fix permissions link on a subdomain of a shared domain (acl)

13 years ago · 39bf57b0ba
2 changed files with 46 additions and 21 deletions
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@ -1,4 +1,6 @@
 class Ability
+  CRUD = [:read, :create, :edit, :update, :destroy]
+  
  include CanCan::Ability
  attr_accessor :user
  attr_accessor :context
@ -7,30 +9,48 @@ class Ability
    @user = options[:user] || User.new
    @context = options[:context] || :application
    
+    action_aliases
    if user.persisted?
-    
-      # can manage his domains and records
-      can :manage, Domain, :user_id => user.id
-      can :manage, Record, :domain => {:user_id => user.id}
-      cannot :delete, SOA # it's deleted with the parent domain
-      
-      # can manage his hosts
-      can :manage, A, :user_id => user.id #, :domain => {:name => Settings.host_domains}
+      owner_abilities
+      sharing_abilities
+    end
+
+    # See the wiki for details: https://github.com/ryanb/cancan/wiki/Defining-Abilities
+  end
+  
+  protected
+  
+  def owner_abilities
+    # can manage his domains and records
+    can CRUD, Domain, :user_id => user.id
+    can CRUD, Record, :domain => {:user_id => user.id}
+    cannot :delete, SOA # it's deleted with the parent domain
      
-      # can manage permissions for his domains
-      can :manage, Permission, :domain => {:user_id => user.id}
+    # can manage his hosts
+    can CRUD, A, :user_id => user.id #, :domain => {:name => Settings.host_domains}
      
-      # can manage shared domains and records
-      can :manage, Domain, :permissions.outer => {:user_id => user.id}
-      can :manage, Record, :domain => {:permissions.outer => {:user_id => user.id}}
+    # can manage permissions for his domains
+    can CRUD, Permission, :domain => {:user_id => user.id}
+    can :crud_permissions, Domain, :user_id => user.id
+  end
+  
+  def sharing_abilities
+    # can manage shared domains and records
+    can CRUD, Domain, :permissions.outer => {:user_id => user.id}
+    can CRUD, Record, :domain => {:permissions.outer => {:user_id => user.id}}
      
-      # can manage shared domains and records descendants
-      for domain in user.permitted_domains
-        can :manage, Domain, :name_reversed.matches => "#{domain.name_reversed}.%" # descendants
-        can :manage, Record, :domain => {:name_reversed.matches => "#{domain.name_reversed}.%"} # descendant's
-      end
+    # can manage shared domains and records descendants
+    for domain in user.permitted_domains
+      can CRUD, Domain, :name_reversed.matches => "#{domain.name_reversed}.%" # descendants
+      can CRUD, Record, :domain => {:name_reversed.matches => "#{domain.name_reversed}.%"} # descendant's
    end
-
-    # See the wiki for details: https://github.com/ryanb/cancan/wiki/Defining-Abilities
  end
+  
+  def action_aliases
+    alias_action :row, :show_search, :render_field, :to => :read
+    alias_action :update_column, :add_association, :edit_associated, 
+      :edit_associated, :new_existing, :add_existing, :to => :edit
+    alias_action :delete, :destroy_existing, :to => :destroy
+  end
+  
 end
--- a/app/views/domains/_list_record_columns.html.erb
+++ b/app/views/domains/_list_record_columns.html.erb
@ -11,7 +11,12 @@
    </td>
  <% elsif column.name == :permissions %>
    <td class="<%= column_class(column, column_value, record) %>" >
-      <% column_value = 'Permissions (0)' if column_value == '-' %>
+      <% 
+      if column_value == '-'
+        column_value = 'Permissions (0)'
+        authorized &&= can?(:crud_permissions, record)
+      end
+      %>
      <%= authorized ? render_list_column(column_value, column, record) : column_value %>
    </td>
  <% else %>