From 26f66f8bff9ef9f056406a3190417eab087a21f4 Mon Sep 17 00:00:00 2001 From: Benjamin Cousaert Date: Mon, 15 Dec 2014 19:43:02 +0100 Subject: [PATCH] Add cancancan to admins --- app/controllers/admins_controller.rb | 2 ++ app/controllers/application_controller.rb | 5 +++++ app/models/ability.rb | 1 + app/views/devise/sessions/new.html.erb | 2 ++ 4 files changed, 10 insertions(+) diff --git a/app/controllers/admins_controller.rb b/app/controllers/admins_controller.rb index 7bfad91..6c6603a 100644 --- a/app/controllers/admins_controller.rb +++ b/app/controllers/admins_controller.rb @@ -1,6 +1,8 @@ require 'csv' class AdminsController < ApplicationController + def schulden + authorize! :schulden, :admins @users = User.all respond_to do |format| format.csv do diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 2e95090..6dc5891 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -4,6 +4,11 @@ class ApplicationController < ActionController::Base protect_from_forgery with: :exception before_action :configure_permitted_parameters, if: :devise_controller? + rescue_from CanCan::AccessDenied do |exception| + flash[:error] = exception.message + redirect_to root_path + end + def after_sign_in_path_for(resource) root_path end diff --git a/app/models/ability.rb b/app/models/ability.rb index 047c60f..04fd154 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -5,6 +5,7 @@ class Ability user ||= User.new # guest user (not logged in) if user.admin? can :manage, :all + can :schulden, :admins else can :read, :all end diff --git a/app/views/devise/sessions/new.html.erb b/app/views/devise/sessions/new.html.erb index 9cf8aa3..1938f1b 100644 --- a/app/views/devise/sessions/new.html.erb +++ b/app/views/devise/sessions/new.html.erb @@ -1,4 +1,6 @@

Sign in

+<%= render partial: 'flash' %> +
<%= form_for(resource, :as => resource_name, :url => session_path(resource_name)) do |f| %>