validatable,:omniauthable, :omniauth_providers => [:facebook,:ldap]
acts_as_voter
# Setup accessible (or protected) attributes for your model
attr_accessible :email, :password, :password_confirmation, :remember_me, :provider, :uid, :name
belongs_to :fetprofile
@@ -51,27 +51,19 @@ logger.debug auth.to_s
user
end
def self.find_for_ldap_oauth(auth,signed_in_resource=nil)
# debug "sdfg"
def self.find_for_ldap_oauth(auth,signed_in_resource=nil)
# debug "sdfg"
user= User.where(:provider=>auth.provider,:uid=>auth.extra.raw_info.uid).first
unless user
user= User.create(name:auth.extra.raw_info.uid.first,
provider:auth.provider,
uid:auth.extra.raw_info.uid.first,
email:auth.extra.raw_info.mail.first.to_s,
password:Devise.friendly_token[0,20])
user.add_role("fetuser")
logger.debug(auth.extra.raw_info.to_s)
end
unless user
# user=User.create(name:"fail",
# provider:"ldap",
# uid:"sdf",
# email:"sdf@fet.at",
# password:Devise.friendly_token[0,20])
end
user= User.where(:provider=>auth.provider,:uid=>auth.extra.raw_info.uid).first
unless user
user= User.create(name:auth.extra.raw_info.uid.first,
provider:auth.provider,
uid:auth.extra.raw_info.uid.first,
email:auth.extra.raw_info.mail.first.to_s,
password:Devise.friendly_token[0,20])
user.add_role("fetuser")
logger.debug(auth.extra.raw_info.to_s)
end
user
end