mirror of
https://github.com/internetee/registry.git
synced 2025-07-06 03:03:21 +02:00
Refactor roles
This commit is contained in:
parent
b527221baf
commit
b0eb6798b0
16 changed files with 155 additions and 223 deletions
|
@ -54,7 +54,6 @@ class Admin::UsersController < AdminController
|
|||
end
|
||||
|
||||
def user_params
|
||||
params.require(:user).permit(:username, :password, :identity_code, :email,
|
||||
:role_id, :country_id)
|
||||
params.require(:user).permit(:username, :password, :identity_code, :email, :country_id, { roles: [] })
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,72 +1,41 @@
|
|||
class Ability
|
||||
include CanCan::Ability
|
||||
|
||||
# rubocop: disable Metrics/MethodLength
|
||||
# rubocop: disable Metrics/CyclomaticComplexity
|
||||
def initialize(user)
|
||||
alias_action :create, :read, :update, :destroy, to: :crud
|
||||
|
||||
user ||= User.new
|
||||
@user = user || User.new
|
||||
@user.roles.each { |role| send(role) } if @user.roles
|
||||
|
||||
admin_role = (user.role.try(:code) == 'admin')
|
||||
user_role = (user.role.try(:code) == 'user')
|
||||
customer_service_role = (user.role.try(:code) == 'customer_service')
|
||||
no_role = user.role.nil?
|
||||
|
||||
if admin_role
|
||||
can :manage, Domain
|
||||
can :manage, Contact
|
||||
can :manage, Registrar
|
||||
can :manage, Setting
|
||||
can :manage, ZonefileSetting
|
||||
can :manage, DomainVersion
|
||||
can :manage, User
|
||||
can :manage, EppUser
|
||||
can :manage, Keyrelay
|
||||
can :manage, LegalDocument
|
||||
can :read, ApiLog::EppLog
|
||||
can :read, ApiLog::ReppLog
|
||||
can :index, :delayed_job
|
||||
can :create, :zonefile
|
||||
can :access, :settings_menu
|
||||
elsif customer_service_role
|
||||
can :manage, Domain
|
||||
can :manage, Contact
|
||||
can :manage, Registrar
|
||||
elsif user_role
|
||||
elsif no_role
|
||||
if @user.roles.nil? || @user.roles.empty?
|
||||
can :show, :dashboard
|
||||
end
|
||||
|
||||
can :show, :dashboard if user.persisted?
|
||||
|
||||
# Define abilities for the passed in user here. For example:
|
||||
#
|
||||
# user ||= User.new # guest user (not logged in)
|
||||
# if user.admin?
|
||||
# can :manage, :all
|
||||
# else
|
||||
# can :read, :all
|
||||
# end
|
||||
#
|
||||
# The first argument to `can` is the action you are giving the user
|
||||
# permission to do.
|
||||
# If you pass :manage it will apply to every action. Other common actions
|
||||
# here are :read, :create, :update and :destroy.
|
||||
#
|
||||
# The second argument is the resource the user can perform the action on.
|
||||
# If you pass :all it will apply to every resource. Otherwise pass a Ruby
|
||||
# class of the resource.
|
||||
#
|
||||
# The third argument is an optional hash of conditions to further filter the
|
||||
# objects.
|
||||
# For example, here the user can only update published articles.
|
||||
#
|
||||
# can :update, Article, :published => true
|
||||
#
|
||||
# See the wiki for details:
|
||||
# https://github.com/ryanb/cancan/wiki/Defining-Abilities
|
||||
end
|
||||
# rubocop: enable Metrics/MethodLength
|
||||
# rubocop: enable Metrics/CyclomaticComplexity
|
||||
|
||||
def user
|
||||
can :show, :dashboard
|
||||
end
|
||||
|
||||
def customer_service
|
||||
user
|
||||
can :manage, Domain
|
||||
can :manage, Contact
|
||||
can :manage, Registrar
|
||||
end
|
||||
|
||||
def admin
|
||||
customer_service
|
||||
can :manage, Setting
|
||||
can :manage, ZonefileSetting
|
||||
can :manage, DomainVersion
|
||||
can :manage, User
|
||||
can :manage, EppUser
|
||||
can :manage, Keyrelay
|
||||
can :manage, LegalDocument
|
||||
can :read, ApiLog::EppLog
|
||||
can :read, ApiLog::ReppLog
|
||||
can :index, :delayed_job
|
||||
can :create, :zonefile
|
||||
can :access, :settings_menu
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,5 +0,0 @@
|
|||
class Right < ActiveRecord::Base
|
||||
# rubocop: disable Rails/HasAndBelongsToMany
|
||||
has_and_belongs_to_many :roles
|
||||
# rubocop: enable Rails/HasAndBelongsToMany
|
||||
end
|
|
@ -1,12 +0,0 @@
|
|||
class Role < ActiveRecord::Base
|
||||
has_many :users
|
||||
# rubocop: disable Rails/HasAndBelongsToMany
|
||||
has_and_belongs_to_many :rights
|
||||
# rubocop: enbale Rails/HasAndBelongsToMany
|
||||
|
||||
validates :code, uniqueness: true
|
||||
|
||||
def to_s
|
||||
code
|
||||
end
|
||||
end
|
|
@ -6,7 +6,6 @@ class User < ActiveRecord::Base
|
|||
# After activisation, system should require to change temp password.
|
||||
# TODO: Estonian id validation
|
||||
|
||||
belongs_to :role
|
||||
belongs_to :country
|
||||
|
||||
validates :username, :password, presence: true
|
||||
|
@ -16,6 +15,8 @@ class User < ActiveRecord::Base
|
|||
|
||||
validate :validate_identity_code
|
||||
|
||||
ROLES = ['user', 'customer_service', 'admin']
|
||||
|
||||
def to_s
|
||||
username
|
||||
end
|
||||
|
|
|
@ -26,8 +26,8 @@
|
|||
= f.label :email
|
||||
= f.text_field(:email, class: 'form-control')
|
||||
.form-group
|
||||
= f.label :role_id
|
||||
= f.select(:role_id, Role.all.map {|x| [t(x.code), x.id] }, {}, { class: 'form-control selectize' })
|
||||
= f.label :role
|
||||
= select_tag 'user[roles][]', options_for_select(User::ROLES.map {|x| [t(x), x] }, @user.roles.try(:first)), class: 'form-control selectize'
|
||||
|
||||
%hr
|
||||
.row
|
||||
|
|
|
@ -25,8 +25,8 @@
|
|||
%td= link_to(x, [:admin, x])
|
||||
%td= x.email
|
||||
%td= x.identity_code
|
||||
- if x.role
|
||||
%td= t(x.role)
|
||||
- if x.roles
|
||||
%td= t(x.roles.first)
|
||||
- else
|
||||
%td
|
||||
.row
|
||||
|
|
|
@ -40,7 +40,7 @@
|
|||
%dd= @user.email
|
||||
|
||||
%dt= t('role')
|
||||
- if @user.role
|
||||
%dd= t(@user.role)
|
||||
- if @user.roles
|
||||
%dd= t(@user.roles.first)
|
||||
- else
|
||||
%dd
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue