cancancan permissions

2014-12-17 07:31:51 +01:00 · 2014-12-17 07:31:51 +01:00 · b0fec45150
commit b0fec45150
parent 26f66f8bff
3 changed files with 10 additions and 3 deletions
--- a/app/controllers/products_controller.rb
+++ b/app/controllers/products_controller.rb
@ -1,4 +1,6 @@
 class ProductsController < ApplicationController
+  load_and_authorize_resource
+
  def new
    @product = Product.new
  end
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -1,4 +1,6 @@
 class UsersController < ApplicationController
+  load_and_authorize_resource only: [:destroy]
+
  def show
    @user = User.find(params[:id])
    @orders = @user.orders.paginate(page: params[:page])
@ -17,7 +19,11 @@ class UsersController < ApplicationController
  def dagschotel
    user = User.find(params[:user_id])
    user.dagschotel = Product.find(params[:product_id])
-    user.save
+    if user.save
+      flash[:success] = "Succesfully removed user"
+    else
+      flash[:error] = "Error updating dagschotel"
+    end
    redirect_to edit_user_registration_path(user)
  end
 end
--- a/config/routes.rb
+++ b/config/routes.rb
@ -5,8 +5,7 @@ Rails.application.routes.draw do
  devise_for :users

  resources :users do
-    resources :orders, only: [:new, :create, :index] do
-    end
+    resources :orders, only: [:new, :create, :index]
    get 'quickpay' => 'orders#quickpay'
    get 'dagschotel/:product_id' => 'users#dagschotel', as: "dagschotel"
  end