Add cancancan to admins

2014-12-15 19:43:02 +01:00 · 2014-12-15 19:43:02 +01:00 · 26f66f8bff
parent ef5abb6324
commit 26f66f8bff
4 changed files with 10 additions and 0 deletions
--- a/app/controllers/admins_controller.rb
+++ b/app/controllers/admins_controller.rb
@ -1,6 +1,8 @@
 require 'csv'
 class AdminsController < ApplicationController
+
  def schulden
+    authorize! :schulden, :admins
    @users = User.all
    respond_to do |format|
      format.csv do
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -4,6 +4,11 @@ class ApplicationController < ActionController::Base
  protect_from_forgery with: :exception
  before_action :configure_permitted_parameters, if: :devise_controller?

+  rescue_from CanCan::AccessDenied do |exception|
+    flash[:error] = exception.message
+    redirect_to root_path
+  end
+
  def after_sign_in_path_for(resource)
    root_path
  end
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@ -5,6 +5,7 @@ class Ability
    user ||= User.new # guest user (not logged in)
    if user.admin?
      can :manage, :all
+      can :schulden, :admins
    else
      can :read, :all
    end
--- a/app/views/devise/sessions/new.html.erb
+++ b/app/views/devise/sessions/new.html.erb
@ -1,4 +1,6 @@
 <h2>Sign in</h2>
+<%= render partial: 'flash' %>
+
 <div class="sign-in">
  <%= form_for(resource, :as => resource_name, :url => session_path(resource_name)) do |f| %>