Implement the cancan filters for diary entries
Access logic is not _entirely_ exported from the controller, unfortunately. For interface reasons, some actions which require admin have to be listed within the controller's deny_access method. This is required because, being a default-deny system, cancancan _cannot_ tell you the reason you were denied access; and so the "nice" feedback presenting next steps can't be gleaned from the exception
This commit is contained in:
Chris Flipse
parent
6b44a1976c
commit
5232914427
3 changed files with 64 additions and 11 deletions
|
|
@ -7,8 +7,16 @@ class Ability
|
|||
can :index, :site
|
||||
can [:permalink, :edit, :help, :fixthemap, :offline, :export, :about, :preview, :copyright, :key, :id, :welcome], :site
|
||||
|
||||
can [:list, :rss, :view, :comments], DiaryEntry
|
||||
|
||||
if user
|
||||
can :weclome, :site
|
||||
|
||||
can [:create, :edit, :comment, :subscribe, :unsubscribe], DiaryEntry
|
||||
|
||||
if user.administrator?
|
||||
can [:hide, :hidecomment], [DiaryEntry, DiaryComment]
|
||||
end
|
||||
end
|
||||
# Define abilities for the passed in user here. For example:
|
||||
#
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue