Module: Card::Set::All::Permissions

Extended by:
Card::Set
Defined in:
tmpsets/set/mod001-01_core/all/permissions.rb

Defined Under Namespace

Modules: Accounts, Follow

Instance Method Summary collapse

Methods included from Card::Set

abstract_set?, all_set?, card_accessor, card_reader, card_writer, clean_empty_module_from_hash, clean_empty_modules, define_active_job, define_event_method, define_event_perform_later_method, define_on_format, ensure_set, event, extended, format, process_base_module_list, process_base_modules, register_set, register_set_format, shortname, view, write_tmp_file

Instance Method Details

#add_to_read_rule_update_queue(updates) ⇒ Object 



193
194
195
 
# File 'tmpsets/set/mod001-01_core/all/permissions.rb', line 193

def add_to_read_rule_update_queue updates
  @read_rule_update_queue = Array.wrap(@read_rule_update_queue).concat updates
end

#deny_because(why) ⇒ Object 



70
71
72
73
 
# File 'tmpsets/set/mod001-01_core/all/permissions.rb', line 70

def deny_because why
  @permission_errors << why if @permission_errors
  @action_ok = false
end

#have_recaptcha_keys?Boolean

Returns:

  • (Boolean) 


231
232
233
234
 
# File 'tmpsets/set/mod001-01_core/all/permissions.rb', line 231

def have_recaptcha_keys?
  @@have_recaptcha_keys = defined?(@@have_recaptcha_keys) ? @@have_recaptcha_keys :
    !!( Card.config.recaptcha_public_key && Card.config.recaptcha_private_key )
end

#ok!(action, opts = {}) ⇒ Object 



29
30
31
 
# File 'tmpsets/set/mod001-01_core/all/permissions.rb', line 29

def ok! action, opts={}
  raise Card::PermissionDenied.new self unless ok? action, opts
end

#ok?(action) ⇒ Boolean

Returns:

  • (Boolean) 


16
17
18
19
20
 
# File 'tmpsets/set/mod001-01_core/all/permissions.rb', line 16

def ok? action
  @action_ok = true
  send "ok_to_#{action}"
  @action_ok
end

#ok_to_commentObject 



138
139
140
141
142
143
144
 
# File 'tmpsets/set/mod001-01_core/all/permissions.rb', line 138

def ok_to_comment
  permit :comment, 'comment on'
  if @action_ok
    deny_because "No comments allowed on templates" if is_template?
    deny_because "No comments allowed on structured content" if structure
  end
end

#ok_to_createObject 



102
103
104
105
106
107
108
109
110
111
112
113
114
115
 
# File 'tmpsets/set/mod001-01_core/all/permissions.rb', line 102

def ok_to_create
  permit :create
  if @action_ok and junction?
    [:left, :right].each do |side|
      next if side==:left && @superleft   # left is supercard; create permissions will get checked there.
      part_card = send side, :new=>{}
      if part_card && part_card.new_card? # if no card, there must be other errors
        unless part_card.ok? :create
          deny_because you_cant("create #{part_card.name}")
        end
      end
    end
  end
end

#ok_to_deleteObject 



134
135
136
 
# File 'tmpsets/set/mod001-01_core/all/permissions.rb', line 134

def ok_to_delete
  permit :delete
end

#ok_to_readObject 



117
118
119
120
121
122
123
124
 
# File 'tmpsets/set/mod001-01_core/all/permissions.rb', line 117

def ok_to_read
  if !Auth.always_ok?
    @read_rule_id ||= permission_rule_card(:read).first.id.to_i
    if !Auth.as_card.read_rules.member? @read_rule_id
      deny_because you_cant "read this"
    end
  end
end

#ok_to_updateObject 



126
127
128
129
130
131
132
 
# File 'tmpsets/set/mod001-01_core/all/permissions.rb', line 126

def ok_to_update
  permit :update
  if @action_ok and type_id_changed? and !permitted? :create
    deny_because you_cant( "change to this type (need create permission)" )
  end
  ok_to_read if @action_ok
end

#ok_with_fetch?(action, opts = {}) ⇒ Boolean

Returns:

  • (Boolean) 


22
23
24
25
 
# File 'tmpsets/set/mod001-01_core/all/permissions.rb', line 22

def ok_with_fetch? action, opts={}
  card = opts[:trait].nil? ? self : fetch(opts)
  card && card.ok_without_fetch?(action)
end

#permission_rule_card(action) ⇒ Object 



39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
 
# File 'tmpsets/set/mod001-01_core/all/permissions.rb', line 39

def permission_rule_card action
  opcard = rule_card action

  unless opcard # RULE missing.  should not be possible.  generalize this to handling of all required rules
    errors.add :permission_denied, "No #{action} rule for #{name}"
    raise Card::PermissionDenied.new(self)
  end

  rcard = Auth.as_bot do
    if ['_left','[[_left]]'].member?(opcard.db_content) && self.junction?  # compound cards can inherit permissions from left parent
      lcard = left_or_new( :skip_virtual=>true, :skip_modules=>true )
      if action==:create && lcard.real? && !lcard.action==:create
        action = :update
      end
      lcard.permission_rule_card(action).first
    else
      opcard
    end
  end
  return rcard, opcard.rule_class_name
end

#permit(action, verb = nil) ⇒ Object 



90
91
92
93
94
95
96
97
98
99
100
 
# File 'tmpsets/set/mod001-01_core/all/permissions.rb', line 90

def permit action, verb=nil

  if Card.config.read_only # not called by ok_to_read
    deny_because "Currently in read-only mode"
  end

  verb ||= action.to_s
  unless permitted? action
    deny_because you_cant("#{verb} #{name.present? ? name : 'this'}")
  end
end

#permitted?(action) ⇒ Boolean

Returns:

  • (Boolean) 


75
76
77
78
79
80
81
82
83
84
85
86
87
88
 
# File 'tmpsets/set/mod001-01_core/all/permissions.rb', line 75

def permitted? action

  if !Card.config.read_only
    return true if action != :comment and Auth.always_ok?

    permitted_ids = who_can action
    if action == :comment && Auth.always_ok?
      # admin can comment if anyone can
      !permitted_ids.empty?
    else
      Auth.among? permitted_ids
    end
  end
end

#recaptcha_on?Boolean

Returns:

  • (Boolean) 


222
223
224
225
226
227
228
229
 
# File 'tmpsets/set/mod001-01_core/all/permissions.rb', line 222

def recaptcha_on?
  have_recaptcha_keys? &&
  Env[:controller]     &&
  !Auth.signed_in?     &&
  !Auth.needs_setup?   &&
  !Auth.always_ok?     &&
  Card.toggle( rule :captcha )
end

#rule_class_nameObject 



61
62
63
 
# File 'tmpsets/set/mod001-01_core/all/permissions.rb', line 61

def rule_class_name
  trunk.type_id == Card::SetID ? cardname.trunk_name.tag : nil
end

#track_permission_errorsObject 



209
210
211
212
213
214
215
216
217
218
219
 
# File 'tmpsets/set/mod001-01_core/all/permissions.rb', line 209

def track_permission_errors
  @permission_errors = []
  result = yield

  @permission_errors.each do |message|
    errors.add :permission_denied, message
  end
  @permission_errors = nil

  result
end

#update_read_ruleObject 



168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
 
# File 'tmpsets/set/mod001-01_core/all/permissions.rb', line 168

def update_read_rule
  Card.record_timestamps = false

  reset_patterns # why is this needed?
  rcard, rclass = permission_rule_card :read
  self.read_rule_id = rcard.id #these two are just to make sure vals are correct on current object
  #warn "updating read rule for #{inspect} to #{rcard.inspect}, #{rclass}"

  self.read_rule_class = rclass
  Card.where(:id=>self.id).update_all(:read_rule_id=>rcard.id, :read_rule_class=>rclass)
  expire

  # currently doing a brute force search for every card that may be impacted.  may want to optimize(?)
  Auth.as_bot do
    Card.search(:left=>self.name).each do |plus_card|
      if plus_card.rule(:read) == '_left'
        plus_card.update_read_rule
      end
    end
  end

ensure
  Card.record_timestamps = true
end

#who_can(action) ⇒ Object 



33
34
35
36
 
# File 'tmpsets/set/mod001-01_core/all/permissions.rb', line 33

def who_can action
  #warn "who_can[#{name}] #{(prc=permission_rule_card(action)).inspect}, #{prc.first.item_cards.map(&:id)}" if action == :update
  permission_rule_card(action).first.item_cards.map &:id
end

#you_cant(what) ⇒ Object 



65
66
67
 
# File 'tmpsets/set/mod001-01_core/all/permissions.rb', line 65

def you_cant what
  "You don't have permission to #{what}"
end