Class: Ability

Inherits:
Object
  • Object
show all
Includes:
CanCan::Ability
Defined in:
app/models/ability.rb

Instance Method Summary collapse

Constructor Details

#initialize(current_user, options = {}) ⇒ Ability

Returns a new instance of Ability.



5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
 
# File 'app/models/ability.rb', line 5

def initialize(current_user, options = {})
  current_user ||= User.new

  can :read, :all

  # NOTE: Update authorizations
  can :access, :updates do |update|
    update.project.user_id == current_user.id
  end
  can :see, :updates do |update|
    !update.exclusive || !current_user.backs.confirmed.where(project_id: update.project.id).empty?
  end

  # NOTE: Project authorizations
  can :create, :projects if current_user.persisted?

  can :update, :projects, [:about, :video_url, :uploaded_image, :headline ] do |project|
    project.user == current_user && ( project.online? || project.waiting_funds? || project.successful? || project.failed? )
  end

  can :update, :projects do |project|
    project.user == current_user && ( project.draft? || project.rejected? )
  end


  # NOTE: Reward authorizations
  can :create, :rewards do |reward|
    reward.project.user == current_user
  end

  can [:update, :destroy], :rewards do |reward|
    reward.backers.in_time_to_confirm.empty? && reward.backers.confirmed.empty? && reward.project.user == current_user
  end

  can [:update, :sort], :rewards, [:description, :maximum_backers] do |reward|
    reward.project.user == current_user
  end

  can :update, :rewards, :days_to_delivery do |reward|
    reward.project.user == current_user && !reward.project.successful? && !reward.project.failed?
  end

  # NOTE: User authorizations
  can :set_email, :users do |user|
    current_user.persisted?
  end

  can [:update, :credits, :manage, :update_password, :update_email], :users  do |user|
    current_user == user
  end

  can :update, :users, :admin do |user|
    current_user.admin
  end


  # NOTE: Backer authorizations
  cannot :show, :backers
  can :create, :backers if current_user.persisted?

  can [ :request_refund, :credits_checkout, :show, :update_info], :backers do |backer|
    backer.user == current_user
  end

  cannot :update_info, :backers, [:user_attributes, :user_id, :user, :value, :payment_service_fee, :payment_id] do |backer|
    backer.user == current_user
  end

  # Channel authorizations
  # Due to previous abilities, first I activate all things
  # and in the final I deactivate unnecessary abilities.
  can :create, :channels_subscribers if current_user.persisted?
  can :destroy, :channels_subscribers do |cs|
    cs.user == current_user
  end

  if current_user.trustee?

    can :access, :all
    cannot :access, :projects
    cannot :access, :rewards

    can :create, :projects
    can :access, :projects do |project|
      current_user.channels_projects.exists?(project)
    end


    can :access, :rewards do |reward|
      current_user.channels_projects.exists?(reward.project)
    end


    # For the access, :all
    # we're removing the ability to update users at all, but
    cannot [:update, :destroy], :users

    # He can update himself
    can :update, :users do |user|
      user == current_user
    end

    # Nobody can destroy projects.
    cannot :destroy, :projects
  end

  # A trustee cannot access the adm/ path
  # He can only do this if he is an admin too.
  case options[:namespace]
    when "Adm"
      if current_user.trustee? && !current_user.admin?
        cannot :access, :all
      end
    else
  end



  # NOTE: admin can access everything.
  # It's the last ability to override all previous abilities.
  can :access, :all if current_user.admin?


end