diff --git a/app/models/ability.rb b/app/models/ability.rb index c898119ab..5eb042d99 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -1,6 +1,4 @@ # frozen_string_literal: true -# See the wiki for details: -# https://github.com/ryanb/cancan/wiki/Defining-Abilities class Ability include CanCan::Ability @@ -24,7 +22,6 @@ def initialize(user) can :crud, User, id: user.id can :resend_confirmation_instruction, User, id: user.id can :read, :mailing if signed_in?(user) - # TODO is this solid? || refactor can :read, Mailing do |mailing| mailing.recipient? user end @@ -33,47 +30,28 @@ def initialize(user) # current_student can :crud, Conference if user.current_student? - # team member - # supervisor can :read, :users_info if user.supervisor? - # CHECK is this solid? can :read_email, User do |other_user| user.confirmed? && (supervises?(other_user, user) || !other_user.hide_email?) end + # project submitter + can :crud, Project, submitter_id: user.id + can :use_as_template, Project do |project| + user == project.submitter && !project.season&.current? + end # admin if user.admin? can :manage, :all + can :read_email, User if user.admin? # even when user marked email hidden # view helper + # add cannot's only; after this line cannot :create, User # this only happens through GitHub - # only add what they cannot; the following should be redundant - # can [:read, :update, :destroy], User if user.admin? - # can :manage, User if user.admin? #including resending ?? check - # can :resend_confirmation_instruction, User if user.admin? - can :read_email, User if user.admin? # even when user marked email hidden # view helper #Todo check - # can :read, :users_info if user.admin? - # can :crud, Conference if user.admin? - # can :crud, :comments if user.admin? # TODO make this work for associations end - - ### please don't read below this line - it's a mess - ################# OLD FILE, # = moved to or rewritten above ############# - - # can :crud, User, id: user.id - # can :crud, User if user.admin? - # can :resend_confirmation_instruction, User, id: user.id - # can :resend_confirmation_instruction, User if user.admin? - - - # visibility of email address in user profile - # can :read_email, User, id: user.id if !user.hide_email? - # can :read_email, User if user.admin? - # Refactor note: split these over abilities - # can :read_email, User do |other_user| - # user.confirmed? && (supervises?(other_user, user) || !other_user.hide_email?) - # end + ################# OLD FILE, # = moved to or rewritten above ############ + # NOT everything moved yet # can :crud, Team do |team| user.admin? || signed_in?(user) && team.new_record? || on_team?(user, team) @@ -115,34 +93,9 @@ def initialize(user) user.admin? || (preference.team.students.include? user) end - # can :crud, Conference if user.admin? || user.current_student? - - # todo add mailing controller and view for users in their namespace, where applicable - # can :read, Mailing do |mailing| - # mailing.recipient? user - # end - - # can :crud, :comments if user.admin? - # can :read, :users_info if user.admin? || user.supervisor? - - # projects - can :crud, Project do |project| - user.admin? || - (user.confirmed? && user == project.submitter) - end - can :use_as_template, Project do |project| - user == project.submitter && !project.season&.current? - end - - # can :create, Project if user.confirmed? - # cannot :create, Project if !user.confirmed? # not copied over, same as the one before - - # activities - # can :read, :feed_entry - # can :read, :mailing if signed_in?(user) - # applications can :create, :application_draft if user.student? && user.application_drafts.in_current_season.none? + end # confirmed? end # initializer