Module: Alberich::ApplicationControllerHelper

Defined in:
app/controllers/alberich/application_controller_helper.rb

Defined Under Namespace

Classes: PermissionError

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.included(c) ⇒ Object 



4
5
6
 
# File 'app/controllers/alberich/application_controller_helper.rb', line 4

def self.included(c)
  c.helper_method :current_session, :current_user, :check_privilege
end

Instance Method Details

#add_permissions_common(inline, perm_obj, path_prefix = '', polymorphic_path_extras = {}) ⇒ Object 



32
33
34
35
36
37
38
39
40
41
42
43
44
 
# File 'app/controllers/alberich/application_controller_helper.rb', line 32

def add_permissions_common(inline, perm_obj, path_prefix = '',
                           polymorphic_path_extras = {})
  @permission_object = perm_obj
  # FIXME find a way to remove the @inline bit here
  @inline = inline
  @path_prefix = path_prefix
  @polymorphic_path_extras = polymorphic_path_extras
  if check_privilege(Privilege::PERM_VIEW, perm_obj)
    @roles = Role.find_all_by_scope(@permission_object.class.name)
  end
  set_permissions_header
  @permissions = filter_permissions(@permissions)
end

#add_permissions_inline(perm_obj, path_prefix = '', polymorphic_path_extras = {}) ⇒ Object 



45
46
47
48
49
50
 
# File 'app/controllers/alberich/application_controller_helper.rb', line 45

def add_permissions_inline(perm_obj, path_prefix = '',
                           polymorphic_path_extras = {})
  add_permissions_common(true, perm_obj, path_prefix,
                         polymorphic_path_extras)
  require_privilege(Privilege::VIEW, @permission_object)
end

#add_profile_permissions_inline(entity, path_prefix = '') ⇒ Object 



13
14
15
16
17
18
19
20
21
 
# File 'app/controllers/alberich/application_controller_helper.rb', line 13

def add_profile_permissions_inline(entity, path_prefix = '')
  @entity = entity
  @path_prefix = path_prefix
  @roles = Role.all_by_scope
  @inline = true
  set_permissions_header(@entity)
  # filter permissions if method provided
  @permissions = filter_permissions_for_profile(@permissions)
end

#check_privilege(action, *type_and_perm_obj) ⇒ Object 



82
83
84
85
86
87
88
89
90
91
92
 
# File 'app/controllers/alberich/application_controller_helper.rb', line 82

def check_privilege(action, *type_and_perm_obj)
  target_type = nil
  perm_obj = nil
  type_and_perm_obj.each do |obj|
    target_type=obj if obj.class==Class
    perm_obj=obj if obj.is_a?(ActiveRecord::Base)
  end
  perm_obj=@perm_obj if perm_obj.nil?
  perm_obj=BasePermissionObject.general_permission_scope if perm_obj.nil?
  perm_obj.has_privilege(current_session, current_user, action, target_type)
end

#current_sessionObject 



8
9
10
11
 
# File 'app/controllers/alberich/application_controller_helper.rb', line 8

def current_session
  @current_session ||= Alberich::PermissionSession.
    find_by_id(session[:permission_session_id])
end

#filter_permissions(perms) ⇒ Object

Override this in application_controller if application does filtering on permissions list



29
30
31
 
# File 'app/controllers/alberich/application_controller_helper.rb', line 29

def filter_permissions(perms)
  perms
end

#filter_permissions_for_profile(perms) ⇒ Object

Override this in application_controller if application does filtering on permissions list for profile UI



24
25
26
 
# File 'app/controllers/alberich/application_controller_helper.rb', line 24

def filter_permissions_for_profile(perms)
  perms
end

#require_privilege(action, *type_and_perm_obj) ⇒ Object

Require a given privilege level to view this page

1. action is required -- what action to check (in Privilege::ACTIONS)
2. perm_obj is optional -- This is the resource on which to look for
   permission records. If omitted, check for site-wide permissions on
   BasePermissionObject
3. type is also optional -- if omitted it's taken from perm_obj.
     For example, if action is 'view', perm_obj is a Pool and type is
     omitted, then check for current user's "view pool" permission on
     this pool. if action is 'view', perm_obj is a Pool and type is
     Quota, then check for current user's "view quota" permission on 
     this pool.



105
106
107
108
109
110
111
112
113
114
115
 
# File 'app/controllers/alberich/application_controller_helper.rb', line 105

def require_privilege(action, *type_and_perm_obj)
  perm_obj = nil
  type_and_perm_obj.each do |obj|
    perm_obj=obj if obj.is_a?(ActiveRecord::Base)
  end
  @perm_obj = perm_obj
  unless check_privilege(action, *type_and_perm_obj)
    raise PermissionError.new(
           "You do not have permission to access this resource")
  end
end

#set_permissions_header(perm_obj = @permission_object) ⇒ Object 



52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
 
# File 'app/controllers/alberich/application_controller_helper.rb', line 52

def set_permissions_header(perm_obj = @permission_object)
  unless perm_obj == BasePermissionObject.general_permission_scope
    @show_inherited = params[:show_inherited]
    @show_global = params[:show_global]
  end
  if @show_inherited
    @permissions = perm_obj.derived_permissions
  elsif @show_global
    @permissions = BasePermissionObject.general_permission_scope.
      permissions_for_type(perm_obj.class)
  else
    @permissions = perm_obj.permissions
  end

  @permission_list_header = []
  unless (@show_inherited or @show_global)
    @permission_list_header <<
      { :name => 'checkbox', :class => 'checkbox', :sortable => false }
  end
  @permission_list_header += [
    { :name => "Type"},
    { :name => "Name"},
    { :name => "Role", :sort_attr => :role},
  ]
  if @show_inherited
    @permission_list_header <<
      { :name => "Inherited from", :sortable => false }
  end
end