2014-12-09 19:44:58 +01:00
|
|
|
class Ability
|
|
|
|
include CanCan::Ability
|
|
|
|
|
|
|
|
def initialize(user)
|
2015-09-14 20:26:16 +02:00
|
|
|
return unless user
|
2015-08-31 14:33:15 +02:00
|
|
|
|
2015-09-20 21:21:18 +02:00
|
|
|
can :from_barcode, Product
|
|
|
|
|
2014-12-09 19:44:58 +01:00
|
|
|
if user.admin?
|
|
|
|
can :manage, :all
|
2015-01-06 20:18:01 +01:00
|
|
|
elsif user.koelkast?
|
|
|
|
can :manage, Order
|
2015-09-18 15:46:11 +02:00
|
|
|
can :quickpay, User
|
2015-09-14 20:26:16 +02:00
|
|
|
else
|
2014-12-09 19:44:58 +01:00
|
|
|
can :read, :all
|
2015-08-31 14:33:15 +02:00
|
|
|
can :manage, User, id: user.id
|
2015-09-14 20:26:16 +02:00
|
|
|
can :create, Order do |order|
|
2015-08-31 15:10:13 +02:00
|
|
|
order.try(:user) == user
|
|
|
|
end
|
2015-09-14 20:26:16 +02:00
|
|
|
can :delete, Order do |order|
|
|
|
|
order.try(:user) == user && order.created_at > Rails.application.config.call_api_after.ago
|
|
|
|
end
|
2014-12-09 19:44:58 +01:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|