|
|
@@ -27,11 +27,17 @@ class Ability
|
|
|
# can :update, :all
|
|
|
else
|
|
|
user.permissions.each do |permission|
|
|
|
- eval "can :#{permission.can}, #{permission.model}"
|
|
|
+ if permission.model=="Order"
|
|
|
+ can :update, Order, :depart => [1,2]
|
|
|
+ can :read, Order, :depart => [1,2]
|
|
|
+ else
|
|
|
+ eval "can :#{permission.can}, #{permission.model}"
|
|
|
+ end
|
|
|
end
|
|
|
|
|
|
can :update, AdminUser, :id => user.id
|
|
|
can :read, AdminUser, :id => user.id
|
|
|
+
|
|
|
cannot :history, :all
|
|
|
# cannot :destroy, ChannelQrcode
|
|
|
# cannot :refund_at_once, Project
|
