diff --git a/app/controllers/admins_controller.rb b/app/controllers/admins_controller.rb index 6c6603a..96f8c66 100644 --- a/app/controllers/admins_controller.rb +++ b/app/controllers/admins_controller.rb @@ -3,7 +3,7 @@ class AdminsController < ApplicationController def schulden authorize! :schulden, :admins - @users = User.all + @users = User.members respond_to do |format| format.csv do headers['Content-Disposition'] = "attachment; filename=\"zeus-schulden\"" diff --git a/app/controllers/orders_controller.rb b/app/controllers/orders_controller.rb index f1ff050..10ff98e 100644 --- a/app/controllers/orders_controller.rb +++ b/app/controllers/orders_controller.rb @@ -1,6 +1,8 @@ class OrdersController < ApplicationController include OrdersHelper + load_and_authorize_resource + def new @user = User.find(params[:user_id]) @order = @user.orders.build @@ -26,8 +28,8 @@ class OrdersController < ApplicationController end def index - @users_by_name = User.all.order(:name) - @users_by_order = User.all.order(:orders_count).reverse_order + @users_by_name = User.members.order(:name) + @users_by_order = User.members.order(:orders_count).reverse_order end def quickpay diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 223e94e..7925696 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -7,7 +7,7 @@ class UsersController < ApplicationController end def index - @users = User.all + @users = User.members end def destroy diff --git a/app/models/ability.rb b/app/models/ability.rb index 04fd154..409f28b 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -6,6 +6,8 @@ class Ability if user.admin? can :manage, :all can :schulden, :admins + elsif user.koelkast? + can :manage, Order else can :read, :all end diff --git a/app/models/user.rb b/app/models/user.rb index 11f716e..b645505 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -39,6 +39,8 @@ class User < ActiveRecord::Base validates :password, length: { in: 8..128 }, confirmation: true, on: :create validates_attachment :avatar, presence: true, content_type: { content_type: ["image/jpeg", "image/gif", "image/png"] } + scope :members, -> { where koelkast: false } + def full_name "#{name} #{last_name}" end diff --git a/config/routes.rb b/config/routes.rb index 63b2998..d4b9f1c 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -1,9 +1,15 @@ Rails.application.routes.draw do - - root "orders#index" - devise_for :users + devise_scope :user do + authenticated :user do + root to: 'orders#index' + end + unauthenticated :user do + root to: 'devise/sessions#new', as: 'unauth_root' + end + end + resources :users do resources :orders, only: [:new, :create, :index] get 'quickpay' => 'orders#quickpay' diff --git a/db/migrate/20141217063222_add_koelkast_to_users.rb b/db/migrate/20141217063222_add_koelkast_to_users.rb new file mode 100644 index 0000000..755f6ab --- /dev/null +++ b/db/migrate/20141217063222_add_koelkast_to_users.rb @@ -0,0 +1,5 @@ +class AddKoelkastToUsers < ActiveRecord::Migration + def change + add_column :users, :koelkast, :boolean, default: false + end +end diff --git a/db/schema.rb b/db/schema.rb index 08ab3d3..7ca2d12 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20141210200008) do +ActiveRecord::Schema.define(version: 20141217063222) do create_table "order_products", force: true do |t| t.integer "order_id" @@ -48,9 +48,9 @@ ActiveRecord::Schema.define(version: 20141210200008) do t.string "nickname" t.datetime "created_at" t.datetime "updated_at" - t.string "encrypted_password", default: "", null: false + t.string "encrypted_password", default: "", null: false t.datetime "remember_created_at" - t.integer "sign_in_count", default: 0, null: false + t.integer "sign_in_count", default: 0, null: false t.datetime "current_sign_in_at" t.datetime "last_sign_in_at" t.string "current_sign_in_ip" @@ -62,6 +62,7 @@ ActiveRecord::Schema.define(version: 20141210200008) do t.integer "avatar_file_size" t.datetime "avatar_updated_at" t.integer "orders_count", default: 0 + t.boolean "koelkast", default: false end end