-
Notifications
You must be signed in to change notification settings - Fork 0
namespaces
zorec edited this page Dec 16, 2013
·
2 revisions
in config/routes.rb:
namespace :public do
# customers can update their profile
resource :customers, only: [:edit, :update] do
get 'public_options', on: :collection
end
# users can update their profile
resources :users, only: [:edit, :update]
# list all subscriptions at url /public
get '/' => 'subscription_orders#index', as: :root
endin app/controllers/application_controller.rb:
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
# everyone is authenticated
before_filter :authenticate_user!
rescue_from CanCan::AccessDenied do |exception|
redirect_to after_sign_in_path_for(current_user), :alert => exception.message
end
protected
def after_sign_in_path_for(user)
# depending on user access go to private / public section
if user.try(:spec_role?)
main_app.root_url
else
main_app.public_root_url
end
end
endfile app/controllers/public/resources_controller.rb:
module Public
# inherit from ::ResourcesController (do not use Public namespace which is implicit in this module)
class ResourcesController < ::ResourcesController
# public section uses different layout
layout "public"
end
endfile app/controllers/public/users_controller.rb:
module Public
# set specific actions for public users
class UsersController < Public::ResourcesController
actions :edit, :update
protected
def return_to_path
edit_resource_path
end
def update_resource(object, attributes)
attr = attributes.first
attr = attr.merge(password_confirmation: "") unless attr[:password_confirmation]
object.update_with_password(attr)
end
def edit_form
edit_form! do |form|
form.hide_fields(*(form.field_names - [:password, :password_confirmation]))
form.default_group.field :current_password, type: :password
end
end
end
endfile app/controllers/public/customers_controller.rb:
module Public
# set specific actions for public customers
class CustomersController < Public::ResourcesController
actions :edit, :update, :options
custom_actions collection: [:public_options]
# Users have no permissions to access customers unless they are paying subscription_order for them
#
def public_options
options!(
collection: collection.joins(:recives).where(subscriptions: { payer_id: current_user.customer.try(:id) || -1 })
)
end
protected
def return_to_path
edit_resource_path
end
def update_resource(object, attributes)
object.update_attributes(attributes.first.merge(user_validation: true))
end
def edit_form
edit_form! do |form|
form.hide_fields :ic, :recives, :tag_list, :selected, :importid
end
end
end
endDefinition ability of "customer" role (can edit ourself and see only subset of other Customers defined by public_options method:
can [:update], Customer, :id => user.customer_id
can [:update], User, :id => user.id
# options
can [:options], [Project, Task]
can [:public_options], [Customer]