first cancan
This commit is contained in:
@@ -3,16 +3,17 @@ class ApplicationController < ActionController::Base
|
||||
#before_action :check_installation
|
||||
protect_from_forgery with: :exception
|
||||
|
||||
helper_method :current_company,:current_login_employee
|
||||
|
||||
helper_method :current_company,:current_login_employee,:current_user
|
||||
# alias_method :current_user, :current_login_employee,:current_user
|
||||
#this is base api base controller to need to inherit.
|
||||
#all token authentication must be done here
|
||||
#response format must be set to JSON
|
||||
|
||||
# rescue_from CanCan::AccessDenied do |exception|
|
||||
# flash[:warning] = exception.message
|
||||
# redirect_to root_path
|
||||
# end
|
||||
|
||||
rescue_from CanCan::AccessDenied do |exception|
|
||||
flash[:warning] = exception.message
|
||||
redirect_to root_path
|
||||
end
|
||||
|
||||
def current_user
|
||||
@current_user ||= Employee.find_by_token_session(session[:session_token]) if session[:session_token]
|
||||
|
||||
@@ -5,5 +5,14 @@ class BaseOrigamiController < ActionController::Base
|
||||
#before_action :check_installation
|
||||
protect_from_forgery with: :exception
|
||||
|
||||
rescue_from CanCan::AccessDenied do |exception|
|
||||
flash[:warning] = exception.message
|
||||
redirect_to root_path
|
||||
end
|
||||
|
||||
def current_user
|
||||
@current_user ||= Employee.find_by_token_session(session[:session_token]) if session[:session_token]
|
||||
end
|
||||
|
||||
|
||||
end
|
||||
|
||||
@@ -1,8 +1,6 @@
|
||||
class Origami::CustomersController < BaseOrigamiController
|
||||
#Form to add customer -
|
||||
load_and_authorize_resource
|
||||
def index
|
||||
|
||||
|
||||
end
|
||||
|
||||
# GET /crm/customers/1
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
class Origami::RequestBillsController < BaseOrigamiController
|
||||
load_and_authorize_resource
|
||||
# Print Request Bill and add to sale tables
|
||||
def print
|
||||
@sale = Sale.new
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
class Settings::EmployeesController < ApplicationController
|
||||
# load_and_authorize_resource
|
||||
load_and_authorize_resource
|
||||
before_action :set_employee, only: [:show, :edit, :update, :destroy]
|
||||
|
||||
|
||||
|
||||
@@ -4,20 +4,22 @@ class Ability
|
||||
def initialize(user)
|
||||
user ||= Employee.new
|
||||
|
||||
if user.role? :administrator
|
||||
if user.role == "administrator"
|
||||
|
||||
can :manage, :all
|
||||
|
||||
elsif user.role? :cashier
|
||||
elsif user.role == "cashier"
|
||||
|
||||
can :read, Order
|
||||
can :update, Order
|
||||
can :completed_order_item, Order
|
||||
|
||||
can :read, Sale
|
||||
can :update, Sale
|
||||
|
||||
can :add_customer, Customer
|
||||
can :update_sale_by_customer, Customer
|
||||
|
||||
elsif user.role? :accountant
|
||||
elsif user.role == "accountant"
|
||||
|
||||
can :read, Order
|
||||
can :update, Order
|
||||
@@ -28,6 +30,5 @@ class Ability
|
||||
can :manual_complete_sale, Sale
|
||||
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user