#1353 - Prasanna/Suganthi - Fixed Permissions in My account page

Gemfile.lock

@@ -43,6 +43,7 @@ GEM
     childprocess (0.3.5)
       ffi (~> 1.0, >= 1.0.6)
     chunky_png (1.2.6)
+    coderay (1.0.8)
     compass (0.12.2)
       chunky_png (~> 1.2)
       fssm (>= 0.2.7)
@@ -101,6 +102,7 @@ GEM
       mime-types (~> 1.16)
       treetop (~> 1.4.8)
     metaclass (0.0.1)
+    method_source (0.8.1)
     mime-types (1.16)
     mini_magick (1.3.2)
       subexec (~> 0.0.4)
@@ -118,6 +120,10 @@ GEM
     prawn-core (0.8.4)
     prawn-layout (0.8.4)
     prawn-security (0.8.4)
+    pry (0.9.10)
+      coderay (~> 1.0.5)
+      method_source (~> 0.8)
+      slop (~> 3.3.1)
     rack (1.2.5)
     rack-mount (0.6.14)
       rack (>= 1.0.0)
@@ -165,6 +171,7 @@ GEM
       libwebsocket (~> 0.1.3)
       multi_json (~> 1.0)
       rubyzip
+    slop (3.3.3)
     subexec (0.0.4)
     sunspot (1.1.0)
       escape (= 0.0.4)
@@ -211,6 +218,7 @@ DEPENDENCIES
   mocha
   pdf-reader (= 0.8.6)
   prawn (= 0.8.4)
+  pry
   rails (= 3.0.15)
   rake (= 0.8.7)
   rcov

app/controllers/advanced_search_controller.rb

@@ -7,7 +7,7 @@ def new
     @criteria_list = [SearchCriteria.new]
     @user = current_user
     @results = []
-    prepare_params_for_limited_access_user(@user) if @user.limited_access?
+    prepare_params_for_limited_access_user(@user) unless can? :view_all, Child
     render :index
   end
 
@@ -16,7 +16,7 @@ def index
     @forms = FormSection.by_order
     @aside = 'shared/sidebar_links'
     @user = current_user
-    prepare_params_for_limited_access_user(@user) if @user.limited_access?
+    prepare_params_for_limited_access_user(@user) unless can? :view_all, Child
     new_search = !params[:criteria_list]
     if new_search
       @criteria_list = [SearchCriteria.new]
@@ -61,18 +61,18 @@ def add_updated_by_filter params
 
   def add_created_at_filter params
     @criteria_list.push(SearchDateFilter.new({:field => "created_at",
-                                         :from_value => (self.class.nil_or_empty(params, :created_at_after_value) ? "*" : "#{params[:created_at_after_value]}T00:00:00Z"),
-                                         :to_value => (self.class.nil_or_empty(params, :created_at_before_value) ? "*" : "#{params[:created_at_before_value]}T00:00:00Z"),
-                                         :index => 1,
-                                         :join => "AND"})) if (!self.class.nil_or_empty(params, :created_at_after_value) || !self.class.nil_or_empty(params, :created_at_before_value))
+                                              :from_value => (self.class.nil_or_empty(params, :created_at_after_value) ? "*" : "#{params[:created_at_after_value]}T00:00:00Z"),
+                                              :to_value => (self.class.nil_or_empty(params, :created_at_before_value) ? "*" : "#{params[:created_at_before_value]}T00:00:00Z"),
+                                              :index => 1,
+                                              :join => "AND"})) if (!self.class.nil_or_empty(params, :created_at_after_value) || !self.class.nil_or_empty(params, :created_at_before_value))
   end
 
   def add_updated_at_filter params
     @criteria_list.push(SearchDateFilter.new({:field => "last_updated_at",
-                                         :from_value => (self.class.nil_or_empty(params, :updated_at_after_value) ? "*" : "#{params[:updated_at_after_value]}T00:00:00Z"),
-                                         :to_value => (self.class.nil_or_empty(params, :updated_at_before_value) ? "*" : "#{params[:updated_at_before_value]}T00:00:00Z"),
-                                         :index => 2,
-                                         :join => "AND"})) if (!self.class.nil_or_empty(params, :updated_at_after_value) || !self.class.nil_or_empty(params, :updated_at_before_value))
+                                              :from_value => (self.class.nil_or_empty(params, :updated_at_after_value) ? "*" : "#{params[:updated_at_after_value]}T00:00:00Z"),
+                                              :to_value => (self.class.nil_or_empty(params, :updated_at_before_value) ? "*" : "#{params[:updated_at_before_value]}T00:00:00Z"),
+                                              :index => 2,
+                                              :join => "AND"})) if (!self.class.nil_or_empty(params, :updated_at_after_value) || !self.class.nil_or_empty(params, :updated_at_before_value))
   end
 
   def add_search_criteria_if_none params

app/controllers/users_controller.rb

@@ -1,7 +1,7 @@
 class UsersController < ApplicationController
 
   before_filter :administrators_only, :except =>[:show, :edit, :update]
-  before_filter :set_permissions_params, :only => [ :update, :create ]
+  before_filter :set_permissions_params, :only => [:create ]
 
   def index
     @users = User.view("by_full_name")

app/views/layouts/application.html.erb

@@ -30,7 +30,7 @@
     <div class="logo">RapidFTR logo</div>
     <div class="links">
       <% unless current_user_name.nil? %>
-          Welcome <%= current_user_name %>, <%= link_with_confirm 'Logout', :logout %> | <%= link_with_confirm 'My Account', edit_user_path(User.find_by_user_name(current_user_name)) %> |
+          Welcome <%= current_user_name %>, <%= link_with_confirm 'Logout', :logout %> | <%= link_with_confirm 'My Account', user_path(User.find_by_user_name(current_user_name)) %> |
       <% end %>
       <%= link_with_confirm 'Contact & Help', contact_information_path("administrator")%>
     </div>

app/views/users/_editable_user.html.erb

@@ -1,104 +1,109 @@
 <script type="text/javascript" charset="utf-8">
 
-  function confirmBlacklisted() {
-    $(".devices :checkbox").each(function() {
-      if (this.checked && !this.defaultChecked)
-        return confirm('Are you sure you want to disable this device?');
-    });
-    return true;
-  }
+    function confirmBlacklisted() {
+        $(".devices :checkbox").each(function () {
+            if (this.checked && !this.defaultChecked)
+                return confirm('Are you sure you want to disable this device?');
+        });
+        return true;
+    }
 
-  function confirmDisable() {
-    var checkbox = $("#user_disabled")[0];
-    if (checkbox.checked && !checkbox.defaultChecked) {
-      return confirm('Are you sure you want to disable this user?');
+    function confirmDisable() {
+        var checkbox = $("#user_disabled")[0];
+        if (checkbox.checked && !checkbox.defaultChecked) {
+            return confirm('Are you sure you want to disable this user?');
+        }
+        return true;
     }
-    return true;
-  }
 
-  $(document).ready(function() {
-    $("form").submit(function() { return (confirmDisable() && confirmBlacklisted()); } );
-  });
+    $(document).ready(function () {
+        $("form").submit(function () {
+            return (confirmDisable() && confirmBlacklisted());
+        });
+    });
 </script>
 
-<%= form_for editable_user, :html => {:class=> ''} do |f| %>
-  <%= f.error_messages :header_tag => :h3 %>
-  <% trying_to_edit_ourself = editing_ourself?(editable_user) %>
+<%= form_for editable_user, :html => {:class => ''} do |f| %>
+    <%= f.error_messages :header_tag => :h3 %>
+    <% trying_to_edit_ourself = editing_ourself?(editable_user) %>
 
 
     <div class="mandate_panel"><span>*</span> marked fields are mandatory</div>
     <div class="clearfix"></div>
     <fieldset>
-    <p>
-      <%= f.label :full_name, "Full name", :class=>'key' %>
-      <%= f.text_field :full_name %>*
-    </p>
-
-    <p>
-      <%= f.label :user_name, :class=>'key'  %>
-      <%= f.text_field :user_name, :disabled => !editable_user.new_record? %>*
-      <span class="footnote">user name should not contain blanks</span>
-    </p>
-
-    <p>
-      <%= f.label :password, :class=>'key'  %>
-      <%= f.password_field :password %>*
-      <span class="footnote">password should not contain blanks</span>
-    </p>
-
-    <p>
-      <%= f.label :password_confirmation,"Re-enter password", :class=>'key'  %>
-      <%= f.password_field :password_confirmation %>*
-    </p>
-
-  <% if !trying_to_edit_ourself %>
-    <p><label class="key">User type</label>
-
-          <%= f.radio_button :user_type, "Administrator" %>
-          <%= f.label :user_type_administrator, "Administrator" %>
-
-
-          <%= f.radio_button :user_type, "User" %>
-          <%= f.label :user_type_user, "User" %>
-    </p>
-    <% end %>
-
-    <p>
-      <%= f.label :phone, :class=>'key'  %>
-      <%= f.text_field :phone %>
-    </p>
-    <p>
-      <%= f.label :email, :class=>'key'  %>
-      <%= f.text_field :email %>
-    </p>
-
-    <p>
-      <%= f.label :organisation, :class=>'key'  %>
-      <%= f.text_field :organisation, :disabled => !is_admin?%>
-    </p>
-
-    <p>
-      <%= f.label :position, :class=>'key'  %>
-      <%= f.text_field :position %>
-    </p>
-
-    <p>
-      <%= f.label :location, :class=>'key'  %>
-      <%= f.text_field :location %>
-    </p>
-
-    <% if !trying_to_edit_ourself %>
-        <p>
-          <%= f.label :disabled, "Disabled?", :class=>'key' %>
-          <%= f.check_box :disabled, {}, "true", "false" %>
-        </p>
-    <% end %>
-
+      <p>
+        <%= f.label :full_name, "Full name", :class => 'key' %>
+        <%= f.text_field :full_name %>*
+      </p>
+
+      <p>
+        <%= f.label :user_name, :class => 'key' %>
+        <%= f.text_field :user_name, :disabled => !editable_user.new_record? %>*
+        <span class="footnote">user name should not contain blanks</span>
+      </p>
+
+      <p>
+        <%= f.label :password, :class => 'key' %>
+        <%= f.password_field :password %>*
+        <span class="footnote">password should not contain blanks</span>
+      </p>
+
+      <p>
+        <%= f.label :password_confirmation, "Re-enter password", :class => 'key' %>
+        <%= f.password_field :password_confirmation %>*
+      </p>
+
+      <% if !trying_to_edit_ourself %>
+          <p><label class="key">User type</label>
+
+            <%= f.radio_button :user_type, "Administrator" %>
+            <%= f.label :user_type_administrator, "Administrator" %>
+
+
+            <%= f.radio_button :user_type, "User" %>
+            <%= f.label :user_type_user, "User" %>
+          </p>
+      <% end %>
+
+      <p>
+        <%= f.label :phone, :class => 'key' %>
+        <%= f.text_field :phone %>
+      </p>
+
+      <p>
+        <%= f.label :email, :class => 'key' %>
+        <%= f.text_field :email %>
+      </p>
+
+      <p>
+        <%= f.label :organisation, :class => 'key' %>
+        <%= f.text_field :organisation, :disabled => !is_admin? %>
+      </p>
+
+      <p>
+        <%= f.label :position, :class => 'key' %>
+        <%= f.text_field :position %>
+      </p>
+
+      <p>
+        <%= f.label :location, :class => 'key' %>
+        <%= f.text_field :location %>
+      </p>
+
+      <% if !trying_to_edit_ourself %>
+          <p>
+            <%= f.label :disabled, "Disabled?", :class => 'key' %>
+            <%= f.check_box :disabled, {}, "true", "false" %>
+          </p>
+      <% end %>
+
+      <%= f.hidden_field :permissions %>
     </fieldset>
 
-  <% if is_admin? %>
-  <%= render :partial => "devices", :object => editable_user.devices %>
-  <% end %>
-  <%= submit_button(editable_user.new_record? ? 'Create' : 'Update') %>
-  <%= cancel_button(users_path) %>
+    <% if is_admin? %>
+        <%= render :partial => "devices", :object => editable_user.devices %>
+    <% end %>
+    <%= submit_button(editable_user.new_record? ? 'Create' : 'Update') %>
+    <!--TODO: After we got the user object in the session replace the DB query with User object-->
+    <!--<%= cancel_button(user_path(User.find_by_user_name(current_user_name))) %>-->
 <% end %>

app/views/users/edit.html.erb

@@ -9,7 +9,7 @@
   <div class="side-tab-content">
     <h2><a href="#">List of Users</a> &gt; Edit an User</h2>
     <%= render :partial => "editable_user", :object => @user %>
-    <% unless !is_admin? %>
+    <% if is_admin? %>
         <%= render :partial => "mobile_login_history", :object => @user %>
     <% end %>
   </div>