Merge pull request #2 from ZeusWPI/cancancan

Add ability of cancancan

app/controllers/application_controller.rb

@@ -2,4 +2,8 @@ class ApplicationController < ActionController::Base
   # Prevent CSRF attacks by raising an exception.
   # For APIs, you may want to use :null_session instead.
   protect_from_forgery with: :exception
+
+  rescue_from CanCan::AccessDenied do |exception|
+    redirect_to root_url, alert: exception.message
+  end
 end

app/models/ability.rb

@@ -0,0 +1,13 @@
+class Ability
+  include CanCan::Ability
+
+  def initialize(user)
+    user ||= User.new # guest user (not logged in)
+
+    if user.penning?
+      can :manage, :all
+    else
+      can :read, user, id: user.id
+    end
+  end
+end