diff --git a/app/controllers/members_controller.rb b/app/controllers/members_controller.rb index f731b87..cfd81bd 100644 --- a/app/controllers/members_controller.rb +++ b/app/controllers/members_controller.rb @@ -6,9 +6,12 @@ class MembersController < ApplicationController end def show + authorize @member + render "settings" end def edit + authorize @member end def settings @@ -26,6 +29,7 @@ class MembersController < ApplicationController end def update + authorize @member if @member.update(member_params) redirect_to @member, notice: "Member was successfully updated." else diff --git a/app/models/member.rb b/app/models/member.rb index ce9c005..8ffff6d 100644 --- a/app/models/member.rb +++ b/app/models/member.rb @@ -30,7 +30,9 @@ class Member < ApplicationRecord end def admin? - email == "torsten@villataika.fi" + ["torsten@villataika.fi" , "info@hubfeenix.fi" , + "hannaholma@gmail.com" , "maijanposteja@gmail.com", + ].include?(email) end alias :admin :admin? end diff --git a/app/policies/admin_policy.rb b/app/policies/admin_policy.rb new file mode 100644 index 0000000..a843f83 --- /dev/null +++ b/app/policies/admin_policy.rb @@ -0,0 +1,11 @@ +# allows to edit/detroy own data +# which can be viewed by anyone +class AdminPolicy < ApplicationPolicy + def edit? + member.admin? + end + alias :update? :edit? + alias :show? :edit? + alias :destroy? :edit? + +end diff --git a/app/policies/member_policy.rb b/app/policies/member_policy.rb index cbf787e..7b86606 100644 --- a/app/policies/member_policy.rb +++ b/app/policies/member_policy.rb @@ -1,4 +1,13 @@ -class MemberPolicy < EditOwnPolicy +class MemberPolicy < AdminPolicy + + def update? + return true if member.admin? + owner? + end + + def owner? + member == record.member + end class Scope < Scope end diff --git a/app/views/members/settings.haml b/app/views/members/settings.haml index fab107a..95e47f8 100644 --- a/app/views/members/settings.haml +++ b/app/views/members/settings.haml @@ -45,13 +45,12 @@ - if profile = @member.profile(kind) %div= render "#{kind}_profile" , profile: profile - -if (events = @member.future_events).length > 0 - - events.each do |event| - %div - = render "events/event_small" , event: event - =link_to event_path(event) do - %button.ml-10.mr-5.inline-block.rounded-lg.px-4.py-2.text-md.font-medium.border.border-gray-400 - View - = link_to edit_event_path(event) do - %button.bg-cyan-200.mr-3.inline-block.rounded-lg.px-4.py-2.text-md.font-medium.border.border-gray-400 - Edit + - @member.future_events.each do |event| + %div + = render "events/event_small" , event: event + =link_to event_path(event) do + %button.ml-10.mr-5.inline-block.rounded-lg.px-4.py-2.text-md.font-medium.border.border-gray-400 + View + = link_to edit_event_path(event) do + %button.bg-cyan-200.mr-3.inline-block.rounded-lg.px-4.py-2.text-md.font-medium.border.border-gray-400 + Edit diff --git a/app/views/members/show.html.haml b/app/views/members/show.html.haml deleted file mode 100644 index 7da4fef..0000000 --- a/app/views/members/show.html.haml +++ /dev/null @@ -1,53 +0,0 @@ -%section.mx-20 - .flex.justify-center - .px-4.py-4.md:py-10.lg:py-16.mx-5.md:mx-12.lg:mx-20.text-center - %h1.text-2xl.font-bold.tracking-tight.sm:text-4xl - Settings and profiles - %h4.text-xl.mt-4.md:text-2xl - View and edit your profiles, and change settings -.grid.grid-cols-1.mx-8.gap-8.md:grid-cols-2.mx-12.gap-12.lg:grid-cols-3.mx-16.gap-16 - .flex.flex-col.justify-between - %h3.text-2xl.bg-gray-200.p-4.text-center Settings - .flex.justify-beteen.flex-wrap - = form_tag( destroy_member_session_path , {method: :delete } ) do - %button.m-4.bg-cyan-200.mr-3.inline-block.rounded-lg.px-4.py-3.text-md.font-medium.border.border-gray-400{type: :submit} - Sign out - = link_to edit_member_registration_path do - %button.m-4.bg-cyan-200.mr-3.inline-block.rounded-lg.px-4.py-3.text-md.font-medium.border.border-gray-400{type: :submit} - Change Password - = link_to members_edit_email_path do - %button.m-4.bg-cyan-200.mr-3.inline-block.rounded-lg.px-4.py-3.text-md.font-medium.border.border-gray-400{type: :submit} - Change Email - .grid.grid-cols-6.gap-4.mt-10.mx-10 - -@member.entities.each do |entity| - %div= entity.type - %div= entity.name - %div= entity.value - - - Profile.kinds.each do |kind| - - if profile = @member.profile(kind) - %div= render "#{kind}_profile" , profile: profile - - %div - %h3.text-2xl.bg-gray-200.p-4.text-center Profiles - - unless @member.artist_profile - = link_to new_profile_path(kind: :artist) do - %button.bg-cyan-200.mr-3.inline-block.rounded-lg.px-4.py-3.text-md.font-medium.border.border-gray-400 - Create Artist profile - .prose - Artists thats have a studio in Hub Feenix may create a profile that includes text and pictures. - - - unless @member.teacher_profile - = link_to new_profile_path(kind: :teacher) do - %button.bg-cyan-200.mr-3.inline-block.rounded-lg.px-4.py-3.text-md.font-medium.border.border-gray-400 - Create Teacher profile - .prose - Teachers, ie people who run courses or events at Hub Feenix, may create a profile with text and picture and a homepage. - Teachers may create Events that will be shown in the event list. - - - unless @member.member_profile - = link_to new_profile_path(kind: :member) do - %button.bg-cyan-200.mr-3.inline-block.rounded-lg.px-4.py-3.text-md.font-medium.border.border-gray-400 - Create Member profile - .prose - Members of the coop may create profiles profiles which are always public and contain an image and text.