seivan/ability.rb

## ability.rb
class Ability
  include CanCan::Ability

  # alias_action :index, :show, :to => :read
  # alias_action :new, :to => :create
  # alias_action :edit, :to => :update

  def initialize(user)
    if user.role? :admin
      can :manage, :all
    end

    if user.role? :moderator
      can :manage, :all
    end

    if user.role? :user
      can :read, :all
      can :create, :all
      can :destroy, :all do |obj_class, obj|
       obj.try(:user) == user
       3.minutes.ago <= obj.created_at
     end
      can :update, :all do |obj_class, obj|
       obj.try(:user) == user
       3.minutes.ago <= obj.created_at
      end
      can :destroy, UserSession do |us|
        user == us.try(:user)
      end
      cannot :create, UserSession
      cannot :create, User
      cannot :destroy, User
    end


    if user.role? :guest
      can :create, UserSession
      cannot :destroy, UserSession
      can :create, User
      can :update, User
    end

  end
end

## application.html.haml
!!! Strict
%html{html_attrs}

  %head
    %title
      = h(yield(:title) || "Untitled")
    %meta{"http-equiv"=>"Content-Type", :content=>"text/html; charset=utf-8"}/
    = stylesheet_link_tag 'application'
    = javascript_include_tag "http://ajax.googleapis.com/ajax/libs/jquery/1.4.1/jquery.min.js", "http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.2/jquery-ui.min.js", "application", :cache => true
    /[if IE]
      = stylesheet_link_tag 'ie'
      %a{ :href => 'http://www.mozilla.com/en-US/firefox/' }
        %h1 Get Firefox
    = yield(:head)

  %body
    #container
      #user_nav
          = link_to 'Logout', logout_path if can? :destroy, current_user
        - else
          = link_to 'Login', login_path if can? :create, current_user
          = link_to 'Signup', signup_path if can? :create, current_user
      #messages
        - flash.each do |name, message|
          %div{:id => "flash_#{name}"}=message

      - if show_title?
        %h1=h yield(:title)

      = yield
	class Ability
	include CanCan::Ability

	# alias_action :index, :show, :to => :read
	# alias_action :new, :to => :create
	# alias_action :edit, :to => :update

	def initialize(user)
	if user.role? :admin
	can :manage, :all
	end

	if user.role? :moderator
	can :manage, :all
	end

	if user.role? :user
	can :read, :all
	can :create, :all
	can :destroy, :all do \|obj_class, obj\|
	obj.try(:user) == user
	3.minutes.ago <= obj.created_at
	end
	can :update, :all do \|obj_class, obj\|
	obj.try(:user) == user
	3.minutes.ago <= obj.created_at
	end
	can :destroy, UserSession do \|us\|
	user == us.try(:user)
	end
	cannot :create, UserSession
	cannot :create, User
	cannot :destroy, User
	end


	if user.role? :guest
	can :create, UserSession
	cannot :destroy, UserSession
	can :create, User
	can :update, User
	end

	end
	end
	!!! Strict
	%html{html_attrs}

	%head
	%title
	= h(yield(:title) \|\| "Untitled")
	%meta{"http-equiv"=>"Content-Type", :content=>"text/html; charset=utf-8"}/
	= stylesheet_link_tag 'application'
	= javascript_include_tag "http://ajax.googleapis.com/ajax/libs/jquery/1.4.1/jquery.min.js", "http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.2/jquery-ui.min.js", "application", :cache => true
	/[if IE]
	= stylesheet_link_tag 'ie'
	%a{ :href => 'http://www.mozilla.com/en-US/firefox/' }
	%h1 Get Firefox
	= yield(:head)

	%body
	#container
	#user_nav
	= link_to 'Logout', logout_path if can? :destroy, current_user
	- else
	= link_to 'Login', login_path if can? :create, current_user
	= link_to 'Signup', signup_path if can? :create, current_user
	#messages
	- flash.each do \|name, message\|
	%div{:id => "flash_#{name}"}=message

	- if show_title?
	%h1=h yield(:title)

	= yield