Browse Source

fix permissions link on a subdomain of a shared domain (acl)

pull/1/head
Nicolae Claudius 13 years ago
parent
commit
39bf57b0ba
  1. 38
      app/models/ability.rb
  2. 7
      app/views/domains/_list_record_columns.html.erb

38
app/models/ability.rb

@ -1,4 +1,6 @@
class Ability
CRUD = [:read, :create, :edit, :update, :destroy]
include CanCan::Ability
attr_accessor :user
attr_accessor :context
@ -7,30 +9,48 @@ class Ability
@user = options[:user] || User.new
@context = options[:context] || :application
action_aliases
if user.persisted?
owner_abilities
sharing_abilities
end
# See the wiki for details: https://github.com/ryanb/cancan/wiki/Defining-Abilities
end
protected
def owner_abilities
# can manage his domains and records
can :manage, Domain, :user_id => user.id
can :manage, Record, :domain => {:user_id => user.id}
can CRUD, Domain, :user_id => user.id
can CRUD, Record, :domain => {:user_id => user.id}
cannot :delete, SOA # it's deleted with the parent domain
# can manage his hosts
can :manage, A, :user_id => user.id #, :domain => {:name => Settings.host_domains}
can CRUD, A, :user_id => user.id #, :domain => {:name => Settings.host_domains}
# can manage permissions for his domains
can :manage, Permission, :domain => {:user_id => user.id}
can CRUD, Permission, :domain => {:user_id => user.id}
can :crud_permissions, Domain, :user_id => user.id
end
def sharing_abilities
# can manage shared domains and records
can :manage, Domain, :permissions.outer => {:user_id => user.id}
can :manage, Record, :domain => {:permissions.outer => {:user_id => user.id}}
can CRUD, Domain, :permissions.outer => {:user_id => user.id}
can CRUD, Record, :domain => {:permissions.outer => {:user_id => user.id}}
# can manage shared domains and records descendants
for domain in user.permitted_domains
can :manage, Domain, :name_reversed.matches => "#{domain.name_reversed}.%" # descendants
can :manage, Record, :domain => {:name_reversed.matches => "#{domain.name_reversed}.%"} # descendant's
can CRUD, Domain, :name_reversed.matches => "#{domain.name_reversed}.%" # descendants
can CRUD, Record, :domain => {:name_reversed.matches => "#{domain.name_reversed}.%"} # descendant's
end
end
# See the wiki for details: https://github.com/ryanb/cancan/wiki/Defining-Abilities
def action_aliases
alias_action :row, :show_search, :render_field, :to => :read
alias_action :update_column, :add_association, :edit_associated,
:edit_associated, :new_existing, :add_existing, :to => :edit
alias_action :delete, :destroy_existing, :to => :destroy
end
end

7
app/views/domains/_list_record_columns.html.erb

@ -11,7 +11,12 @@
</td>
<% elsif column.name == :permissions %>
<td class="<%= column_class(column, column_value, record) %>" >
<% column_value = 'Permissions (0)' if column_value == '-' %>
<%
if column_value == '-'
column_value = 'Permissions (0)'
authorized &&= can?(:crud_permissions, record)
end
%>
<%= authorized ? render_list_column(column_value, column, record) : column_value %>
</td>
<% else %>

Loading…
Cancel
Save