Add user roles "admin" and "user". These 2 roles are initially created for the migration of the "Role" model inside the database. Any existing users inside the DB will be tranformed into the "admin" role, as this is what they already were before introduction of the role model.
The "user" role is restricted to read-only actions. A user can update its own credentials, but not its role. Also the message#show action is not allowed for a user, only message#index.
The role abilities are mainly configured via the CanCanCan gem inside the file app/models/ability.rb
ActiveAdmin has a Authorization Adapter class that is tailored to CanCanCan so that the typical CanCanCan methods are available automatically.
The ActiveAdmin views have been adapted to test for appropriate authorization for destructive actions, so that e.g. "delete" of conversations is only displayed if the test
authorized? :manage, Conversation returns true.
Also even admins cannot delete themselves or assign a different role to themselves, because then it would be possible to lock oneself out of Masdif. This is especially problematic in case there is only one admin in the system.
Add user roles "admin" and "user". These 2 roles are initially created for the migration of the "Role" model inside the database. Any existing users inside the DB will be tranformed into the "admin" role, as this is what they already were before introduction of the role model.
The "user" role is restricted to read-only actions. A user can update its own credentials, but not its role. Also the message#show action is not allowed for a user, only message#index.
The role abilities are mainly configured via the CanCanCan gem inside the file
app/models/ability.rbActiveAdmin has a Authorization Adapter class that is tailored to CanCanCan so that the typical CanCanCan methods are available automatically.
The ActiveAdmin views have been adapted to test for appropriate authorization for destructive actions, so that e.g. "delete" of conversations is only displayed if the test
authorized? :manage, Conversationreturns true.Also even admins cannot delete themselves or assign a different role to themselves, because then it would be possible to lock oneself out of Masdif. This is especially problematic in case there is only one admin in the system.
This implements #47