The Error is You are not authorized to access this page.
in former collagues code.
When a user clicked Click me
(table below, in person index page) the user should be led to the new page (participant) in order to create a new participant. But if it's clicked, the error rises. Btw the index page for participants is accessible?! I am too new to ROR to code in the ability
model (if even necessary). I would first like to have a clue what's going on with the code and why I cannot access the new page to create a new participant.
cancan and devise is used. I guess it has something to to with those but I am too confused right now and I don't know where to start =/.
User Story
If you want to create a new participant
of a course you can use a search function which I coded. With this you can search for persons
that are already in the system (this works so far). When you've found the desired person, you can click on Click me
and you should be led to a page where you can use the persons information to create a new participant of a course.
+-------+---------+---------+----------+
| Title | Prename | Surname | Use |
+-------+---------+---------+----------+
| Dr. | John | Doe | Click me |
+-------+---------+---------+----------+
Here is the ParticipantsController
class ParticipantsController < ApplicationController
before_filter :authenticate_user!, :except => [:index, :show]
before_filter :my_authenticate_user, :only => [:show]
load_and_authorize_resource :course
load_and_authorize_resource :participant, :through => :course, :only => [:new, :create, :destroy]
def index
@participants = Participant.all
respond_to do |format|
format.html # show.html.erb
format.json { render json: @participant }
end
end
def new
@course = Course.find(params[:course_id])
@participant = @course.participants.build
respond_to do |format|
format.html # new.html.erb
format.json { render json: @participant }
end
end
def edit
@participant = Participant.find(params[:id])
authorize! :edit, @participant
end
def create
@course = Course.find(params[:course_id])
@participant = @course.participants.new(params[:participant])
@course.updated_by = current_user.cn
@course.send(:create_version)
@course.tag_version(t(:participant_added))
@course.save!
respond_to do |format|
if @participant.save
format.html { redirect_to course_path(@participant.course), notice: 'Participant was successfully created.' }
format.json { render json: @participant, status: :created, location: @participant }
else
format.html { render action: "new" }
format.json { render json: @participant.errors, status: :unprocessable_entity }
end
end
end
def update
@participant = Participant.find(params[:id])
authorize! :update, @participant
respond_to do |format|
if @participant.update_attributes(params[:participant])
format.html { redirect_to @participant, notice: 'Participant was successfully updated.' }
format.json { head :no_content }
else
format.html { render action: "edit" }
format.json { render json: @participant.errors, status: :unprocessable_entity }
end
end
end
def destroy
@course = Course.find(params[:course_id])
@participant = @course.participants.find(params[:id])
@participant.destroy
redirect_to course_path(@course)
end
private
def my_authenticate_user
myreturn = false
@public_function_ids = Function.select("id").where(:english => ["Sponsor","Principal Investigator","Responsible contact"])
@participant = Participant.find(params[:id])
@public_function_ids.each do |p|
if p.id == @participant.function_id
myreturn = true
end
end
if myreturn == false
authenticate_user!
else
return myreturn
end
end
end
Here is the PersonsController
class PersonsController < ApplicationController
before_filter :authenticate_user!, :except => [:new, :index, :show]
load_and_authorize_resource :course
load_and_authorize_resource :person, :through => :participant, :only => [:create, :destroy]
helper_method :sort_column, :sort_direction
autocomplete :person, :prename, :display_value => :display_autocomplete, :extra_data => [:title, :prename, :surname]
autocomplete :person, :surname, :display_value => :display_autocomplete, :extra_data => [:title, :prename, :surname]
autocomplete :organization, :description, :full => true, :limit => Rails.configuration.autocomplete_limit
def index
unless params[:search_me]
@search_me = ''
else
@search_me = params[:search_me]
end
if params[:search_me]
@persons = Person.search_me(params[:search_me]).order(sort_column +' ' + sort_direction).paginate(:per_page => 5, :page => params[:page])
else
@persons = Person.select('persons.*, count(participants.person_id)
AS participant_count').joins(:participants).group('participants.person_id').order('participant_count desc').limit(3)
end
respond_to do |format|
format.html # index.html.erb
format.json { render json: @persons }
end
end
def show
@person = Person.find(params[:id])
authorize! :show, @person
respond_to do |format|
format.html # show.html.erb
format.json { render json: @person }
end
end
def new
@person = Person.new
respond_to do |format|
format.html # new.html.erb
format.json { render json: @person}
end
end
def edit
@person = Person.find(params[:id])
authorize! :edit, @person #
end
def create
@person = Person.new(params[:person])
@person.courses << @course
respond_to do |format|
if @person.save
format.html { redirect_to @person, notice: 'Person was successfully created.' }
format.json { render json: @person, status: :created, location: @person }
else
format.html { render action: "new" }
format.json { render json: @person.errors, status: :unprocessable_entity }
end
end
end
def update
@person = Person.find(params[:id])
authorize! :update, @person
respond_to do |format|
if @person.update_attributes(params[:person])
format.html { redirect_to @person, notice: 'Person was successfully updated.' }
format.json { head :no_content }
else
format.html { render action: "edit" }
format.json { render json: @person.errors, status: :unprocessable_entity }
end
end
end
def destroy
@person = Person.find(params[:id])
@person.destroy
respond_to do |format|
format.html { redirect_to person_url }
format.json { head :no_content }
end
end
private
def sort_column
Person.column_names.include?(params[:sort]) ? params[:sort] : "prename"
end
def sort_direction
%w[asc desc].include?(params[:direction]) ? params[:direction] : "asc"
end
def my_authenticate_user
…
end
end
Here is the Participant model
class Participant < ActiveRecord::Base
belongs_to :trial
belongs_to :function
belongs_to :person
attr_accessible :trial_id, :function_id, :person_id, :person_prename
Here is the Person model
class Person < ActiveRecord::Base
belongs_to :organization
attr_accessible :organization_id,:title,:prename,:surname,:street,
:street_number,:zip_code,:city,:phone,:fax,:email,:organization_description has_many :participants has_many :courses, through: :participants
Here is the app/views/persons/_index_tail.html.erb
<fieldset>
<legend class="bold"><% if params[:search_me]%><%="Results%><%else%><%="Top 3 used participants"%><%end%></legend>
<table class="person center">
<tr>
<th><%= t(:title) %></th>
<th><%= t(:prename)%></th>
<th><%= t(:surname) %></th>
<th><%= t(:street) %></th>
<th><%= t(:city) %></th>
<th>Verwenden</th>
</tr>
<%# @personcount = 0 %>
<% @persons.each do |person| %>
<tr>
<td><%=person.title %></td>
<td><%=person.prename %></td>
<td><%=person.surname %></td>
<td><%=person.street %></td>
<td><%=person.city %></td>
<%if user_signed_in?%>
<td><%= link_to image_tag("user_silhouette.png",
{ :title => t(:show) }), new_participant_path(@participant) %></td>
<%end%>
</tr>
<% end %>
</table>
</fieldset>