Module: Card::Set::All::Permissions
- Extended by:
- Card::Set
- Defined in:
- tmpsets/set/mod001-01_core/all/permissions.rb
Defined Under Namespace
Modules: Accounts, Follow
Instance Method Summary
collapse
Methods included from Card::Set
abstract_set?, all_set?, card_accessor, card_reader, card_writer, clean_empty_module_from_hash, clean_empty_modules, define_active_job, define_event_method, define_event_perform_later_method, define_on_format, ensure_set, event, extended, format, process_base_module_list, process_base_modules, register_set, register_set_format, shortname, view, write_tmp_file
Instance Method Details
#add_to_read_rule_update_queue(updates) ⇒ Object
193
194
195
|
# File 'tmpsets/set/mod001-01_core/all/permissions.rb', line 193
def add_to_read_rule_update_queue updates
@read_rule_update_queue = Array.wrap(@read_rule_update_queue).concat updates
end
|
#deny_because(why) ⇒ Object
70
71
72
73
|
# File 'tmpsets/set/mod001-01_core/all/permissions.rb', line 70
def deny_because why
@permission_errors << why if @permission_errors
@action_ok = false
end
|
#have_recaptcha_keys? ⇒ Boolean
231
232
233
234
|
# File 'tmpsets/set/mod001-01_core/all/permissions.rb', line 231
def have_recaptcha_keys?
@@have_recaptcha_keys = defined?(@@have_recaptcha_keys) ? @@have_recaptcha_keys :
!!( Card.config.recaptcha_public_key && Card.config.recaptcha_private_key )
end
|
#ok!(action, opts = {}) ⇒ Object
29
30
31
|
# File 'tmpsets/set/mod001-01_core/all/permissions.rb', line 29
def ok! action, opts={}
raise Card::PermissionDenied.new self unless ok? action, opts
end
|
#ok?(action) ⇒ Boolean
16
17
18
19
20
|
# File 'tmpsets/set/mod001-01_core/all/permissions.rb', line 16
def ok? action
@action_ok = true
send "ok_to_#{action}"
@action_ok
end
|
138
139
140
141
142
143
144
|
# File 'tmpsets/set/mod001-01_core/all/permissions.rb', line 138
def
permit :comment, 'comment on'
if @action_ok
deny_because "No comments allowed on templates" if is_template?
deny_because "No comments allowed on structured content" if structure
end
end
|
#ok_to_create ⇒ Object
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
# File 'tmpsets/set/mod001-01_core/all/permissions.rb', line 102
def ok_to_create
permit :create
if @action_ok and junction?
[:left, :right].each do |side|
next if side==:left && @superleft part_card = send side, :new=>{}
if part_card && part_card.new_card? unless part_card.ok? :create
deny_because you_cant("create #{part_card.name}")
end
end
end
end
end
|
#ok_to_delete ⇒ Object
134
135
136
|
# File 'tmpsets/set/mod001-01_core/all/permissions.rb', line 134
def ok_to_delete
permit :delete
end
|
#ok_to_read ⇒ Object
117
118
119
120
121
122
123
124
|
# File 'tmpsets/set/mod001-01_core/all/permissions.rb', line 117
def ok_to_read
if !Auth.always_ok?
@read_rule_id ||= permission_rule_card(:read).first.id.to_i
if !Auth.as_card.read_rules.member? @read_rule_id
deny_because you_cant "read this"
end
end
end
|
#ok_to_update ⇒ Object
126
127
128
129
130
131
132
|
# File 'tmpsets/set/mod001-01_core/all/permissions.rb', line 126
def ok_to_update
permit :update
if @action_ok and type_id_changed? and !permitted? :create
deny_because you_cant( "change to this type (need create permission)" )
end
ok_to_read if @action_ok
end
|
#ok_with_fetch?(action, opts = {}) ⇒ Boolean
22
23
24
25
|
# File 'tmpsets/set/mod001-01_core/all/permissions.rb', line 22
def ok_with_fetch? action, opts={}
card = opts[:trait].nil? ? self : fetch(opts)
card && card.ok_without_fetch?(action)
end
|
#permission_rule_card(action) ⇒ Object
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
# File 'tmpsets/set/mod001-01_core/all/permissions.rb', line 39
def permission_rule_card action
opcard = rule_card action
unless opcard errors.add :permission_denied, "No #{action} rule for #{name}"
raise Card::PermissionDenied.new(self)
end
rcard = Auth.as_bot do
if ['_left','[[_left]]'].member?(opcard.db_content) && self.junction? lcard = left_or_new( :skip_virtual=>true, :skip_modules=>true )
if action==:create && lcard.real? && !lcard.action==:create
action = :update
end
lcard.permission_rule_card(action).first
else
opcard
end
end
return rcard, opcard.rule_class_name
end
|
#permit(action, verb = nil) ⇒ Object
90
91
92
93
94
95
96
97
98
99
100
|
# File 'tmpsets/set/mod001-01_core/all/permissions.rb', line 90
def permit action, verb=nil
if Card.config.read_only deny_because "Currently in read-only mode"
end
verb ||= action.to_s
unless permitted? action
deny_because you_cant("#{verb} #{name.present? ? name : 'this'}")
end
end
|
#permitted?(action) ⇒ Boolean
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
# File 'tmpsets/set/mod001-01_core/all/permissions.rb', line 75
def permitted? action
if !Card.config.read_only
return true if action != :comment and Auth.always_ok?
permitted_ids = who_can action
if action == :comment && Auth.always_ok?
!permitted_ids.empty?
else
Auth.among? permitted_ids
end
end
end
|
#rule_class_name ⇒ Object
61
62
63
|
# File 'tmpsets/set/mod001-01_core/all/permissions.rb', line 61
def rule_class_name
trunk.type_id == Card::SetID ? cardname.trunk_name.tag : nil
end
|
#track_permission_errors ⇒ Object
209
210
211
212
213
214
215
216
217
218
219
|
# File 'tmpsets/set/mod001-01_core/all/permissions.rb', line 209
def track_permission_errors
@permission_errors = []
result = yield
@permission_errors.each do |message|
errors.add :permission_denied, message
end
@permission_errors = nil
result
end
|
#update_read_rule ⇒ Object
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
|
# File 'tmpsets/set/mod001-01_core/all/permissions.rb', line 168
def update_read_rule
Card.record_timestamps = false
reset_patterns rcard, rclass = permission_rule_card :read
self.read_rule_id = rcard.id
self.read_rule_class = rclass
Card.where(:id=>self.id).update_all(:read_rule_id=>rcard.id, :read_rule_class=>rclass)
expire
Auth.as_bot do
Card.search(:left=>self.name).each do |plus_card|
if plus_card.rule(:read) == '_left'
plus_card.update_read_rule
end
end
end
ensure
Card.record_timestamps = true
end
|
#who_can(action) ⇒ Object
33
34
35
36
|
# File 'tmpsets/set/mod001-01_core/all/permissions.rb', line 33
def who_can action
permission_rule_card(action).first.item_cards.map &:id
end
|
#you_cant(what) ⇒ Object
65
66
67
|
# File 'tmpsets/set/mod001-01_core/all/permissions.rb', line 65
def you_cant what
"You don't have permission to #{what}"
end
|