[managers] trainings management

app/assets/templates/admin/calendar/calendar.html.erb

@@ -45,7 +45,7 @@
   </div>
 
   <div class="col-sm-12 col-md-12 col-lg-3">
-    <div class="m text-center" ng-show="AuthService.isAuthorized('admin')">
+    <div class="m text-center" ng-show="isAuthorized('admin')">
       <a class="btn btn-default export-xls-button"
          ng-href="api/availabilities/export_index.xlsx"
          target="export-frame"

app/assets/templates/admin/trainings/index.html.erb

@@ -35,7 +35,7 @@
       <uib-tabset justified="true" active="tabs.active">
         <uib-tab heading="{{ 'app.admin.trainings.trainings' | translate }}" index="0" class="manage-trainings">
           <div class="m-t m-b">
-            <button type="button" class="btn btn-warning" ui-sref="app.admin.trainings_new">
+            <button type="button" class="btn btn-warning" ui-sref="app.admin.trainings_new" ng-show="isAuthorized('admin')">
               <i class="fa fa-plus m-r"></i>
               <span translate>{{ 'app.admin.trainings.add_a_new_training' }}</span>
             </button>
@@ -64,7 +64,7 @@
               <td>{{ showMachines(training) }}</td>
               <td>{{ training.nb_total_places }}</td>
               <td>
-                <div class="buttons">
+                <div class="buttons" ng-show="isAuthorized('admin')">
                   <button class="btn btn-default" ui-sref="app.admin.trainings_edit({id:training.id})">
                     <i class="fa fa-edit"></i> {{ 'app.shared.buttons.edit' | translate }}
                   </button>

app/assets/templates/shared/header.html.erb

@@ -40,8 +40,8 @@
         <li><a ui-sref="app.logged.dashboard.events" translate>{{ 'app.public.common.my_events' }}</a></li>
         <li><a ui-sref="app.logged.dashboard.invoices" ng-hide="fablabWithoutInvoices" translate>{{ 'app.public.common.my_invoices' }}</a></li>
         <li ng-hide="fablabWithoutWallet"><a ui-sref="app.logged.dashboard.wallet" translate>{{ 'app.public.common.my_wallet' }}</a></li>
-        <li class="divider" ng-if="currentUser.role === 'admin'"></li>
-        <li><a class="text-black pointer" ng-click="help($event)" ng-if="currentUser.role === 'admin'"><i class="fa fa-question-circle"></i> <span translate>{{ 'app.public.common.help' }}</span> </a></li>
+        <li class="divider" ng-if="isAuthorized(['admin', 'manager'])"></li>
+        <li><a class="text-black pointer" ng-click="help($event)" ng-if="isAuthorized(['admin', 'manager'])"><i class="fa fa-question-circle"></i> <span translate>{{ 'app.public.common.help' }}</span> </a></li>
         <li class="divider"></li>
         <li><a class="text-black pointer" ng-click="logout($event)"><i class="fa fa-power-off"></i> {{ 'app.public.common.sign_out' | translate }}</a></li>
       </ul>

app/controllers/api/trainings_controller.rb

@@ -41,7 +41,8 @@ class API::TrainingsController < API::ApiController
       end
 
       head :no_content
-    elsif @training.update(training_params)
+    elsif current_user.admin? && @training.update(training_params)
+      # only admins can fully update a training, not managers
       render :show, status: :ok, location: @training
     else
       render json: @training.errors, status: :unprocessable_entity

app/policies/training_policy.rb

@@ -1,3 +1,6 @@
+# frozen_string_literal: true
+
+# Check the access policies for API::TrainingsController
 class TrainingPolicy < ApplicationPolicy
   class Scope < Scope
     def resolve
@@ -5,17 +8,19 @@ class TrainingPolicy < ApplicationPolicy
     end
   end
 
-  %w(create update).each do |action|
-    define_method "#{action}?" do
-      user.admin?
-    end
+  def create
+    user.admin?
+  end
+
+  def update?
+    user.admin? || user.manager?
   end
 
   def destroy?
-    user.admin? and record.destroyable?
+    user.admin? && record.destroyable?
   end
 
   def availabilities?
-    user.admin?
+    user.admin? || user.manager?
   end
 end