chadiso/permissions_2_changes.diff

## permissions_2_changes.diff
diff -r 770d1d886f73 app/models/admin_ability.rb
--- a/app/models/admin_ability.rb	Sat Aug 13 17:59:03 2016 +0300
+++ b/app/models/admin_ability.rb	Wed Aug 31 21:53:47 2016 +0300
@@ -12,7 +12,26 @@
     when 1
       can :manage, :all
     when 2
-      can :manage, :all
+      # can :manage, :all
+
+      # Apply assigned roles with appropriate permissions
+      user.roles.each do |assignment|
+        assignment.permissions.each do |p|
+          if p.type == 'Permission::Admin'
+            cancan_action = Permission::Admin.eval_cancan_action(p.action)
+            if p.subject_type == 'Page'
+              can cancan_action, p.subject_class.constantize
+            elsif p.subject_type == 'Resource'
+              can cancan_action, ActiveAdmin::Page, name: p.subject_class
+            elsif p.subject_type.nil? && p.subject_class == 'all'
+              can cancan_action, :all
+            else
+
+            end
+          end
+        end
+      end
+
       # Optimize for cannot https://github.com/ryanb/cancan/wiki/Nested-Resources
       # Из продукта нет доступа к supplier_items через can :read
       cannot :create, :all
@@ -23,6 +42,8 @@
     end

     cannot :destroy, SupplierItem, current: true
+
+
   end

 end
diff -r 770d1d886f73 app/models/admin_assignment.rb
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/app/models/admin_assignment.rb	Wed Aug 31 21:53:47 2016 +0300
@@ -0,0 +1,4 @@
+class AdminAssignment < ActiveRecord::Base
+  belongs_to :admin_user
+  belongs_to :role
+end
diff -r 770d1d886f73 app/models/admin_user.rb
--- a/app/models/admin_user.rb	Sat Aug 13 17:59:03 2016 +0300
+++ b/app/models/admin_user.rb	Wed Aug 31 21:53:47 2016 +0300
@@ -27,6 +27,9 @@
   scope :without_couriers,    -> { where.not(role: roles[:courier]).order(:surname) }

   extend AdminUserRole
+  has_many :admin_assignments
+  has_many :roles, through: :admin_assignments
+
   include PhoneFormatter
   include Avatarable

diff -r 770d1d886f73 config/initializers/permission/admin.rb
--- a/config/initializers/permission/admin.rb	Sat Aug 13 17:59:03 2016 +0300
+++ b/config/initializers/permission/admin.rb	Wed Aug 31 21:53:47 2016 +0300
@@ -1,47 +1,47 @@
-# begin
-#   ActiveAdmin.after_load do |app|
-#     if Permission::Admin.table_exists?
-#       Permission::Admin.add_permission_for_cancan(:all, nil, :manage, 'Все разделы', 'Все операции')
-#       Permission::Admin.add_permission_for_cancan(:all, nil, :read, 'Все разделы', 'Read')
-#
-#       app.namespaces.each do |name, namespace|
-#         namespace.resources.each do |resource|
-#           resource_type = resource.class.name.demodulize
-#           resource_description = []
-#
-#           if resource_type == 'Page'
-#             actions = [:manage, :read]
-#             actions |= resource.page_actions.map { |a| a.name }
-#
-#             resource_name = resource.name
-#           else
-#             resource.member_actions.map { |a| a.name }
-#
-#             actions = Permission::Admin.crud_actions
-#             actions |= resource.batch_actions.map { |a| a.sym }
-#             actions |= resource.member_actions.map { |a| a.name }
-#             actions |= resource.member_actions.map { |a| a.name }
-#
-#             resource_name = resource.resource_class_name
-#           end
-#
-#           resource_description << if resource.menu_item_options[:parent].is_a? Proc
-#             resource.menu_item_options[:parent].call
-#           else
-#             resource.menu_item_options[:parent]
-#           end
-#
-#           resource_description << if resource.menu_item_options[:label].is_a? Proc
-#             resource.menu_item_options[:label].call
-#           else
-#             resource.menu_item_options[:label] || resource_name
-#           end
-#
-#           actions.each do |action|
-#             Permission::Admin.add_permission_for_cancan(resource_name, resource_type, action, resource_description.compact.join(' - '))
-#           end
-#         end
-#       end
-#     end
-#   end
-# rescue; end
+begin
+  ActiveAdmin.after_load do |app|
+    if Permission::Admin.table_exists?
+      Permission::Admin.add_permission_for_cancan(:all, nil, :manage, 'Все разделы', 'Все операции')
+      Permission::Admin.add_permission_for_cancan(:all, nil, :read, 'Все разделы', 'Read')
+
+      app.namespaces.each do |name, namespace|
+        namespace.resources.each do |resource|
+          resource_type = resource.class.name.demodulize
+          resource_description = []
+
+          if resource_type == 'Page'
+            actions = [:manage, :read]
+            actions |= resource.page_actions.map { |a| a.name }
+
+            resource_name = resource.name
+          else
+            resource.member_actions.map { |a| a.name }
+
+            actions = Permission::Admin.crud_actions
+            actions |= resource.batch_actions.map { |a| a.sym }
+            actions |= resource.member_actions.map { |a| a.name }
+            actions |= resource.member_actions.map { |a| a.name }
+
+            resource_name = resource.resource_class_name
+          end
+
+          resource_description << if resource.menu_item_options[:parent].is_a? Proc
+            resource.menu_item_options[:parent].call
+          else
+            resource.menu_item_options[:parent]
+          end
+
+          resource_description << if resource.menu_item_options[:label].is_a? Proc
+            resource.menu_item_options[:label].call
+          else
+            resource.menu_item_options[:label] || resource_name
+          end
+
+          actions.each do |action|
+            Permission::Admin.add_permission_for_cancan(resource_name, resource_type, action, resource_description.compact.join(' - '))
+          end
+        end
+      end
+    end
+  end
+rescue; end
diff -r 770d1d886f73 db/migrate/20160831172835_create_admin_assignments.rb
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/db/migrate/20160831172835_create_admin_assignments.rb	Wed Aug 31 21:53:47 2016 +0300
@@ -0,0 +1,10 @@
+class CreateAdminAssignments < ActiveRecord::Migration
+  def change
+    create_table :admin_assignments do |t|
+      t.references :admin_user, index: true
+      t.references :role, index: true
+
+      t.timestamps
+    end
+  end
+end
	diff -r 770d1d886f73 app/models/admin_ability.rb
	--- a/app/models/admin_ability.rb Sat Aug 13 17:59:03 2016 +0300
	+++ b/app/models/admin_ability.rb Wed Aug 31 21:53:47 2016 +0300
	@@ -12,7 +12,26 @@
	when 1
	can :manage, :all
	when 2
	- can :manage, :all
	+ # can :manage, :all
	+
	+ # Apply assigned roles with appropriate permissions
	+ user.roles.each do \|assignment\|
	+ assignment.permissions.each do \|p\|
	+ if p.type == 'Permission::Admin'
	+ cancan_action = Permission::Admin.eval_cancan_action(p.action)
	+ if p.subject_type == 'Page'
	+ can cancan_action, p.subject_class.constantize
	+ elsif p.subject_type == 'Resource'
	+ can cancan_action, ActiveAdmin::Page, name: p.subject_class
	+ elsif p.subject_type.nil? && p.subject_class == 'all'
	+ can cancan_action, :all
	+ else
	+
	+ end
	+ end
	+ end
	+ end
	+
	# Optimize for cannot https://github.com/ryanb/cancan/wiki/Nested-Resources
	# Из продукта нет доступа к supplier_items через can :read
	cannot :create, :all
	@@ -23,6 +42,8 @@
	end

	cannot :destroy, SupplierItem, current: true
	+
	+
	end

	end
	diff -r 770d1d886f73 app/models/admin_assignment.rb
	--- /dev/null Thu Jan 01 00:00:00 1970 +0000
	+++ b/app/models/admin_assignment.rb Wed Aug 31 21:53:47 2016 +0300
	@@ -0,0 +1,4 @@
	+class AdminAssignment < ActiveRecord::Base
	+ belongs_to :admin_user
	+ belongs_to :role
	+end
	diff -r 770d1d886f73 app/models/admin_user.rb
	--- a/app/models/admin_user.rb Sat Aug 13 17:59:03 2016 +0300
	+++ b/app/models/admin_user.rb Wed Aug 31 21:53:47 2016 +0300
	@@ -27,6 +27,9 @@
	scope :without_couriers, -> { where.not(role: roles[:courier]).order(:surname) }

	extend AdminUserRole
	+ has_many :admin_assignments
	+ has_many :roles, through: :admin_assignments
	+
	include PhoneFormatter
	include Avatarable

	diff -r 770d1d886f73 config/initializers/permission/admin.rb
	--- a/config/initializers/permission/admin.rb Sat Aug 13 17:59:03 2016 +0300
	+++ b/config/initializers/permission/admin.rb Wed Aug 31 21:53:47 2016 +0300
	@@ -1,47 +1,47 @@
	-# begin
	-# ActiveAdmin.after_load do \|app\|
	-# if Permission::Admin.table_exists?
	-# Permission::Admin.add_permission_for_cancan(:all, nil, :manage, 'Все разделы', 'Все операции')
	-# Permission::Admin.add_permission_for_cancan(:all, nil, :read, 'Все разделы', 'Read')
	-#
	-# app.namespaces.each do \|name, namespace\|
	-# namespace.resources.each do \|resource\|
	-# resource_type = resource.class.name.demodulize
	-# resource_description = []
	-#
	-# if resource_type == 'Page'
	-# actions = [:manage, :read]
	-# actions \|= resource.page_actions.map { \|a\| a.name }
	-#
	-# resource_name = resource.name
	-# else
	-# resource.member_actions.map { \|a\| a.name }
	-#
	-# actions = Permission::Admin.crud_actions
	-# actions \|= resource.batch_actions.map { \|a\| a.sym }
	-# actions \|= resource.member_actions.map { \|a\| a.name }
	-# actions \|= resource.member_actions.map { \|a\| a.name }
	-#
	-# resource_name = resource.resource_class_name
	-# end
	-#
	-# resource_description << if resource.menu_item_options[:parent].is_a? Proc
	-# resource.menu_item_options[:parent].call
	-# else
	-# resource.menu_item_options[:parent]
	-# end
	-#
	-# resource_description << if resource.menu_item_options[:label].is_a? Proc
	-# resource.menu_item_options[:label].call
	-# else
	-# resource.menu_item_options[:label] \|\| resource_name
	-# end
	-#
	-# actions.each do \|action\|
	-# Permission::Admin.add_permission_for_cancan(resource_name, resource_type, action, resource_description.compact.join(' - '))
	-# end
	-# end
	-# end
	-# end
	-# end
	-# rescue; end
	+begin
	+ ActiveAdmin.after_load do \|app\|
	+ if Permission::Admin.table_exists?
	+ Permission::Admin.add_permission_for_cancan(:all, nil, :manage, 'Все разделы', 'Все операции')
	+ Permission::Admin.add_permission_for_cancan(:all, nil, :read, 'Все разделы', 'Read')
	+
	+ app.namespaces.each do \|name, namespace\|
	+ namespace.resources.each do \|resource\|
	+ resource_type = resource.class.name.demodulize
	+ resource_description = []
	+
	+ if resource_type == 'Page'
	+ actions = [:manage, :read]
	+ actions \|= resource.page_actions.map { \|a\| a.name }
	+
	+ resource_name = resource.name
	+ else
	+ resource.member_actions.map { \|a\| a.name }
	+
	+ actions = Permission::Admin.crud_actions
	+ actions \|= resource.batch_actions.map { \|a\| a.sym }
	+ actions \|= resource.member_actions.map { \|a\| a.name }
	+ actions \|= resource.member_actions.map { \|a\| a.name }
	+
	+ resource_name = resource.resource_class_name
	+ end
	+
	+ resource_description << if resource.menu_item_options[:parent].is_a? Proc
	+ resource.menu_item_options[:parent].call
	+ else
	+ resource.menu_item_options[:parent]
	+ end
	+
	+ resource_description << if resource.menu_item_options[:label].is_a? Proc
	+ resource.menu_item_options[:label].call
	+ else
	+ resource.menu_item_options[:label] \|\| resource_name
	+ end
	+
	+ actions.each do \|action\|
	+ Permission::Admin.add_permission_for_cancan(resource_name, resource_type, action, resource_description.compact.join(' - '))
	+ end
	+ end
	+ end
	+ end
	+ end
	+rescue; end
	diff -r 770d1d886f73 db/migrate/20160831172835_create_admin_assignments.rb
	--- /dev/null Thu Jan 01 00:00:00 1970 +0000
	+++ b/db/migrate/20160831172835_create_admin_assignments.rb Wed Aug 31 21:53:47 2016 +0300
	@@ -0,0 +1,10 @@
	+class CreateAdminAssignments < ActiveRecord::Migration
	+ def change
	+ create_table :admin_assignments do \|t\|
	+ t.references :admin_user, index: true
	+ t.references :role, index: true
	+
	+ t.timestamps
	+ end
	+ end
	+end