Module: EffectiveRolesHelper

Defined in:
app/helpers/effective_roles_helper.rb

Instance Method Summary collapse

Instance Method Details

#effective_roles_authorization_badge(level) ⇒ Object 



82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
 
# File 'app/helpers/effective_roles_helper.rb', line 82

def effective_roles_authorization_badge(level)
  label = defined?(EffectiveBootstrap) ? 'badge' : 'label'

  case level
  when :manage
    content_tag(:span, 'Full', class: "#{label} #{label}-primary")
  when :update
    content_tag(:span, 'Edit', class: "#{label} #{label}-success")
  when :update_own
    content_tag(:span, 'Edit Own', class: "#{label} #{label}-info")
  when :create
    content_tag(:span, 'Create', class: "#{label} #{label}-success")
  when :show
    content_tag(:span, 'Read only', class: "#{label} #{label}-warning")
  when :index
    content_tag(:span, 'Read only', class: "#{label} #{label}-warning")
  when :destroy
    content_tag(:span, 'Delete only', class: "#{label} #{label}-warning")
  when :none
    content_tag(:span, 'No Access', class: "#{label} #{label}-danger")
  when :yes
    content_tag(:span, 'Yes', class: "#{label} #{label}-primary")
  when :no
    content_tag(:span, 'No', class: "#{label} #{label}-danger")
  when :unknown
    content_tag(:span, 'Unknown', class: "#{label}")
  else
    content_tag(:span, level.to_s.titleize, class: "#{label} #{label}-info")
  end
end

#effective_roles_authorization_label(klass) ⇒ Object 



113
114
115
116
117
118
119
 
# File 'app/helpers/effective_roles_helper.rb', line 113

def effective_roles_authorization_label(klass)
  # Custom permissions
  return "#{klass.keys.first} #{klass.values.first}" if klass.kind_of?(Hash) && klass.length == 1

  klass = klass.keys.first if klass.kind_of?(Hash)
  klass.respond_to?(:name) ? klass.name : klass.to_s
end

#effective_roles_authorization_level(controller, role, resource) ⇒ Object

This is used by the effective_roles_summary_table helper method



122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
 
# File 'app/helpers/effective_roles_helper.rb', line 122

def effective_roles_authorization_level(controller, role, resource)
  authorization_method = EffectiveResources.authorization_method

  raise('expected an authorization method') unless (authorization_method.respond_to?(:call) || authorization_method.kind_of?(Symbol))
  return :unknown unless (controller.current_user rescue nil).respond_to?(:roles=)

  # Store the current ability (cancan support) and roles
  current_ability = controller.instance_variable_get(:@current_ability)
  current_user = controller.instance_variable_get(:@current_user)
  current_user_roles = controller.current_user.roles

  # Set up the user, so the check is done with the desired permission level
  controller.instance_variable_set(:@current_ability, nil)

  level = nil

  case role
  when :signed_in
    controller.current_user.roles = []
  when :public
    controller.instance_variable_set(:@current_user, nil)

    if defined?(EffectiveLogging)
      EffectiveLogging.supressed { (controller.request.env['warden'].set_user(false) rescue nil) }
    else
      (controller.request.env['warden'].set_user(false) rescue nil)
    end
  else
    controller.current_user.roles = [role]
  end

  # Find the actual authorization level
  level = effective_roles_item_authorization_level(controller, role, resource, authorization_method)

  # Restore the existing current_user stuff
  if role == :public
    ActiveRecord::Base.transaction do
      if defined?(EffectiveLogging)
        EffectiveLogging.supressed { (controller.request.env['warden'].set_user(current_user) rescue nil) }
      else
        (controller.request.env['warden'].set_user(current_user) rescue nil)
      end

      raise ActiveRecord::Rollback
    end
  end

  controller.instance_variable_set(:@current_ability, current_ability)
  controller.instance_variable_set(:@current_user, current_user)
  controller.current_user.roles = current_user_roles

  level
end

#effective_roles_item_authorization_level(controller, role, resource, auth_method) ⇒ Object 



176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
 
# File 'app/helpers/effective_roles_helper.rb', line 176

def effective_roles_item_authorization_level(controller, role, resource, auth_method)
  resource = (resource.new() rescue resource) if resource.kind_of?(ActiveRecord::Base)

  # Custom actions
  if resource.kind_of?(Hash)
    resource.each do |key, value|
      return (controller.instance_exec(controller, key, value, &auth_method) rescue false) ? :yes : :no
    end
  end

  # Check for Manage
  return :manage if (
    (controller.instance_exec(controller, :create, resource, &auth_method) rescue false) &&
    (controller.instance_exec(controller, :update, resource, &auth_method) rescue false) &&
    (controller.instance_exec(controller, :show, resource, &auth_method) rescue false) &&
    (controller.instance_exec(controller, :destroy, resource, &auth_method) rescue false)
  )

  # Check for Update
  return :update if (controller.instance_exec(controller, :update, resource, &auth_method) rescue false)

  # Check for Update Own
  if resource.respond_to?('user=')
    resource.user = controller.current_user
    return :update_own if (controller.instance_exec(controller, :update, resource, &auth_method) rescue false)
    resource.user = nil
  elsif resource.respond_to?('user_id=')
    resource.user_id = controller.current_user.id
    return :update_own if (controller.instance_exec(controller, :update, resource, &auth_method) rescue false)
    resource.user_id = nil
  elsif resource.class.name.end_with?('User')
    return :update_own if (controller.instance_exec(controller, :update, controller.current_user, &auth_method) rescue false)
  end

  # Check for Create
  return :create if (controller.instance_exec(controller, :create, resource, &auth_method) rescue false)

  # Check for Show
  return :show if (controller.instance_exec(controller, :show, resource, &auth_method) rescue false)

  # Check for Index
  return :index if (controller.instance_exec(controller, :index, resource, &auth_method) rescue false)

  # Check for Destroy
  return :destroy if (controller.instance_exec(controller, :destroy, resource, &auth_method) rescue false)

  :none
end

#effective_roles_summary(obj, options = {}) ⇒ Object

User or a Post, any acts_as_roleable



19
20
21
22
23
24
25
26
 
# File 'app/helpers/effective_roles_helper.rb', line 19

def effective_roles_summary(obj, options = {}) # User or a Post, any acts_as_roleable
  raise 'expected an acts_as_roleable object' unless obj.respond_to?(:roles)

  descriptions = EffectiveRoles.role_descriptions[obj.class.name] || EffectiveRoles.role_descriptions || {}
  opts = { obj: obj, roles: obj.roles, descriptions: descriptions }.merge(options)

  render partial: 'effective/roles/summary', locals: opts
end

#effective_roles_summary_table(opts = {}) ⇒ Object

effective_roles_summary_table(roles: [:admin, :superadmin], only: [Post, Event]) effective_roles_summary_table(except: [Post, User]) effective_roles_summary_table(aditionally: [Report::PostReport, User, :export])



33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
 
# File 'app/helpers/effective_roles_helper.rb', line 33

def effective_roles_summary_table(opts = {})
  raise 'Expected argument to be a Hash' unless opts.kind_of?(Hash)

  roles = Array(opts[:roles]).presence
  roles ||= [:public, :signed_in] + EffectiveRoles.roles

  if opts[:only].present?
    klasses = Array(opts[:only])
    render partial: '/effective/roles/summary_table', locals: { klasses: klasses, roles: roles }
    return
  end

  # Figure out all klasses (ActiveRecord objects)
  Rails.application.eager_load!
  tables = ActiveRecord::Base.connection.tables - ['schema_migrations', 'delayed_jobs', 'active_storage_attachments']

  klasses = ActiveRecord::Base.descendants.select do |model|
    (model.respond_to?(:table_name) && tables.include?(model.table_name))
  end

  if opts[:except]
    klasses = klasses - Array(opts[:except])
  end

  if opts[:plus]
    klasses = klasses + Array(opts[:plus])
  end

  klasses = klasses.sort do |a, b|
    a = a.respond_to?(:name) ? a.name : a.to_s
    b = b.respond_to?(:name) ? b.name : b.to_s

    a_namespaces = a.split('::')
    b_namespaces = b.split('::')

    if a_namespaces.length != b_namespaces.length
      a_namespaces.length <=> b_namespaces.length
    else
      a <=> b
    end
  end

  if opts[:additionally]
    klasses = klasses + Array(opts[:additionally])
  end

  render partial: '/effective/roles/summary_table', locals: { klasses: klasses, roles: roles }
end

#roles_badges(obj) ⇒ Object 



3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
 
# File 'app/helpers/effective_roles_helper.rb', line 3

def roles_badges(obj)
  roles = Array(obj.try(:roles) || obj) - [nil, '']

  if (unexpected = roles - EffectiveRoles.roles).present?
    raise "Unexpected value: #{unexpected}. Expected an acts_as_roleable object or an array of roles."
  end

  badges = roles.map do |role|
    color = EffectiveRoles.color(role)

    content_tag(:span, role, class: ("badge badge-#{color}" if color.present?), title: role.to_s.titleize)
  end

  badges.join(' ').html_safe
end