Refactor roles

app/controllers/admin/users_controller.rb

@@ -54,7 +54,6 @@ class Admin::UsersController < AdminController
   end
 
   def user_params
-    params.require(:user).permit(:username, :password, :identity_code, :email,
-                                 :role_id, :country_id)
+    params.require(:user).permit(:username, :password, :identity_code, :email, :country_id, { roles: [] })
   end
 end

app/models/ability.rb

@@ -1,72 +1,41 @@
 class Ability
   include CanCan::Ability
 
-  # rubocop: disable Metrics/MethodLength
-  # rubocop: disable Metrics/CyclomaticComplexity
   def initialize(user)
     alias_action :create, :read, :update, :destroy, to: :crud
 
-    user ||= User.new
+    @user = user || User.new
+    @user.roles.each { |role| send(role) } if @user.roles
 
-    admin_role = (user.role.try(:code) == 'admin')
-    user_role = (user.role.try(:code) == 'user')
-    customer_service_role = (user.role.try(:code) == 'customer_service')
-    no_role = user.role.nil?
-
-    if admin_role
-      can :manage, Domain
-      can :manage, Contact
-      can :manage, Registrar
-      can :manage, Setting
-      can :manage, ZonefileSetting
-      can :manage, DomainVersion
-      can :manage, User
-      can :manage, EppUser
-      can :manage, Keyrelay
-      can :manage, LegalDocument
-      can :read, ApiLog::EppLog
-      can :read, ApiLog::ReppLog
-      can :index, :delayed_job
-      can :create, :zonefile
-      can :access, :settings_menu
-    elsif customer_service_role
-      can :manage, Domain
-      can :manage, Contact
-      can :manage, Registrar
-    elsif user_role
-    elsif no_role
+    if @user.roles.nil? || @user.roles.empty?
       can :show, :dashboard
     end
-
-    can :show, :dashboard if user.persisted?
-
-    # Define abilities for the passed in user here. For example:
-    #
-    #   user ||= User.new # guest user (not logged in)
-    #   if user.admin?
-    #     can :manage, :all
-    #   else
-    #     can :read, :all
-    #   end
-    #
-    # The first argument to `can` is the action you are giving the user
-    # permission to do.
-    # If you pass :manage it will apply to every action. Other common actions
-    # here are :read, :create, :update and :destroy.
-    #
-    # The second argument is the resource the user can perform the action on.
-    # If you pass :all it will apply to every resource. Otherwise pass a Ruby
-    # class of the resource.
-    #
-    # The third argument is an optional hash of conditions to further filter the
-    # objects.
-    # For example, here the user can only update published articles.
-    #
-    #   can :update, Article, :published => true
-    #
-    # See the wiki for details:
-    # https://github.com/ryanb/cancan/wiki/Defining-Abilities
   end
-  # rubocop: enable Metrics/MethodLength
-  # rubocop: enable Metrics/CyclomaticComplexity
+
+  def user
+    can :show, :dashboard
+  end
+
+  def customer_service
+    user
+    can :manage, Domain
+    can :manage, Contact
+    can :manage, Registrar
+  end
+
+  def admin
+    customer_service
+    can :manage, Setting
+    can :manage, ZonefileSetting
+    can :manage, DomainVersion
+    can :manage, User
+    can :manage, EppUser
+    can :manage, Keyrelay
+    can :manage, LegalDocument
+    can :read, ApiLog::EppLog
+    can :read, ApiLog::ReppLog
+    can :index, :delayed_job
+    can :create, :zonefile
+    can :access, :settings_menu
+  end
 end

app/models/right.rb

@@ -1,5 +0,0 @@
-class Right < ActiveRecord::Base
-  # rubocop: disable Rails/HasAndBelongsToMany
-  has_and_belongs_to_many :roles
-  # rubocop: enable Rails/HasAndBelongsToMany
-end

app/models/role.rb

@@ -1,12 +0,0 @@
-class Role < ActiveRecord::Base
-  has_many :users
-  # rubocop: disable Rails/HasAndBelongsToMany
-  has_and_belongs_to_many :rights
-  # rubocop: enbale Rails/HasAndBelongsToMany
-
-  validates :code, uniqueness: true
-
-  def to_s
-    code
-  end
-end

app/models/user.rb

@@ -6,7 +6,6 @@ class User < ActiveRecord::Base
   # After activisation, system should require to change temp password.
   # TODO: Estonian id validation
 
-  belongs_to :role
   belongs_to :country
 
   validates :username, :password, presence: true
@@ -16,6 +15,8 @@ class User < ActiveRecord::Base
 
   validate :validate_identity_code
 
+  ROLES = ['user', 'customer_service', 'admin']
+
   def to_s
     username
   end

app/views/admin/users/_form.haml

@@ -26,8 +26,8 @@
         = f.label :email
         = f.text_field(:email, class: 'form-control')
       .form-group
-        = f.label :role_id
-        = f.select(:role_id, Role.all.map {|x| [t(x.code), x.id] }, {}, { class: 'form-control selectize' })
+        = f.label :role
+        = select_tag 'user[roles][]', options_for_select(User::ROLES.map {|x| [t(x), x] }, @user.roles.try(:first)), class: 'form-control selectize'
 
   %hr
   .row

app/views/admin/users/index.haml

@@ -25,8 +25,8 @@
               %td= link_to(x, [:admin, x])
               %td= x.email
               %td= x.identity_code
-              - if x.role
-                %td= t(x.role)
+              - if x.roles
+                %td= t(x.roles.first)
               - else
                 %td
 .row

app/views/admin/users/show.haml

@@ -40,7 +40,7 @@
           %dd= @user.email
 
           %dt= t('role')
-          - if @user.role
-            %dd= t(@user.role)
+          - if @user.roles
+            %dd= t(@user.roles.first)
           - else
             %dd