Module: EffectiveRolesHelper

Defined in:
app/helpers/effective_roles_helper.rb

Instance Method Summary collapse

Instance Method Details

#effective_roles_authorization_badge(level) ⇒ Object 



65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
 
# File 'app/helpers/effective_roles_helper.rb', line 65

def effective_roles_authorization_badge(level)
  label = defined?(EffectiveBootstrap) ? 'badge' : 'label'

  case level
  when :manage
    content_tag(:span, 'Full', class: "#{label} #{label}-primary")
  when :update
    content_tag(:span, 'Edit', class: "#{label} #{label}-success")
  when :update_own
    content_tag(:span, 'Edit Own', class: "#{label} #{label}-info")
  when :create
    content_tag(:span, 'Create', class: "#{label} #{label}-success")
  when :show
    content_tag(:span, 'Read only', class: "#{label} #{label}-warning")
  when :index
    content_tag(:span, 'Read only', class: "#{label} #{label}-warning")
  when :destroy
    content_tag(:span, 'Delete only', class: "#{label} #{label}-warning")
  when :none
    content_tag(:span, 'No Access', class: "#{label} #{label}-danger")
  when :yes
    content_tag(:span, 'Yes', class: "#{label} #{label}-primary")
  when :no
    content_tag(:span, 'No', class: "#{label} #{label}-danger")
  when :unknown
    content_tag(:span, 'Unknown', class: "#{label}")
  else
    content_tag(:span, level.to_s.titleize, class: "#{label} #{label}-info")
  end
end

#effective_roles_authorization_label(klass) ⇒ Object 



96
97
98
99
100
101
102
 
# File 'app/helpers/effective_roles_helper.rb', line 96

def effective_roles_authorization_label(klass)
  # Custom permissions
  return "#{klass.keys.first} #{klass.values.first}" if klass.kind_of?(Hash) && klass.length == 1

  klass = klass.keys.first if klass.kind_of?(Hash)
  klass.respond_to?(:name) ? klass.name : klass.to_s
end

#effective_roles_authorization_level(controller, role, resource) ⇒ Object

This is used by the effective_roles_summary_table helper method



105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
 
# File 'app/helpers/effective_roles_helper.rb', line 105

def effective_roles_authorization_level(controller, role, resource)
  authorization_method = EffectiveResources.authorization_method

  raise('expected an authorization method') unless (authorization_method.respond_to?(:call) || authorization_method.kind_of?(Symbol))
  return :unknown unless (controller.current_user rescue nil).respond_to?(:roles=)

  # Store the current ability (cancan support) and roles
  current_ability = controller.instance_variable_get(:@current_ability)
  current_user = controller.instance_variable_get(:@current_user)
  current_user_roles = controller.current_user.roles

  # Set up the user, so the check is done with the desired permission level
  controller.instance_variable_set(:@current_ability, nil)

  level = nil

  case role
  when :signed_in
    controller.current_user.roles = []
  when :public
    controller.instance_variable_set(:@current_user, nil)

    if defined?(EffectiveLogging)
      EffectiveLogging.supressed { (controller.request.env['warden'].set_user(false) rescue nil) }
    else
      (controller.request.env['warden'].set_user(false) rescue nil)
    end
  else
    controller.current_user.roles = [role]
  end

  # Find the actual authorization level
  level = effective_roles_item_authorization_level(controller, role, resource, authorization_method)

  # Restore the existing current_user stuff
  if role == :public
    ActiveRecord::Base.transaction do
      if defined?(EffectiveLogging)
        EffectiveLogging.supressed { (controller.request.env['warden'].set_user(current_user) rescue nil) }
      else
        (controller.request.env['warden'].set_user(current_user) rescue nil)
      end

      raise ActiveRecord::Rollback
    end
  end

  controller.instance_variable_set(:@current_ability, current_ability)
  controller.instance_variable_set(:@current_user, current_user)
  controller.current_user.roles = current_user_roles

  level
end

#effective_roles_item_authorization_level(controller, role, resource, auth_method) ⇒ Object 



159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
 
# File 'app/helpers/effective_roles_helper.rb', line 159

def effective_roles_item_authorization_level(controller, role, resource, auth_method)
  resource = (resource.new() rescue resource) if resource.kind_of?(ActiveRecord::Base)

  # Custom actions
  if resource.kind_of?(Hash)
    resource.each do |key, value|
      return (controller.instance_exec(controller, key, value, &auth_method) rescue false) ? :yes : :no
    end
  end

  # Check for Manage
  return :manage if (
    (controller.instance_exec(controller, :create, resource, &auth_method) rescue false) &&
    (controller.instance_exec(controller, :update, resource, &auth_method) rescue false) &&
    (controller.instance_exec(controller, :show, resource, &auth_method) rescue false) &&
    (controller.instance_exec(controller, :destroy, resource, &auth_method) rescue false)
  )

  # Check for Update
  return :update if (controller.instance_exec(controller, :update, resource, &auth_method) rescue false)

  # Check for Update Own
  if resource.respond_to?('user=')
    resource.user = controller.current_user
    return :update_own if (controller.instance_exec(controller, :update, resource, &auth_method) rescue false)
    resource.user = nil
  elsif resource.respond_to?('user_id=')
    resource.user_id = controller.current_user.id
    return :update_own if (controller.instance_exec(controller, :update, resource, &auth_method) rescue false)
    resource.user_id = nil
  elsif resource.class.name.end_with?('User')
    return :update_own if (controller.instance_exec(controller, :update, controller.current_user, &auth_method) rescue false)
  end

  # Check for Create
  return :create if (controller.instance_exec(controller, :create, resource, &auth_method) rescue false)

  # Check for Show
  return :show if (controller.instance_exec(controller, :show, resource, &auth_method) rescue false)

  # Check for Index
  return :index if (controller.instance_exec(controller, :index, resource, &auth_method) rescue false)

  # Check for Destroy
  return :destroy if (controller.instance_exec(controller, :destroy, resource, &auth_method) rescue false)

  :none
end

#effective_roles_summary(obj, options = {}) ⇒ Object

User or a Post, any acts_as_roleable



2
3
4
5
6
7
8
9
 
# File 'app/helpers/effective_roles_helper.rb', line 2

def effective_roles_summary(obj, options = {}) # User or a Post, any acts_as_roleable
  raise 'expected an acts_as_roleable object' unless obj.respond_to?(:roles)

  descriptions = EffectiveRoles.role_descriptions[obj.class.name] || EffectiveRoles.role_descriptions || {}
  opts = { obj: obj, roles: obj.roles, descriptions: descriptions }.merge(options)

  render partial: 'effective/roles/summary', locals: opts
end

#effective_roles_summary_table(opts = {}) ⇒ Object

effective_roles_summary_table(roles: [:admin, :superadmin], only: [Post, Event]) effective_roles_summary_table(except: [Post, User]) effective_roles_summary_table(aditionally: [Report::PostReport, User, :export])



16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
 
# File 'app/helpers/effective_roles_helper.rb', line 16

def effective_roles_summary_table(opts = {})
  raise 'Expected argument to be a Hash' unless opts.kind_of?(Hash)

  roles = Array(opts[:roles]).presence
  roles ||= [:public, :signed_in] + EffectiveRoles.roles

  if opts[:only].present?
    klasses = Array(opts[:only])
    render partial: '/effective/roles/summary_table', locals: { klasses: klasses, roles: roles }
    return
  end

  # Figure out all klasses (ActiveRecord objects)
  Rails.application.eager_load!
  tables = ActiveRecord::Base.connection.tables - ['schema_migrations', 'delayed_jobs', 'active_storage_attachments']

  klasses = ActiveRecord::Base.descendants.select do |model|
    (model.respond_to?(:table_name) && tables.include?(model.table_name))
  end

  if opts[:except]
    klasses = klasses - Array(opts[:except])
  end

  if opts[:plus]
    klasses = klasses + Array(opts[:plus])
  end

  klasses = klasses.sort do |a, b|
    a = a.respond_to?(:name) ? a.name : a.to_s
    b = b.respond_to?(:name) ? b.name : b.to_s

    a_namespaces = a.split('::')
    b_namespaces = b.split('::')

    if a_namespaces.length != b_namespaces.length
      a_namespaces.length <=> b_namespaces.length
    else
      a <=> b
    end
  end

  if opts[:additionally]
    klasses = klasses + Array(opts[:additionally])
  end

  render partial: '/effective/roles/summary_table', locals: { klasses: klasses, roles: roles }
end