Skip to content
This repository has been archived by the owner on Jun 27, 2023. It is now read-only.

Commit

Permalink
WIP As clean as possible
Browse files Browse the repository at this point in the history
  • Loading branch information
emcoding committed May 15, 2018
1 parent d00277c commit fa7a2ad
Showing 1 changed file with 10 additions and 57 deletions.
67 changes: 10 additions & 57 deletions app/models/ability.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,4 @@
# frozen_string_literal: true
# See the wiki for details:
# https://github.com/ryanb/cancan/wiki/Defining-Abilities

class Ability
include CanCan::Ability
Expand All @@ -24,7 +22,6 @@ def initialize(user)
can :crud, User, id: user.id
can :resend_confirmation_instruction, User, id: user.id
can :read, :mailing if signed_in?(user)
# TODO is this solid? || refactor
can :read, Mailing do |mailing|
mailing.recipient? user
end
Expand All @@ -33,47 +30,28 @@ def initialize(user)
# current_student
can :crud, Conference if user.current_student?

# team member

# supervisor
can :read, :users_info if user.supervisor?
# CHECK is this solid?
can :read_email, User do |other_user|
user.confirmed? && (supervises?(other_user, user) || !other_user.hide_email?)
end

# project submitter
can :crud, Project, submitter_id: user.id
can :use_as_template, Project do |project|
user == project.submitter && !project.season&.current?
end

# admin
if user.admin?
can :manage, :all
can :read_email, User if user.admin? # even when user marked email hidden # view helper
# add cannot's only; after this line
cannot :create, User # this only happens through GitHub
# only add what they cannot; the following should be redundant
# can [:read, :update, :destroy], User if user.admin?
# can :manage, User if user.admin? #including resending ?? check
# can :resend_confirmation_instruction, User if user.admin?
can :read_email, User if user.admin? # even when user marked email hidden # view helper #Todo check
# can :read, :users_info if user.admin?
# can :crud, Conference if user.admin?
# can :crud, :comments if user.admin? # TODO make this work for associations
end


### please don't read below this line - it's a mess
################# OLD FILE, # = moved to or rewritten above #############

# can :crud, User, id: user.id
# can :crud, User if user.admin?
# can :resend_confirmation_instruction, User, id: user.id
# can :resend_confirmation_instruction, User if user.admin?


# visibility of email address in user profile
# can :read_email, User, id: user.id if !user.hide_email?
# can :read_email, User if user.admin?
# Refactor note: split these over abilities
# can :read_email, User do |other_user|
# user.confirmed? && (supervises?(other_user, user) || !other_user.hide_email?)
# end
################# OLD FILE, # = moved to or rewritten above ############
# NOT everything moved yet #

can :crud, Team do |team|
user.admin? || signed_in?(user) && team.new_record? || on_team?(user, team)
Expand Down Expand Up @@ -115,34 +93,9 @@ def initialize(user)
user.admin? || (preference.team.students.include? user)
end

# can :crud, Conference if user.admin? || user.current_student?

# todo add mailing controller and view for users in their namespace, where applicable
# can :read, Mailing do |mailing|
# mailing.recipient? user
# end

# can :crud, :comments if user.admin?
# can :read, :users_info if user.admin? || user.supervisor?

# projects
can :crud, Project do |project|
user.admin? ||
(user.confirmed? && user == project.submitter)
end
can :use_as_template, Project do |project|
user == project.submitter && !project.season&.current?
end

# can :create, Project if user.confirmed?
# cannot :create, Project if !user.confirmed? # not copied over, same as the one before

# activities
# can :read, :feed_entry
# can :read, :mailing if signed_in?(user)

# applications
can :create, :application_draft if user.student? && user.application_drafts.in_current_season.none?

end # confirmed?
end # initializer

Expand Down

0 comments on commit fa7a2ad

Please sign in to comment.