I am trying to allow users with role "corporate" to access their own company. Currently a user with that role gets blocked.
If i login as admin or change the access control to allow all, it works fine. The issue is pertaining to Corporate user role having a company.
here is all the code http://pastie.org/672733
User controller
class UsersController < ApplicationController
# GET /users
# GET /users.xml
before_filter :load_user_index, :only => ['index' ]
access_control do
allow :admin
end
before_filter :load_user, :only => ['show', 'destroy', 'edit' ]
access_control do
allow :admin
end
before_filter :load_user_manage, :only => [ 'create', 'new', 'update', 'destroy' ]
access_control do
allow :admin
end
def index
respond_to do |format|
format.html # index.html.erb
format.xml { render :xml => @users }
end
end
# GET /users/1
# GET /users/1.xml
def show
respond_to do |format|
format.html # show.html.erb
format.xml { render :xml => @user }
end
end
# GET /users/new
# GET /users/new.xml
def new
respond_to do |format|
format.html # new.html.erb
format.xml { render :xml => @user }
end
end
# GET /users/1/edit
def edit
end
# POST /users
# POST /users.xml
def create
respond_to do |format|
if @user.role == "Admin"
@user.has_role! :admin
end
if @user.role == "Corporate"
@user.has_role!(:corporate, @company)
end
if @user.role == "Regional"
@user.has_role!(:regional, @company)
end
if @user.save
flash[:notice] = "User #{@user.username} was successfully created."
format.html { redirect_to(:action =>'index') }
format.xml { render :xml => @user, :status => :created, :location => @user }
else
format.html { render :action => "new" }
format.xml { render :xml => @user.errors,
:status => :unprocessable_entity }
end
end
end
# PUT /users/1
# PUT /users/1.xml
def update
respond_to do |format|
if @user.update_attributes(params[:user])
flash[:notice] = 'User #{@user.username} was successfully updated.'
format.html { redirect_to(:action =>'index') }
format.xml { head :ok }
else
format.html { render :action => "edit" }
format.xml { render :xml => @user.errors, :status => :unprocessable_entity }
end
end
end
# DELETE /users/1
# DELETE /users/1.xml
def destroy
begin
@user.destroy
flash[:notice] = "User #{@user.username} deleted"
rescue Exception => e
flash[:notice] = e.message
end
respond_to do |format|
format.html { redirect_to(users_url) }
format.xml { head :ok }
end
end
private
def load_user
@company = Company.find(params[:company_id])
@user = User.find(params[:id])
end
def load_user_index
@company = Company.find(params[:company_id])
@users = @company.users
end
def load_user_manage
@company = Company.find(params[:company_id])
@user = @company.users.build(params[:user])
end
end
Application controller
def current_user
@current_user ||= User.find(session[:user_id])
end
Company Controller
class CompaniesController < ApplicationController
# GET /companies
# GET /companies.xml
before_filter :load_company_index, :only => ['index']
access_control do
allow :admin
end
before_filter :load_company, :only => ["show", "edit", "update", "create", "new", "destroy"]
access_control do
allow :admin
allow :corporate, :of => :company, :to => ["show", "edit", "update", "create", "new", "destroy"]
end
def index
respond_to do |format|
format.html # index.html.erb
format.xml { render :xml => @companies }
end
end
# GET /companies/1
# GET /companies/1.xml
def show
respond_to do |format|
format.html # show.html.erb
format.xml { render :xml => @company }
end
end
# GET /companies/new
# GET /companies/new.xml
def new
@company = Company.new
respond_to do |format|
format.html # new.html.erb
format.xml { render :xml => @company }
end
end
# GET /companies/1/edit
def edit
end
# POST /companies
# POST /companies.xml
def create
@company = Company.new(params[:company])
respond_to do |format|
if @company.save
flash[:notice] = 'Company was successfully created.'
format.html { redirect_to(@company) }
format.xml { render :xml => @company, :status => :created, :location => @company }
else
format.html { render :action => "new" }
format.xml { render :xml => @company.errors, :status => :unprocessable_entity }
end
end
end
# PUT /companies/1
# PUT /companies/1.xml
def update
respond_to do |format|
if @company.update_attributes(params[:company])
flash[:notice] = 'Company was successfully updated.'
format.html { redirect_to(@company) }
format.xml { head :ok }
else
format.html { render :action => "edit" }
format.xml { render :xml => @company.errors, :status => :unprocessable_entity }
end
end
end
# DELETE /companies/1
# DELETE /companies/1.xml
def destroy
@company.destroy
respond_to do |format|
format.html { redirect_to(companies_url) }
format.xml { head :ok }
end
end
private
def load_company
@company = Company.find(params[:id])
end
def load_company_index
@companies = Company.find(:all)
end
end