From 7f8c2bb8b9a716b04553f06b9ac9e76e1c972c53 Mon Sep 17 00:00:00 2001 From: Priit Tamboom Date: Wed, 8 Oct 2014 14:26:03 +0300 Subject: [PATCH 1/2] Added session and admin_session abilites --- app/models/ability.rb | 11 +++++++++-- app/views/layouts/login.haml | 8 +++++--- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/app/models/ability.rb b/app/models/ability.rb index 0eaa75c01..b1be05c0f 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -6,7 +6,12 @@ class Ability alias_action :create, :read, :update, :destroy, :to => :crud user ||= User.new - if Rails.env.development? || Rails.env.test? || (REGISTRY_ENV == :admin && user.admin?) + + # public user abilites + can :create, :session + + if (Rails.env.production? ? REGISTRY_ENV == :admin && user.admin? : user.admin?) + can :create, :admin_session can :manage, Domain can :switch, :registrar can :crud, DomainTransfer @@ -15,8 +20,10 @@ class Ability can :manage, Domain, registrar_id: user.registrar.id can :read, DomainTransfer, transfer_to_id: user.registrar.id can :read, DomainTransfer, transfer_from_id: user.registrar.id - can :approve_as_client, DomainTransfer, transfer_from_id: user.registrar.id, status: DomainTransfer::PENDING + can :approve_as_client, DomainTransfer, + transfer_from_id: user.registrar.id, status: DomainTransfer::PENDING end + # Define abilities for the passed in user here. For example: # # user ||= User.new # guest user (not logged in) diff --git a/app/views/layouts/login.haml b/app/views/layouts/login.haml index 8946e07fa..93634d9ae 100644 --- a/app/views/layouts/login.haml +++ b/app/views/layouts/login.haml @@ -21,6 +21,8 @@ %h2.form-signin-heading.text-center Eesti Interneti SA %hr / TODO: Refactor this when ID card login is done - = button_to 'ID card (gitlab)', 'sessions', class: 'btn btn-lg btn-primary btn-block', name: 'gitlab' - = button_to 'ID card (zone)', 'sessions', class: 'btn btn-lg btn-primary btn-block', name: 'zone' - = button_to 'ID card (elkdata)', 'sessions', class: 'btn btn-lg btn-primary btn-block', name: 'elkdata' + - if Rails.env.development? || (can? :create, :admin_session) + = button_to 'ID card (gitlab)', 'sessions', class: 'btn btn-lg btn-primary btn-block', name: 'gitlab' + - if can? :create, :session + = button_to 'ID card (zone)', 'sessions', class: 'btn btn-lg btn-primary btn-block', name: 'zone' + = button_to 'ID card (elkdata)', 'sessions', class: 'btn btn-lg btn-primary btn-block', name: 'elkdata' From d70457eb70aa852dc373ef0a2df102bae2fc1578 Mon Sep 17 00:00:00 2001 From: Priit Tamboom Date: Wed, 8 Oct 2014 14:40:09 +0300 Subject: [PATCH 2/2] Public user can create admin_session when :admin env --- app/models/ability.rb | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/app/models/ability.rb b/app/models/ability.rb index b1be05c0f..bd4e24dde 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -10,8 +10,11 @@ class Ability # public user abilites can :create, :session - if (Rails.env.production? ? REGISTRY_ENV == :admin && user.admin? : user.admin?) + if REGISTRY_ENV == :admin can :create, :admin_session + end + + if (Rails.env.production? ? REGISTRY_ENV == :admin && user.admin? : user.admin?) can :manage, Domain can :switch, :registrar can :crud, DomainTransfer