Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- class Ability
- include CanCan::Ability
- # alias_action :index, :show, :to => :read
- # alias_action :new, :to => :create
- # alias_action :edit, :to => :update
- def initialize(user)
- user ||= require_login
- if user.role? :admin
- can :manage, :all
- end
- if user.role? :moderator
- can :manage, :all
- end
- if user.role? :user
- can :read, :all
- can :create, :all
- can :destroy, :all do |obj_class, obj|
- obj.try(:user) == user
- 3.minutes.ago <= obj.created_at
- end
- can :update, :all do |obj_class, obj|
- obj.try(:user) == user
- 3.minutes.ago <= obj.created_at
- end
- can :destroy, UserSession do |us|
- user == us.try(:user)
- end
- cannot :create, UserSession
- cannot :create, User
- cannot :destroy, User
- end
- if user.role? :guest
- can :read, :all
- can :create, UserSession
- cannot :destroy, UserSession
- can :create, User
- end
- end
- # private
- # def require_login
- # login_as_trial_user unless current_user_session
- # end
- #
- # def login_as_trial_user
- # #I don't want to use the method form here, I want it in app_controller, and I want using session[:session_id]
- # #instead of rand and shit
- # name = "anonymous_#{rand}_#{Time.now}_#{rand}"
- # if User.find_by_username(name)
- # UserSession.create(User.find_by_username(name),true)
- # else
- # guest_role = User.create(:username => name, :password => name, :password_confirmation => name, :role => "guest", :email => "change@this.com")
- # UserSession.create(guest_role, true)
- # end
- # @current_user_session = UserSession.find
- # guest_role
- # end
- end
Add Comment
Please, Sign In to add comment
