dm_event 4.2.1.5

data/app/controllers/dm_event/registrations_controller.rb

@@ -0,0 +1,368 @@
+ActionView::Base.send(:include, ActiveMerchant::Billing::Integrations::ActionViewHelper)
+
+class DmEvent::RegistrationsController < DmEvent::ApplicationController
+  include DmEvent::PermittedParams
+  include ActiveMerchant::Billing::Integrations
+  include DmCore::UrlHelper
+  include DmCore::LiquidHelper
+
+  protect_from_forgery :except => [:paypal_ipn, :sofort_ipn]
+
+  helper          DmEvent::WorkshopsHelper
+  helper          DmEvent::RegistrationsHelper
+  layout          'layouts/event_templates/register'
+
+  before_filter   :workshop_lookup, except: [:success]
+  
+  #------------------------------------------------------------------------------
+  def new
+    redirect_to main_app.root_url and return if @workshop.nil?
+    
+    if !@workshop.registration_closed? || is_admin?
+      @registration               = @workshop.registrations.build
+      @registration.user_profile  = current_user ? current_user.user_profile : UserProfile.new
+      
+      if @workshop.require_address && !@registration.user_profile.address_valid?
+        #--- address is required and there are missing fields in the profile
+        @registration.user_profile.address_required = true
+      end
+      @registration.user_profile.userless_registration = true if current_user.nil? && !@workshop.require_account
+
+      set_meta description: @workshop.summary, "og:description" => sanitize_text(markdown(@workshop.summary, safe: false))
+      set_meta "og:image" => site_asset_media_url(@workshop.image) if @workshop.image.present?
+    else
+      render action: :closed
+    end
+  end
+
+  #------------------------------------------------------------------------------
+  def create
+    redirect_to(action: :new) and return if @workshop.require_account && current_user.nil?
+    
+    profile_params                  = params[:registration].delete("user_profile_attributes") if params[:registration]
+    profile_params.delete(:id)      if profile_params
+    
+    @registration                   = @workshop.registrations.new(registration_params)
+    @registration.registered_locale = I18n.locale
+    @registration.user_profile      = current_user ? current_user.user_profile : UserProfile.new
+    @registration.user_profile.assign_attributes(user_profile_direct_params(profile_params)) unless profile_params.blank?
+
+    if @registration.save
+      if @workshop.payments_enabled? && !@workshop.require_review? && @registration.balance_owed.positive?
+        redirect_to register_choose_payment_url(@registration.uuid)
+      else
+        redirect_to register_success_url(@registration.uuid)
+      end
+    else
+      render action: :new
+    end
+  end
+
+  # Only allow to proceed with payment if the registration is still in pending
+  #------------------------------------------------------------------------------
+  def choose_payment
+    @registration = Registration.find_by_uuid(params[:uuid])
+    @workshop     = @registration.workshop if @registration
+    flash[:alert] = I18n.t('core.resource_invalid')
+    redirect_to main_app.root_url and return if @registration.nil? || !@registration.accepted?
+
+    if @workshop.require_account
+      raise Account::LoginRequired.new(I18n.t('core.login_required')) if current_user.nil?
+      if @registration.user_profile.user != current_user && !is_admin?
+        flash[:alert] = I18n.t('core.resource_invalid')
+        redirect_to main_app.root_url and return
+      end
+    end
+  end
+  
+  # Success page for a registration.  Look up the uuid and display success.
+  # Can do this many times - if the user doesn't own the registration, then kick
+  # them out.
+  #------------------------------------------------------------------------------
+  def success
+    @registration = Registration.find_by_uuid(params[:uuid])
+    if @registration.nil? || @registration.user_profile.user != current_user
+      #--- not logged in or not the users registration (for )
+      flash[:alert] = I18n.t('core.resource_invalid')
+      redirect_to main_app.root_url and return
+    end
+    @workshop         = @registration.workshop if @registration
+    @receipt_content  = @registration.email_state_notification(@registration.current_state, false) || ""
+  end
+
+private
+
+  #------------------------------------------------------------------------------
+  def workshop_lookup
+    @workshop = Workshop.find_by_slug(params[:id])
+  end
+end
+  
+  
+=begin
+  helper          'dm_event/event_registrations'
+  helper          'dm_event/custom_fields'
+
+  before_filter   :login_required, :only => [:show_registrations]
+  before_filter   :ssl_required
+
+  layout          :use_layout
+  
+  # TODO GETs should be safe (see http://www.w3.org/2001/tag/doc/whenToUseGet.html)
+  #verify :method => :post, :only => [ :confirm, :verify_payment ],
+  #       :redirect_to => { :action => :index }
+
+private
+  #------------------------------------------------------------------------------
+  def use_layout
+    "#{account_layouts}/#{Hanuman::Application.config.event_registration_layout}"
+  end
+
+public
+  #-----------------------------------------------------------------------
+  def index
+    #--- clear out any session data for this registration
+    session[:event_registration] = nil
+    redirect_to '/'
+  end
+  
+  # :id => the workshop id we're registering for
+  #-----------------------------------------------------------------------
+  def register
+    redirect_to :action => 'index' and return if params[:id] == nil
+    @workshop = EventWorkshop.find_by_id(params[:id])
+    redirect_to :action => 'index' and return if @workshop == nil
+    redirect_to :action => 'index' and return unless @workshop.valid_invitation?(params[:code])
+
+    #--- allow an admin to see registration form
+    if !@workshop.workshop_closed or permit?("#{SystemRoles::Moderator} on :workshop or #{SystemRoles::Admin} on Event or #{SystemRoles::Admin} on Student or #{SystemRoles::System}")
+      if @workshop.require_account
+        unless logged_in?
+          flash[:special_message] = nls(:event_require_account, :title => @workshop.title, :link => register_account_url)
+          login_required
+          return
+        end
+      end
+
+      #--- if we're an admin, then you can register another student for this event, using information from a previous registration
+      if !params[:r_id].blank? and permit?("#{SystemRoles::Moderator} on :workshop or #{SystemRoles::Admin} on Event or #{SystemRoles::Admin} on Student or #{SystemRoles::System}")
+        old_registration    = EventRegistration.find(params[:r_id])
+        @register_user      = old_registration.student.user
+        @event_registration = EventRegistration.new_registration_from_old(@workshop.id, old_registration)  
+      elsif  !params[:s_id].blank? and permit?("#{SystemRoles::Moderator} on :workshop or #{SystemRoles::Admin} on Event or #{SystemRoles::Admin} on Student or #{SystemRoles::System}")
+        @register_user      = Student.find(params[:s_id]).user
+        @event_registration = EventRegistration.new(:event_workshop_id => @workshop.id, :country_id => @workshop.country_id)  
+      else
+        @register_user      = current_user
+        @event_registration = EventRegistration.new(:event_workshop_id => @workshop.id, :country_id => @workshop.country_id)  
+      end
+    
+      @use_login_info       = @workshop.require_account || (!@register_user.nil? && !params['no_login'])
+
+      unless put_or_post?
+        #--- build up the custom field objects
+        @workshop.custom_field_defs.each do |c|
+          @event_registration.custom_fields.build(:custom_field_def_id => c.id)
+        end
+      else
+        #--- TODO security problem - shouldn't do the following assignment blindly
+       @event_registration.attributes  = params[:event_registration] unless params[:event_registration].nil?
+
+        #--- tie registration to student if they are logged in
+        @event_registration.student_id  = @register_user.student_id if @use_login_info
+
+        @photo = ((params[:photo].nil? || params[:photo][:image].blank?) ? nil : EventRegistrationPhoto.new(params[:photo]))
+        if @event_registration.valid? && (@photo.nil? || @photo.valid?)
+
+          if @event_registration.save && (@photo.nil? || @photo.save)
+            @event_registration.photo = @photo unless @photo.nil?
+            @event_registration.update_attribute(:item_code,  @event_registration.event_payment.shoppingcart_code) unless (@event_registration.event_payment.nil? || @event_registration.event_payment.shoppingcart_code.blank?)
+
+            unless params[:newsletters].nil?
+              #--- they asked to be notified of news, sign them up for the newletter
+              params[:newsletters].each do |idtag|
+                #--- we don't really care about the return code ---
+                rc = Newsletter.add_subscriber( idtag, !@use_login_info ? @event_registration : @event_registration.student, 
+                                                :remote_ip => request.remote_ip,
+                                                :subscriber_id => !@use_login_info ? nil : @event_registration.student.id)
+              end
+            end
+            session[:event_registration] = @event_registration.id
+
+            #--- if shopping cart payment required, add redirect to the link that adds
+            #--- the items to the cart.  Receipt is emailed after we get confirmation back
+            #--- from shopping cart that payment was made.
+            if (  !@event_registration.event_payment.nil? and 
+                  @event_registration.event_payment.payment_type == 'cc' and 
+                  !@event_registration.item_code.blank?)
+              redirect_to generate_shoppingcart_link(@event_registration) and return
+            else
+              redirect_to :action => 'success' and return
+            end
+          end
+        end
+      end
+    end
+
+    #--- use the overriden template if specified, otherwise the default register.rhtml is used
+    @workshop.template.blank? ? render(:action => :register) : render(:action => :register, :layout => "#{account_layouts}/#{@workshop.template}")
+  end
+  
+  #-----------------------------------------------------------------------
+  def success
+    unless session[:event_registration] == nil
+      @event_registration = EventRegistration.find_by_id(session[:event_registration])
+      
+      #--- clear out the session information
+      session[:event_registration] = nil
+      @content = (@event_registration.compile_receipt)[:content]
+    else
+      #--- somehow sesssion got lost - back to the beginning
+      redirect_to :action => 'index'
+    end
+  end
+  
+  # Clears the session of any information that might be there, and returns 
+  # user to event information page.
+  #-----------------------------------------------------------------------
+  def user_cancel
+    @workshop = EventWorkshop.find_by_id(params[:workshop])
+    @workshop.nil? ? redirect_to('/') : redirect_to(@workshop.eventinfo_url)
+  end
+
+  #------------------------------------------------------------------------------
+  def show_registrations
+    @student = current_user.student
+    
+    render :layout => "#{account_layouts}/members_backend"
+  end
+
+  #------------------------------------------------------------------------------
+  def select_registration
+  end
+
+  #------------------------------------------------------------------------------
+  def goto_shopping_cart
+    event_registration = EventRegistration.find(params[:id])
+    redirect_to generate_shoppingcart_link(event_registration) and return
+  end
+  
+  #------------------------------------------------------------------------------
+  def update_registration
+    redirect_to :action => 'index' and return if params[:id] == nil
+    @event_registration = EventRegistration.find_by_token(params[:id])
+    if @event_registration.nil?
+      flash[:error] = 'This registration is not valid.'
+      redirect_to :action => :show_registrations and return
+    end
+    
+    @workshop           = @event_registration.event_workshop 
+    unless @workshop.workshop_closed
+      if @workshop.require_account
+        flash[:warning] = 'Please login to your student account before registering' and return unless login_required
+      end
+      @use_login_info     = @workshop.require_account || (user_signed_in? && !params['no_login'])
+
+      if put_or_post? && @event_registration.updates_allowed?
+        @event_registration.errors.add(:base, 'Please fill in the form') and return if params[:event_registration].nil?
+      
+        #--- TODO security problem - shouldn't do the following assignment blindly
+        @event_registration.attributes              = params[:event_registration]
+        @event_registration.user_updated_at         = Time.new
+        @event_registration.confirmed_on            = Time.new if params[:confirm]
+
+        @photo = ((params[:photo].nil? || params[:photo][:image].blank?) ? nil : EventRegistrationPhoto.new(params[:photo]))
+        if @event_registration.valid? && (@photo.nil? || @photo.valid?) && !@event_registration.custom_field_errors?
+
+          if @event_registration.save && (@photo.nil? || @photo.save)
+            @event_registration.photo = @photo unless @photo.nil?
+
+            #flash[:notice] = "Registration Updated Successfully"
+            redirect_to :action => :update_successful, :id => @event_registration.token and return
+          end
+        end
+      else
+        #--- build up the custom field objects
+        @workshop.custom_field_defs.each do |c|
+          @event_registration.custom_fields.build(:custom_field_def_id => c.id) unless @event_registration.custom_fields.detect { |f| f.custom_field_def_id == c.id }
+        end
+      end
+    end
+  
+    #--- use the overriden template if specified, otherwise the default register.rhtml is used
+    render :layout => "#{account_layouts}/#{@workshop.template}" unless @workshop.template.blank?
+  end
+
+  #------------------------------------------------------------------------------
+  def update_successful
+    @event_registration = EventRegistration.find_by_token(params[:id])    
+    if @event_registration.nil?
+      flash[:error] = 'This registration is not valid.'
+      redirect_to :action => :show_registrations and return
+    end
+    @workshop           = @event_registration.event_workshop 
+  end
+
+  #------------------------------------------------------------------------------
+  def registration_comments
+    if params[:id].nil? || (@event_registration  = EventRegistration.find_by_token(params[:id])).nil?
+      flash[:error] = 'This registration is not valid.'
+      redirect_to :action => :show_registrations and return
+    end
+    
+    @workshop = @event_registration.event_workshop 
+    if @workshop.workshop_closed
+      flash[:error] = 'This workshop is closed.'
+      redirect_to :action => :show_registrations and return
+    end
+  end
+  
+  #------------------------------------------------------------------------------
+  def add_comment
+    if params[:id].nil? || (@event_registration  = EventRegistration.find_by_token(params[:id])).nil? || @event_registration.event_workshop.workshop_closed || current_user.nil?
+      flash[:error] = 'This registration is not valid.'
+      redirect_to :action => :show_registrations and return
+    end
+    @comment = Comment.new(:comment => params[:comment], :user_id => current_user.id)
+    @event_registration.add_comment(@comment)
+    
+    #--- give the object a chance to do something if necessary
+    @event_registration.comment_notify(@comment) if @event_registration.respond_to?(:comment_notify)
+    redirect_to :action => :registration_comments, :id => params[:id]
+  end
+  
+  # Show the workshops information page
+  #------------------------------------------------------------------------------
+  def information_page
+    redirect_to :action => 'index' and return if params[:id].nil?
+    @event_registration = EventRegistration.find_by_token(params[:id])    
+    redirect_to :action => 'index' and return if @event_registration.nil?
+    @workshop           = @event_registration.event_workshop 
+
+    unless permit?("#{SystemRoles::Moderator} on :workshop or #{SystemRoles::Admin} on Event or #{SystemRoles::System}", :event => @workshop.event)
+      if @workshop.require_account
+        if !user_signed_in? or (user_signed_in? && !@workshop.registered?(current_user.student)) or @workshop.information_text.blank?
+          redirect_to :action => :show_registrations and return
+        end
+      else
+        redirect_to :action => 'index' and return if @workshop.information_text.blank?
+        redirect_to :action => 'index' and return if @workshop.past?
+      end
+    end
+    
+    #--- use the overriden template if specified, otherwise the default register.rhtml is used
+    @workshop.template.blank? ? render(:action => :information_page) : render(:action => :information_page, :layout => "#{account_layouts}/#{@workshop.template}")
+  end
+
+  # Show the workshops information page
+  #------------------------------------------------------------------------------
+  def event_information_page
+    redirect_to :action => 'index' and return if params[:id].nil?
+    @workshop = EventWorkshop.find_by_id(params[:id])
+    redirect_to :action => 'index' and return if @workshop.nil? or @workshop.past?
+
+    #--- use the overriden template if specified, otherwise the default register.rhtml is used
+    @workshop.template.blank? ? render(:action => :event_information_page) : render(:action => :event_information_page, :layout => "#{account_layouts}/#{@workshop.template}")
+  end
+
+=end

data/app/datatables/registration_datatable.rb

@@ -0,0 +1,117 @@
+class RegistrationDatatable
+  include ActionView::Helpers::TagHelper
+  include DmEvent::RegistrationsHelper
+  include DmUtilities::DateHelper
+  include DmCore::ApplicationHelper
+  
+  delegate :params, :link_to, :image_tag, :number_to_currency, :time_ago_in_words, to: :@view
+  delegate :url_helpers, to: 'DmEvent::Engine.routes'
+  
+  #------------------------------------------------------------------------------
+  def initialize(view)
+    @view = view
+  end
+
+  #------------------------------------------------------------------------------
+  def as_json(options = {})
+    {
+      sEcho: params[:sEcho].to_i,
+      iTotalDisplayRecords: registrations.total_entries,
+      iTotalRecords: @workshop.registrations.count,
+      aaData: data
+    }
+  end
+
+private
+
+  #------------------------------------------------------------------------------
+  def data
+    registrations.map do |registration|
+      [
+        registration_actions(registration),
+        "<span style='white-space:nowrap;'>#{registration.receipt_code}</span>",
+        name_and_avatar(registration),
+        present(registration).balance_or_paid,
+        "<span style='white-space:nowrap;'>#{format_date(registration.created_at)}</span>",
+        (registration.user_profile.user ? present(registration.user_profile.user).last_access : colored_label('no user', :gray))
+      ]
+    end
+  end
+
+  #------------------------------------------------------------------------------
+  def registrations
+    @registrations ||= fetch_registrations
+  end
+
+  #------------------------------------------------------------------------------
+  def name_and_avatar(registration)
+    # image_tag(registration.user_profile.public_avatar_url(:sq35), width: 25, height: 25) + link_to(registration.full_name, url_helpers.edit_admin_registration_path(I18n.locale, registration))
+    link_to(registration.full_name, url_helpers.edit_admin_registration_path(I18n.locale, registration))
+  end
+  
+  #------------------------------------------------------------------------------
+  def fetch_registrations
+    @workshop     = Workshop.find_by_slug(params[:id])
+    registrations = @workshop.registrations.includes(:workshop_price, :user_profile => [:user => :current_site_profile]).references(:user_profiles).order("#{sort_column} #{sort_direction}")
+    if params[:duplicates].present?
+      #--- grab only registrations that have duplicates (based on the user_profile_id)
+      grouped       = registrations.group(:user_profile_id)
+      dups          = grouped.count.reject {|x, y| y == 1}.collect {|x, y| x}
+      registrations = registrations.where(user_profile_id: dups)
+    end
+    registrations = registrations.page(page).per_page(per_page)
+    if params[:sSearch].present?
+      registrations = registrations.where("LOWER(user_profiles.first_name) like :search OR LOWER(user_profiles.last_name) like :search OR LOWER(user_profiles.email) like :search OR receipt_code like :search", search: "%#{params[:sSearch]}%".downcase)
+    end
+    registrations
+  end
+
+  #------------------------------------------------------------------------------
+  def registration_actions(registration)
+    actions = ''
+    actions += '<div class="btn-group">'
+      actions += "<button class='btn btn-xs dropdown-toggle btn-#{registration.current_state} hovertip' data-placement='right' data-toggle='dropdown' title='#{registration.current_state.capitalize} on #{format_date(registration.process_changed_on)}'><i class='caret'></i></button>"
+      actions += '<ul class="dropdown-menu">'
+        actions += action_list(registration)
+      actions += '</ul>'
+    actions += '</div>'
+  end
+  
+  #------------------------------------------------------------------------------
+  def action_list(registration)
+    actions = registration.aasm.permissible_events
+    actions.sort! {|x,y| x.to_s <=> y.to_s}
+
+    output = ''
+    actions.each do |action|
+      output << '<li>' +
+      link_to('<i class="icon-chevron-right"></i>'.html_safe + action.to_s.titlecase, 
+              url_helpers.action_state_admin_registration_path(I18n.locale, registration, :state_event => action),
+              {:remote => true, :method => :put}) +
+       '</li>'
+     end
+    return output.html_safe
+  end
+  
+  #------------------------------------------------------------------------------
+  def page
+    params[:iDisplayStart].to_i/per_page + 1
+  end
+
+  #------------------------------------------------------------------------------
+  def per_page
+    params[:iDisplayLength].to_i > 0 ? params[:iDisplayLength].to_i : 50
+  end
+
+  #------------------------------------------------------------------------------
+  def sort_column
+    columns = ["aasm_state #{sort_direction}, process_changed_on", 'receipt_code', "LOWER(user_profiles.first_name) #{sort_direction}, LOWER(user_profiles.last_name)", '', 'ems_registrations.created_at', 'user_site_profiles.last_access_at']
+    columns[params[:iSortCol_0].to_i]
+  end
+
+  #------------------------------------------------------------------------------
+  def sort_direction
+    params[:sSortDir_0] == "desc" ? "desc" : "asc"
+  end
+
+end

data/app/helpers/dm_event/application_helper.rb

@@ -0,0 +1,4 @@
+module DmEvent
+  module ApplicationHelper
+  end
+end

data/app/helpers/dm_event/registrations_helper.rb

@@ -0,0 +1,14 @@
+module DmEvent::RegistrationsHelper
+
+  #------------------------------------------------------------------------------
+  def price_details(workshop_price)
+    render :partial => 'dm_event/registrations/workshop_price', :object => workshop_price
+  end
+
+  #------------------------------------------------------------------------------
+  def status_label(text, state = :plain, with_icon = true)
+    icons = { acceptedx: 'icon-thumbs-up' }.freeze
+    icon = icons[state.to_sym]
+    colored_label(icon_label(icon, text, :color => '#fff'), state)
+  end
+end

data/app/helpers/dm_event/workshops_helper.rb

@@ -0,0 +1,41 @@
+module DmEvent::WorkshopsHelper
+  
+  #------------------------------------------------------------------------------
+  def render_workshop_description(workshop)
+    if workshop.description.nil?
+      description = ""
+    else
+      # --- process as markdown
+      x           = render :inline => workshop.description
+      description = liquidize_markdown(x, {})
+    end
+    return description
+  end
+
+  #------------------------------------------------------------------------------
+  def render_workshop_sidebar(workshop)
+    return '' if workshop.sidebar.nil?
+
+    liquidize_markdown(render(:inline => workshop.sidebar), {})
+  end
+
+  # Convert the financial "collected" data into json for pie charts
+  #------------------------------------------------------------------------------
+  def financial_collected_json(collected)
+    json = []
+    collected.sort.each do |item|
+      json << { label: "#{item[0]}: #{item[1].format(:no_cents_if_whole => true, :symbol => true)}", data: item[1].to_f }
+    end
+    json.to_json
+  end
+
+  # Convert the financial "collected" data into json for pie charts
+  #------------------------------------------------------------------------------
+  def financial_collected_monthly_json(collected)
+    json = []
+    collected.sort.each do |item|
+      json << [ "#{item[0].localize("%b")}", collected[item[0]].to_f ]
+    end
+    json.to_json
+  end
+end

data/app/mailers/payment_reminder_mailer.rb

@@ -0,0 +1,25 @@
+class PaymentReminderMailer < DmCore::SiteMailer
+  
+  helper  DmCore::LiquidHelper
+  helper  DmCore::UrlHelper
+  helper  DmCore::AccountHelper
+
+  layout 'email_templates/dm_event_email_layout'
+  
+  #------------------------------------------------------------------------------
+  def payment_reminder(registration)
+    account                     = registration.account
+    @subject                    = I18n.t('ems.ticket_payment_reminder_subject', value: registration.workshop.title)
+    @recipients                 = registration.email
+    @registration               = registration
+    @payment_owed               = registration.payment_owed.format
+    @payment_link               = registration.payment_url
+
+    headers = { "Reply-To" => account.preferred_smtp_from_email, "Return-Path" => account.preferred_smtp_from_email }
+    mail(to: @recipients, subject: @subject, theme: account.account_prefix,
+         bcc: account.preferred_archive_email,
+         template_path: 'layouts/email_templates',
+         template_name: 'dm_event_payment_reminder')
+  end
+
+end

data/app/mailers/registration_notify_mailer.rb

@@ -0,0 +1,31 @@
+class RegistrationNotifyMailer < DmCore::SiteMailer
+  
+  helper  DmCore::LiquidHelper
+  helper  DmCore::UrlHelper
+  helper  DmCore::AccountHelper
+    
+  layout 'email_templates/dm_event_email_layout'
+
+  #------------------------------------------------------------------------------
+  def registration_notify(registration, content, substitutions)
+    contact_email               = registration.workshop.contact_email
+    account                     = registration.account
+    @subject                    = substitutions['subject']
+    @recipients                 = registration.email
+    @bcc                        = []
+    @bcc                       << account.preferred_archive_email if account.preferred_archive_email
+    @bcc                       << contact_email if registration.workshop.bcc_contact_email
+    @registration               = registration
+    @content                    = content
+    @state                      = substitutions['state']
+
+    headers = { "Reply-To" => (contact_email != "") ? contact_email : account.preferred_smtp_from_email, 
+                "Return-Path" => account.preferred_smtp_from_email }
+
+    mail(to: @recipients, subject: @subject, bcc: @bcc, theme: account.account_prefix) do |format|
+      format.text { render "layouts/email_templates/dm_event_registration_notify.text.erb" }
+      format.html { render "layouts/email_templates/dm_event_registration_notify.html.erb" }
+    end
+  end
+
+end

data/app/models/dm_event/concerns/ability.rb

@@ -0,0 +1,38 @@
+# Wrap forum specific CanCan rules.  Should be included in the main app's
+# Ability class.
+# NOTE:  When checking abilities, don't check for Class level abilities,
+# unless you don't care about the instance level.  For example, don't
+# use both styles
+#   can? :moderate, Forum
+#   can? :moderate, @forum
+# In this case, if you need to check the class level, then use specific
+#    current_user.has_role? :moderator, Forum
+#------------------------------------------------------------------------------
+
+module DmEvent
+  module Concerns
+    module Ability
+      def dm_event_abilities(user)
+        if user
+          if user.has_role?(:event_manager)
+            can :manage_events, :all
+            can :access_admin, :all
+          end
+        end
+      end
+    end
+  end
+end
+
+#------------------------------------------------------------------------------
+# The abilities get basically compiled.  So if you use
+#
+#    can :moderate, Forum, :id => Forum.with_role(:moderator, user).map(&:id)
+#
+# this will execute the Forum.with_role query once during Ability.new.  However
+#
+#    can :moderate, Forum do |forum|
+#      user.has_role? :moderator, forum
+#    end
+#
+# this will execute the has_role? block on each call to can?