7aee4f6241
These cards will be displayed in the SDG homepage. Note there seems to be a strange behavior in cancancan. If we define these rules: can :manage, Widget::Card, page_type: "SDG::Phase" can :manage, Widget::Card The expected behavior is the first rule will always be ignored because the second one overwrites it. However, when creating a new card with `load_and_authorize_resource` will automatically add `page_type: "SDG::Phase"`. Similarly, if we do something like: can :manage, Widget::Card, id: 3 can :manage, Widget::Card Then the new card will have `3` as an ID. Maybe upgrading cancancan solves the issue; we haven't tried it. For now we're defining a different rule when creating widget cards.
13 lines
349 B
Ruby
13 lines
349 B
Ruby
class Abilities::SDG::Manager
|
|
include CanCan::Ability
|
|
|
|
def initialize(user)
|
|
merge Abilities::Common.new(user)
|
|
|
|
can :read, ::SDG::Target
|
|
can :manage, ::SDG::LocalTarget
|
|
can [:read, :update, :destroy], Widget::Card, cardable_type: "SDG::Phase"
|
|
can(:create, Widget::Card) { |card| card.cardable_type == "SDG::Phase" }
|
|
end
|
|
end
|