From 2e1d0bfead1ad7eaed9e017706e7014c69c8a324 Mon Sep 17 00:00:00 2001 From: gerson Date: Mon, 30 Apr 2018 15:27:30 -0500 Subject: [PATCH 1/5] add gem cancancan --- Gemfile | 1 + Gemfile.lock | 2 ++ 2 files changed, 3 insertions(+) diff --git a/Gemfile b/Gemfile index 4bec89c..d736319 100644 --- a/Gemfile +++ b/Gemfile @@ -12,6 +12,7 @@ gem 'rails_admin', '~> 1.3' gem 'turbolinks', '~> 5' gem 'tzinfo-data', platforms: %i[mri mingw x64_mingw jruby] gem 'uglifier', '>= 1.3.0' +gem 'cancancan', '~> 2.0' # frontend gem 'coffee-rails', '~> 4.2' diff --git a/Gemfile.lock b/Gemfile.lock index 63e86c6..e6b67fc 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -46,6 +46,7 @@ GEM bindex (0.5.0) builder (3.2.3) byebug (10.0.1) + cancancan (2.0.0) codeclimate-test-reporter (1.0.8) simplecov (<= 0.13) coderay (1.1.2) @@ -315,6 +316,7 @@ PLATFORMS DEPENDENCIES byebug + cancancan (~> 2.0) codeclimate-test-reporter (~> 1.0.0) coffee-rails (~> 4.2) devise (~> 4.4, >= 4.4.1) From 46f9bf3556bf7155d3d922c4f8252619972e8582 Mon Sep 17 00:00:00 2001 From: gerson Date: Mon, 30 Apr 2018 17:02:55 -0500 Subject: [PATCH 2/5] wip --- app/models/ability.rb | 32 ++++++++++++++++++++++++++++++ config/initializers/rails_admin.rb | 4 ++-- 2 files changed, 34 insertions(+), 2 deletions(-) create mode 100644 app/models/ability.rb diff --git a/app/models/ability.rb b/app/models/ability.rb new file mode 100644 index 0000000..bced285 --- /dev/null +++ b/app/models/ability.rb @@ -0,0 +1,32 @@ +class Ability + include CanCan::Ability + + def initialize(user) + # Define abilities for the passed in user here. For example: + # + # user ||= User.new # guest user (not logged in) + # if user.admin? + # can :manage, :all + # else + # can :read, :all + # end + # + # The first argument to `can` is the action you are giving the user + # permission to do. + # If you pass :manage it will apply to every action. Other common actions + # here are :read, :create, :update and :destroy. + # + # The second argument is the resource the user can perform the action on. + # If you pass :all it will apply to every resource. Otherwise pass a Ruby + # class of the resource. + # + # The third argument is an optional hash of conditions to further filter the + # objects. + # For example, here the user can only update published articles. + # + # can :update, Article, :published => true + # + # See the wiki for details: + # https://github.com/CanCanCommunity/cancancan/wiki/Defining-Abilities + end +end diff --git a/config/initializers/rails_admin.rb b/config/initializers/rails_admin.rb index 195ad75..0c86ced 100644 --- a/config/initializers/rails_admin.rb +++ b/config/initializers/rails_admin.rb @@ -9,8 +9,8 @@ config.current_user_method(&:current_user) ## == Cancan == - # config.authorize_with :cancan - + config.authorize_with :cancan + config.authorize_with :cancancan2 ## == Pundit == # config.authorize_with :pundit From 4043ecd0804db36ffcc23536772a1c0ebf5cd66d Mon Sep 17 00:00:00 2001 From: gerson Date: Mon, 30 Apr 2018 18:20:36 -0500 Subject: [PATCH 3/5] Create file Landings --- app/controllers/landings_controller.rb | 4 ++++ app/views/landings/home.html.erb | 1 + config/routes.rb | 1 + 3 files changed, 6 insertions(+) create mode 100644 app/controllers/landings_controller.rb create mode 100644 app/views/landings/home.html.erb diff --git a/app/controllers/landings_controller.rb b/app/controllers/landings_controller.rb new file mode 100644 index 0000000..89ec3a2 --- /dev/null +++ b/app/controllers/landings_controller.rb @@ -0,0 +1,4 @@ +class LandingsController < ApplicationController + def home + end +end diff --git a/app/views/landings/home.html.erb b/app/views/landings/home.html.erb new file mode 100644 index 0000000..1346fa3 --- /dev/null +++ b/app/views/landings/home.html.erb @@ -0,0 +1 @@ +

user

\ No newline at end of file diff --git a/config/routes.rb b/config/routes.rb index 75da32f..1004d44 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -2,5 +2,6 @@ mount RailsAdmin::Engine => '/admin', as: 'rails_admin' # For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html devise_for :users, controllers: { registrations: 'users/registrations' } + get 'home' => 'landings#home' root to: redirect('/admin') end From 9f9bb5b807be77be7032b2b86da2a4e5463150ff Mon Sep 17 00:00:00 2001 From: gerson Date: Mon, 30 Apr 2018 18:36:41 -0500 Subject: [PATCH 4/5] wip --- db/migrate/20180430233445_add_role_to_users.rb | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 db/migrate/20180430233445_add_role_to_users.rb diff --git a/db/migrate/20180430233445_add_role_to_users.rb b/db/migrate/20180430233445_add_role_to_users.rb new file mode 100644 index 0000000..e28fa0d --- /dev/null +++ b/db/migrate/20180430233445_add_role_to_users.rb @@ -0,0 +1,7 @@ +class AddRoleToUsers < ActiveRecord::Migration[5.1] + def change + # add_column :users, :role, :string + add_column :users, :superadmin_role, :boolean, default: false + add_column :users, :user_role, :boolean, default: true + end +end From 0de338063b7634f94486a19ac25d56daaf4f0c08 Mon Sep 17 00:00:00 2001 From: gerson Date: Mon, 30 Apr 2018 19:00:10 -0500 Subject: [PATCH 5/5] wip --- app/models/ability.rb | 9 +++++++++ config/initializers/rails_admin.rb | 2 +- db/migrate/20180430233445_add_role_to_users.rb | 1 + db/schema.rb | 5 ++++- 4 files changed, 15 insertions(+), 2 deletions(-) diff --git a/app/models/ability.rb b/app/models/ability.rb index bced285..7613fd1 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -2,6 +2,15 @@ class Ability include CanCan::Ability def initialize(user) + user ||= User.new # guest user (not logged in) + if user.superadmin_role? + can :manage, :all + can :access, :rails_admin # only allow admin users to access Rails Admin + can :dashboard # allow access to dashboard + end + if user.supervisor_role? + can :manage, User + end # Define abilities for the passed in user here. For example: # # user ||= User.new # guest user (not logged in) diff --git a/config/initializers/rails_admin.rb b/config/initializers/rails_admin.rb index 0c86ced..ed091d0 100644 --- a/config/initializers/rails_admin.rb +++ b/config/initializers/rails_admin.rb @@ -10,7 +10,7 @@ ## == Cancan == config.authorize_with :cancan - config.authorize_with :cancancan2 + #config.authorize_with :cancancan2 ## == Pundit == # config.authorize_with :pundit diff --git a/db/migrate/20180430233445_add_role_to_users.rb b/db/migrate/20180430233445_add_role_to_users.rb index e28fa0d..0c72f0f 100644 --- a/db/migrate/20180430233445_add_role_to_users.rb +++ b/db/migrate/20180430233445_add_role_to_users.rb @@ -2,6 +2,7 @@ class AddRoleToUsers < ActiveRecord::Migration[5.1] def change # add_column :users, :role, :string add_column :users, :superadmin_role, :boolean, default: false + add_column :users, :supervisor_role, :boolean, default: false add_column :users, :user_role, :boolean, default: true end end diff --git a/db/schema.rb b/db/schema.rb index b4d36d1..3f81faf 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20180426215918) do +ActiveRecord::Schema.define(version: 20180430233445) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -144,6 +144,9 @@ t.integer "failed_attempts", default: 0, null: false t.string "unlock_token" t.datetime "locked_at" + t.boolean "superadmin_role", default: false + t.boolean "supervisor_role", default: false + t.boolean "user_role", default: true t.index ["confirmation_token"], name: "index_users_on_confirmation_token", unique: true t.index ["email"], name: "index_users_on_email", unique: true t.index ["organization_id"], name: "index_users_on_organization_id"