Class OrdersController
In: app/controllers/orders_controller.rb
Parent: GenericRestController

Methods

can_create?   can_edit?   find_resources   show  

Public Instance methods

show()

[Source]

    # File app/controllers/orders_controller.rb, line 27
27:   def show
28:     super
29:     set_current_order( resource )
30:   end

Protected Instance methods

can_create?()

Fake out the generic UI — even when users can create an order, we don‘t want them doing it here…

[Source]

    # File app/controllers/orders_controller.rb, line 56
56:   def can_create?; false; end
can_edit?( order )

Here‘s a messy corner case:

Users have permission to edit only their unpaid orders. When they pay, they lose that permission. But, if they thereby lose :update permission, then they can‘t save the paid version of the order. So, for orders, update and edit permissions are different, and we can‘t automatically infer one from the other in the "generic" way. Thus…

[Source]

    # File app/controllers/orders_controller.rb, line 49
49:   def can_edit?( order )
50:     order.permits?( :update )
51:   end
find_resources()

[Source]

    # File app/controllers/orders_controller.rb, line 36
36:   def find_resources
37:     Order.all_permitting :find, :order => "created_at desc"
38:   end

[Validate]