diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index d83690e..3ea39cf 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -2,4 +2,8 @@ class ApplicationController < ActionController::Base # Prevent CSRF attacks by raising an exception. # For APIs, you may want to use :null_session instead. protect_from_forgery with: :exception + + rescue_from CanCan::AccessDenied do |exception| + redirect_to root_url, alert: exception.message + end end diff --git a/app/models/ability.rb b/app/models/ability.rb new file mode 100644 index 0000000..f04be4f --- /dev/null +++ b/app/models/ability.rb @@ -0,0 +1,13 @@ +class Ability + include CanCan::Ability + + def initialize(user) + user ||= User.new # guest user (not logged in) + + if user.penning? + can :manage, :all + else + can :read, user, id: user.id + end + end +end