2014-12-09 18:44:58 +00:00
|
|
|
class Ability
|
|
|
|
include CanCan::Ability
|
|
|
|
|
|
|
|
def initialize(user)
|
2015-09-14 18:26:16 +00:00
|
|
|
return unless user
|
2015-08-31 12:33:15 +00:00
|
|
|
|
2015-10-07 13:52:05 +00:00
|
|
|
can :read, Barcode
|
2015-09-20 19:21:18 +00:00
|
|
|
|
2014-12-09 18:44:58 +00:00
|
|
|
if user.admin?
|
|
|
|
can :manage, :all
|
2015-01-06 19:18:01 +00:00
|
|
|
elsif user.koelkast?
|
2015-09-21 06:23:43 +00:00
|
|
|
can :manage, Order do |order|
|
|
|
|
!order.try(:user).try(:private)
|
|
|
|
end
|
2015-09-18 13:46:11 +00:00
|
|
|
can :quickpay, User
|
2015-09-14 18:26:16 +00:00
|
|
|
else
|
2014-12-09 18:44:58 +00:00
|
|
|
can :read, :all
|
2015-08-31 12:33:15 +00:00
|
|
|
can :manage, User, id: user.id
|
2015-09-14 18:26:16 +00:00
|
|
|
can :create, Order do |order|
|
2015-08-31 13:10:13 +00:00
|
|
|
order.try(:user) == user
|
|
|
|
end
|
2015-09-14 18:26:16 +00:00
|
|
|
can :delete, Order do |order|
|
|
|
|
order.try(:user) == user && order.created_at > Rails.application.config.call_api_after.ago
|
|
|
|
end
|
2014-12-09 18:44:58 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|