Question
I did not create this website and i am new to Ruby On Rails.
I have a form on my home page that wont allow members to post from it. If an admin logs in and uses it. it works great.
I am in need of information on where to look for the right permissions to i can edit them.
here is the info on the form. and other files that i think are important
Controller: (this is where it stops when in member account)
https://stackoverflow.com/questions/23141925
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian def ezpost
type = params[:post].delete(:type)
Resque.enqueue(UserPoster, params[:post])
redirect_to :controller => "#{type}s", :action => 'show', :id => 1, :load => params[:post]
end
Controller Trucks
def show
if params[:truck]
params[:truck][:origin] = Location.to_point(params[:truck][:origin]) unless params[:truck][:origin].blank?
params[:truck][:dest] = Location.to_point(params[:truck][:dest]) unless params[:truck][:dest].blank?
@truck = Truck.new(params[:truck])
@truck.updated_at = Time.now
@truck.id = -1
authorize! :show, @truck
flash.keep[:notice] = 'Please be aware that it could take up to 5 minutes for your truck to appear in search results.'
elsif params[:load]
params[:load][:origin] = Location.to_point(params[:load][:origin]) unless params[:load][:origin].blank?
params[:load][:dest] = Location.to_point(params[:load][:dest]) unless params[:load][:dest].blank?
@truck = Truck.new(params[:load])
@truck.updated_at = Time.now
@truck.id = -1
authorize! :show, @truck
flash.keep[:notice] = 'Please be aware that it could take up to 5 minutes for your truck to appear in search results.'
else
@truck = Truck.find(params[:id])
authorize! :show, @truck
end
end
here is Log file on submit of this for for member
Started POST "/users/ezpost?method=get" for 108.235.52.160 at 2014-04-17 13:05:44 -0500
2014-04-17 13:05:44 INFO -- Processing by UsersController#ezpost as HTML
2014-04-17 13:05:44 INFO -- Parameters: {"utf8"=>"â", "authenticity_token"=>"gYb9m7e2FcDgLVION6ryPzBrkAZApkyTeZJlu6n7Z4s=", "post"=>{"user_id"=>"12097", "origin"=>"joplin, mo", "dest"=>"", "type"=>"truck", "equipment_id"=>"1", "available"=>"2014-04-17", "expiration"=>"2014-04-21", "comments"=>"Posted From LoadMax EZ-Post Form"}, "commit"=>"Post", "method"=>"get"}
2014-04-17 13:05:44 INFO -- Redirected to http://www.loadmax.com/
2014-04-17 13:05:44 INFO -- Completed 302 Found in 31ms (ActiveRecord: 2.7ms)
2014-04-17 13:05:44 INFO --
Started GET "/" for 108.235.52.160 at 2014-04-17 13:05:44 -0500
2014-04-17 13:05:44 INFO -- Processing by InfoController#index as HTML
2014-04-17 13:05:44 INFO -- Redirected to http://www.loadmax.com/info/12097/home
2014-04-17 13:05:44 INFO -- Completed 302 Found in 3ms (ActiveRecord: 0.8ms)
2014-04-17 13:05:44 INFO --
here is the Log File for a Admin submitting same form
2014-04-17 13:02:55 INFO -- Parameters: {"utf8"=>"â", "authenticity_token"=>"BphP7bziNEqOCZWT3XzTEutRXZgDInzRjluJ6FamLlI=", "post"=>{"user_id"=>"11488", "origin"=>"joplin, mo", "dest"=>"", "type"=>"truck", "equipment_id"=>"1", "available"=>"2014-04-17", "expiration"=>"2014-04-21", "comments"=>"Posted From LoadMax EZ-Post Form"}, "commit"=>"Post", "method"=>"get"}
2014-04-17 13:02:55 INFO -- Redirected to http://loadmax.com/trucks/1?load%5Bavailable%5D=2014-04-17&load%5Bcomments%5D=Posted+From+LoadMax+EZ-Post+Form&load%5Bdest%5D=&load%5Bequipment_id%5D=1&load%5Bexpiration%5D=2014-04-21&load%5Borigin%5D=joplin%2C+mo&load%5Buser_id%5D=11488
2014-04-17 13:02:55 INFO -- Completed 302 Found in 29ms (ActiveRecord: 1.6ms)
2014-04-17 13:02:55 INFO --
Started GET "/trucks/1?load%5Bavailable%5D=2014-04-17&load%5Bcomments%5D=Posted+From+LoadMax+EZ-Post+Form&load%5Bdest%5D=&load%5Bequipment_id%5D=1&load%5Bexpiration%5D=2014-04-21&load%5Borigin%5D=joplin%2C+mo&load%5Buser_id%5D=11488" for 108.235.52.160 at 2014-04-17 13:02:55 -0500
2014-04-17 13:02:55 INFO -- Processing by TrucksController#show as HTML
2014-04-17 13:02:55 INFO -- Parameters: {"load"=>{"available"=>"2014-04-17", "comments"=>"Posted From LoadMax EZ-Post Form", "dest"=>"", "equipment_id"=>"1", "expiration"=>"2014-04-21", "origin"=>"joplin, mo", "user_id"=>"11488"}, "id"=>"1"}
2014-04-17 13:02:55 INFO -- Rendered trucks/show.html.haml within layouts/application (22.9ms)
here is my Controller_macro in spec
module ControllerMacros
def login_as_full
account_subscription "full_subscription"
end
def login_as_free
account_subscription "free_subscription"
end
def login_as_admin
account_subscription "admin_subscription"
end
def login_as_acct_mgr
account_subscription "acct_mgr_subscription"
end
def login_as_comp_mgr
account_subscription "full_subscription", "company_manager"
end
private
def account_subscription(subscription_type, user_type="user")
@company = FactoryGirl.create(:company)
@subscription = FactoryGirl.create(subscription_type.to_sym, company_id: @company.id)
@user = FactoryGirl.create(user_type.to_sym, company_id: @company.id)
sign_in @user
end
end
Teirs.yml file... Teir 1 and 3 are the ones i am working with
# Fixture file to import all subscription tiers into database. See db/seeds.rb
admin:
desc: "null"
id: 1
name: "admin"
account_manager:
desc: "null"
id: 2
name: "account_manager"
normal:
desc: "null"
id: 3
name: "normal"
free:
desc: "null"
id: 4
name: "free"
mobile:
desc: "null"
id: 5
name: "mobile"
demo:
desc: "null"
id: 6
name: "demo"
spec/factories/Subscription.rb
require 'factory_girl'
FactoryGirl.define do
factory :subscription do
end
factory :admin_subscription, parent: :subscription do
tier_id '1'
end
factory :acct_mgr_subscription, parent: :subscription do
tier_id '2'
end
factory :full_subscription, parent: :subscription do
tier_id '3'
end
factory :free_subscription, parent: :subscription do
tier_id '4'
end
end
Solution
The previous programmer is using the gem cancan. You can tell by the authorize! statement.
authorize! :show, @truck
You can find the documentation here.
https://github.com/ryanb/cancan
In particular, it should be the app/models/ability.rb file. Depending on the previous set permission, you can modify it to allow edits on Truck.
Here is some more info.
https://github.com/ryanb/cancan/wiki/defining-abilities
