Class: Ability

Inherits:
Object
  • Object
show all
Includes:
CanCan::Ability
Defined in:
app/models/ability.rb

Overview

The Ability model is a centralised place to declare authorization rules This is not an ActiveRecord model but rather initialized by CanCanCan as part of the authorization process.

Instance Method Summary collapse

Constructor Details

#initialize(user) ⇒ Ability

Returns a new instance of Ability

Parameters:


9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# File 'app/models/ability.rb', line 9

def initialize(user)
  user ||= User.new

  # Use crud alias instead of manage since it can grant invitation access for example.
  alias_action :create, :read, :update, :destroy,
               :destroy_multiple, :destroy_all, :update_multiple, :update_all,
               :search,
               to: :crud

  can :read, User
  can :read, Role
  can :read, Station do |s|
    s.show?
  end
  can [:update_balance, :api_firmware_version, :find, :embed, :search], Station
  can [:read, :create], Observation
  can :crud, Notification do |note|
    note.user_id == user.id
  end

  # user can manage own profile
  can :crud, User do |u|
    u.id == user.id
  end

  # user can manage own profile
  can :crud, UserAuthentication do |auth|
    auth.user_id == user.id
  end

  if user.has_role? :admin
    can :manage, :all
  end
end