Add cancan check for switchboards.

author: Stefan Wintermeyer <stefan.wintermeyer@amooma.de> 2013-06-27 11:29:09 +0200
committer: Stefan Wintermeyer <stefan.wintermeyer@amooma.de> 2013-06-27 11:29:09 +0200
commit: b9eb27eedd2fc1fc0b8edd7d09a895745f259312 (patch)
tree: 79af2bd0063fb3343c4d841ee17b41acc72120dd
parent: fa118e11df2913d1fcf6334b2dc3144a3b324204 (diff)
2 files changed, 12 insertions, 4 deletions
diff --git a/app/controllers/api/v1/switchboards_controller.rb b/app/controllers/api/v1/switchboards_controller.rb
index e6996ca..4d6607a 100644
--- a/app/controllers/api/v1/switchboards_controller.rb
+++ b/app/controllers/api/v1/switchboards_controller.rb
@@ -5,16 +5,20 @@ module Api
 
       def index
         @user = current_user
-        @switchboards = @user.switchboards
+        @switchboards = Switchboard.all
 
-        respond_with @switchboards
+        if can? :read, @switchboards
+          respond_with @switchboards
+        end
       end
 
       def show
         @user = current_user
-        @switchboard = @user.switchboards.find(params[:id])
+        @switchboard = Switchboard.find(params[:id])
 
-        respond_with @switchboard
+        if can? :read, @switchboard
+          respond_with @switchboard
+        end
       end
     end
   end
diff --git a/app/models/ability.rb b/app/models/ability.rb
index 8718dc4..66f3c60 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -95,6 +95,10 @@ class Ability
           #
           cannot :manage, RestoreJob
 
+          # Admin can manage all switchboards.
+          #
+          can :manage, Switchboard
+
         else
           # Any user can do the following stuff.
           #
author	Stefan Wintermeyer <stefan.wintermeyer@amooma.de>	2013-06-27 11:29:09 +0200
committer	Stefan Wintermeyer <stefan.wintermeyer@amooma.de>	2013-06-27 11:29:09 +0200
commit	b9eb27eedd2fc1fc0b8edd7d09a895745f259312 (patch)
tree	79af2bd0063fb3343c4d841ee17b41acc72120dd
parent	fa118e11df2913d1fcf6334b2dc3144a3b324204 (diff)