Class: Ability

Inherits:
Object
  • Object
show all
Includes:
CanCan::Ability
Defined in:
app/models/ability.rb

Instance Method Summary collapse

Constructor Details

#initialize(user) ⇒ Ability

Returns a new instance of Ability.



4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
 
# File 'app/models/ability.rb', line 4

def initialize(user)
  # Define abilities for the passed in users here. For example:
  #
  #   users ||= User.new # guest users (not logged in)
  #   if users.admin?
  #     can :manage, :all
  #   else
  #     can :read, :all
  #   end
  #
  # The first argument to `can` is the action you are giving the users
  # permission to do.
  # If you pass :manage it will apply to every action. Other common actions
  # here are :read, :create, :update and :destroy.
  #
  # The second argument is the resource the users can perform the action on.
  # If you pass :all it will apply to every resource. Otherwise pass a Ruby
  # class of the resource.
  #
  # The third argument is an optional hash of conditions to further filter the
  # objects.
  # For example, here the users can only update published articles.
  #
  #   can :update, Article, :published => true
  #
  # See the wiki for details:
  # https://github.com/ryanb/cancan/wiki/Defining-Abilities

  user ||= User.new # guest user (not logged in)
  if user.has_role? :admin
    can :manage, :all
    can :manage, Role
    can :masquerade, User
    cannot :masquerade, User, :role_id => Role.where(name: ["admin","support"]).pluck(:id)
  elsif user.has_role? :support
    can :read, :admin
    can :manage, User
    can :masquerade, User
    cannot [:update, :delete, :create], User, :role_id => Role.where(name: ["admin"]).pluck(:id)
    cannot :masquerade, User, :role_id => Role.where(name: ["admin","support"]).pluck(:id)
    can :manage, Role
    cannot :manage, Role, :name => 'admin'
    can :read, Role
  end

end