tap/app/models/ability.rb

class Ability
  include CanCan::Ability

  def initialize(user)
    return unless user

    can :from_barcode, Product

    if user.admin?
      can :manage, :all
    elsif user.koelkast?
      can :manage, Order
      can :quickpay, User
    else
      can :read, :all
      can :manage, User, id: user.id
      can :create, Order do |order|
        order.try(:user) == user
      end
      can :delete, Order do |order|
        order.try(:user) == user && order.created_at > Rails.application.config.call_api_after.ago
      end
    end
  end
end
Add cancan, fix header, add admins 2014-12-09 18:44:58 +00:00			`class Ability`
			`include CanCan::Ability`

			`def initialize(user)`
Refactor 2015-09-14 18:26:16 +00:00			`return unless user`
Remove debt from tab and refactor some code 2015-08-31 12:33:15 +00:00
Use barcode to create new order 2015-09-20 19:21:18 +00:00			`can :from_barcode, Product`

Add cancan, fix header, add admins 2014-12-09 18:44:58 +00:00			`if user.admin?`
			`can :manage, :all`
Add koelkast to users 2015-01-06 19:18:01 +00:00			`elsif user.koelkast?`
			`can :manage, Order`
place extra ability 2015-09-18 13:46:11 +00:00			`can :quickpay, User`
Refactor 2015-09-14 18:26:16 +00:00			`else`
Add cancan, fix header, add admins 2014-12-09 18:44:58 +00:00			`can :read, :all`
Remove debt from tab and refactor some code 2015-08-31 12:33:15 +00:00			`can :manage, User, id: user.id`
Refactor 2015-09-14 18:26:16 +00:00			`can :create, Order do \|order\|`
Fix authorization for orders using cancancan 2015-08-31 13:10:13 +00:00			`order.try(:user) == user`
			`end`
Refactor 2015-09-14 18:26:16 +00:00			`can :delete, Order do \|order\|`
			`order.try(:user) == user && order.created_at > Rails.application.config.call_api_after.ago`
			`end`
Add cancan, fix header, add admins 2014-12-09 18:44:58 +00:00			`end`
			`end`
			`end`