Class: Ability
- Inherits:
-
Object
- Object
- Ability
- Includes:
- CanCan::Ability
- Defined in:
- app/models/ability.rb
Instance Method Summary collapse
-
#initialize(current_user, options = {}) ⇒ Ability
constructor
A new instance of Ability.
Constructor Details
#initialize(current_user, options = {}) ⇒ Ability
Returns a new instance of Ability.
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 |
# File 'app/models/ability.rb', line 5 def initialize(current_user, = {}) current_user ||= User.new can :read, :all # NOTE: Update authorizations can :access, :updates do |update| update.project.user_id == current_user.id end can :see, :updates do |update| !update.exclusive || !current_user.backs.confirmed.where(project_id: update.project.id).empty? end # NOTE: Project authorizations can :create, :projects if current_user.persisted? can :update, :projects, [:about, :video_url, :uploaded_image, :headline ] do |project| project.user == current_user && ( project.online? || project.waiting_funds? || project.successful? || project.failed? ) end can :update, :projects do |project| project.user == current_user && ( project.draft? || project.rejected? ) end # NOTE: Reward authorizations can :create, :rewards do |reward| reward.project.user == current_user end can [:update, :destroy], :rewards do |reward| reward.backers.in_time_to_confirm.empty? && reward.backers.confirmed.empty? && reward.project.user == current_user end can [:update, :sort], :rewards, [:description, :maximum_backers] do |reward| reward.project.user == current_user end can :update, :rewards, :days_to_delivery do |reward| reward.project.user == current_user && !reward.project.successful? && !reward.project.failed? end # NOTE: User authorizations can :set_email, :users do |user| current_user.persisted? end can [:update, :credits, :manage, :update_password, :update_email], :users do |user| current_user == user end can :update, :users, :admin do |user| current_user.admin end # NOTE: Backer authorizations cannot :show, :backers can :create, :backers if current_user.persisted? can [ :request_refund, :credits_checkout, :show, :update_info], :backers do |backer| backer.user == current_user end cannot :update_info, :backers, [:user_attributes, :user_id, :user, :value, :payment_service_fee, :payment_id] do |backer| backer.user == current_user end # Channel authorizations # Due to previous abilities, first I activate all things # and in the final I deactivate unnecessary abilities. can :create, :channels_subscribers if current_user.persisted? can :destroy, :channels_subscribers do |cs| cs.user == current_user end if current_user.trustee? can :access, :all cannot :access, :projects cannot :access, :rewards can :create, :projects can :access, :projects do |project| current_user.channels_projects.exists?(project) end can :access, :rewards do |reward| current_user.channels_projects.exists?(reward.project) end # For the access, :all # we're removing the ability to update users at all, but cannot [:update, :destroy], :users # He can update himself can :update, :users do |user| user == current_user end # Nobody can destroy projects. cannot :destroy, :projects end # A trustee cannot access the adm/ path # He can only do this if he is an admin too. case [:namespace] when "Adm" if current_user.trustee? && !current_user.admin? cannot :access, :all end else end # NOTE: admin can access everything. # It's the last ability to override all previous abilities. can :access, :all if current_user.admin? end |