Module: Alberich::PermissionedObject
- Extended by:
- ActiveSupport::Concern
- Included in:
- BasePermissionObject
- Defined in:
- app/models/alberich/permissioned_object.rb
Class Method Summary collapse
-
.included(base) ⇒ Object
Any methods here will be able to use the context of the ActiveRecord model the module is included in.
Instance Method Summary collapse
-
#assign_owner_roles(user) ⇒ Object
assign owner role so that the creating user has permissions on the object Any roles defined on default_privilege_target_type with assign_to_owner==true will be assigned to the passed-in user on this object.
-
#derived_subtree(role = nil) ⇒ Object
Returns the list of objects to generate derived permissions for – by default just this object.
- #has_privilege(permission_session, user, action, target_type = nil) ⇒ Object
-
#perm_ancestors ⇒ Object
Returns the list of objects to check for permissions on – by default this is empty (we don’t denormalize Global permissions as they’re handled as a separate case.).
-
#update_derived_permissions_for_ancestors ⇒ Object
on obj creation, set inherited permissions for new object.
Class Method Details
.included(base) ⇒ Object
Any methods here will be able to use the context of the ActiveRecord model the module is included in.
97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 |
# File 'app/models/alberich/permissioned_object.rb', line 97 def self.included(base) base.class_eval do after_create :update_derived_permissions_for_ancestors # Returns the list of privilege target types that are relevant for # permission checking purposes. This is used in setting derived # permissions -- there's no need to create denormalized permissions # for a role which only grants Provider privileges on a Pool # object. By default, this is just the current object's type def self.active_privilege_target_types [self.default_privilege_target_type] + self.additional_privilege_target_types end def self.additional_privilege_target_types [] end def self.default_privilege_target_type self end def self.list_for_user(, user, action, target_type=self.default_privilege_target_type) if .nil? or user.nil? or action.nil? or target_type.nil? return where("1=0") end if BasePermissionObject.. has_privilege(, user, action, target_type) scoped else includes([:derived_permissions => {:role => :privileges, :entity => :session_entities}]). where("alberich_session_entities.user_id=:user and alberich_session_entities.permission_session_id=:permission_session_id and alberich_privileges.target_type=:target_type and alberich_privileges.action=:action", {:user => user.id, :permission_session_id => .id, :target_type => target_type.name, :action => action}) end end end end |
Instance Method Details
#assign_owner_roles(user) ⇒ Object
assign owner role so that the creating user has permissions on the object Any roles defined on default_privilege_target_type with assign_to_owner==true will be assigned to the passed-in user on this object
84 85 86 87 88 89 90 91 92 93 |
# File 'app/models/alberich/permissioned_object.rb', line 84 def assign_owner_roles(user) roles = Role.find(:all, :conditions => ["assign_to_owner =:assign and scope=:scope", { :assign => true, :scope => self.class.default_privilege_target_type.name}]) roles.each do |role| Permission.create!(:role => role, :entity => Entity.for_target(user), :permission_object => self) end self.reload end |
#derived_subtree(role = nil) ⇒ Object
Returns the list of objects to generate derived permissions for – by default just this object
55 56 57 |
# File 'app/models/alberich/permissioned_object.rb', line 55 def derived_subtree(role = nil) [self] end |
#has_privilege(permission_session, user, action, target_type = nil) ⇒ Object
18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 |
# File 'app/models/alberich/permissioned_object.rb', line 18 def has_privilege(, user, action, target_type=nil) return false if .nil? or user.nil? or action.nil? target_type = self.class.default_privilege_target_type if target_type.nil? if .includes(:role => :privileges, :entity => :session_entities).where( ["alberich_session_entities.user_id=:user and alberich_session_entities.permission_session_id=:permission_session_id and alberich_privileges.target_type=:target_type and alberich_privileges.action=:action", { :user => user.id, :permission_session_id => .id, :target_type => target_type.name, :action => action}]).any? return true else BasePermissionObject... includes(:role => :privileges, :entity => :session_entities).where( ["alberich_session_entities.user_id=:user and alberich_session_entities.permission_session_id=:permission_session_id and alberich_privileges.target_type=:target_type and alberich_privileges.action=:action", { :user => user.id, :permission_session_id => , :target_type => target_type.name, :action => action}]).any? end end |
#perm_ancestors ⇒ Object
Returns the list of objects to check for permissions on – by default this is empty (we don’t denormalize Global permissions as they’re handled as a separate case.)
50 51 52 |
# File 'app/models/alberich/permissioned_object.rb', line 50 def perm_ancestors [] end |
#update_derived_permissions_for_ancestors ⇒ Object
on obj creation, set inherited permissions for new object
59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 |
# File 'app/models/alberich/permissioned_object.rb', line 59 def # for create hook this should normally be empty = Hash[.map{|p| [p..id,p]}] perm_ancestors.each do |perm_obj| perm_obj..each do || if .role.privilege_target_match(self.class.default_privilege_target_type) unless .delete(.id) .create(:entity_id => .entity_id, :role_id => .role_id, :permission => ) end end end end # anything remaining in old_derived_permissions should be removed, # as would be expected if this hook is triggered by removing a # catalog entry for a deployable .each do |id, derived_perm| derived_perm.destroy end #reload end |