Fogbugz #41: CanCan, damit Contacts auch zu Usern gehoeren.

2011-06-07 21:28:02 +02:00 · 2011-06-07 21:28:02 +02:00 · 472c6809bd
commit 472c6809bd
parent 673ade667a
4 changed files with 41 additions and 2 deletions
--- a/app/controllers/contacts_controller.rb
+++ b/app/controllers/contacts_controller.rb
@ -3,7 +3,7 @@ class ContactsController < ApplicationController
  before_filter :authenticate_user!

  def index
-    @contacts = Contact.all
+    @contacts = Contact.accessible_by(current_ability, :index)
  end

  def new
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@ -0,0 +1,29 @@
+class Ability
+  include CanCan::Ability
+
+  def initialize(user)
+    # We don't do guest users (who are not logged in)
+    #   user ||= User.new
+
+    if user.admin?
+      can :manage, :all
+    else
+      # Give users full access to their own contacts.
+      can :manage, Contact, :user_id => user.id
+    end
+
+    # The first argument to `can` is the action you are giving the user permission to do.
+    # If you pass :manage it will apply to every action. Other common actions here are
+    # :read, :create, :update and :destroy.
+    #
+    # The second argument is the resource the user can perform the action on. If you pass
+    # :all it will apply to every resource. Otherwise pass a Ruby class of the resource.
+    #
+    # The third argument is an optional hash of conditions to further filter the objects.
+    # For example, here the user can only update published articles.
+    #
+    #   can :update, Article, :published => true
+    #
+    # See the wiki for details: https://github.com/ryanb/cancan/wiki/Defining-Abilities
+  end
+end
--- a/db/migrate/20110607192020_add_owning_user_to_contacts.rb
+++ b/db/migrate/20110607192020_add_owning_user_to_contacts.rb
@ -0,0 +1,9 @@
+class AddOwningUserToContacts < ActiveRecord::Migration
+  def self.up
+    add_column :contacts, :user_id, :integer
+  end
+
+  def self.down
+    remove_column :contacts, :user_id
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@ -10,7 +10,7 @@
 #
 # It's strongly recommended to check this file into your version control system.

-ActiveRecord::Schema.define(:version => 20110601205228) do
+ActiveRecord::Schema.define(:version => 20110607192020) do

  create_table "contacts", :force => true do |t|
    t.string   "firstname"
@ -25,6 +25,7 @@ ActiveRecord::Schema.define(:version => 20110601205228) do
    t.integer  "birth_day"
    t.integer  "birth_month"
    t.integer  "birth_year"
+    t.integer  "user_id"
  end

  create_table "emails", :force => true do |t|