Class: EnjuLeaf::Ability

Inherits:
Object
  • Object
show all
Includes:
CanCan::Ability
Defined in:
app/models/enju_leaf/ability.rb

Instance Method Summary collapse

Constructor Details

#initialize(user, ip_address = nil) ⇒ Ability

Returns a new instance of Ability.



5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
 
# File 'app/models/enju_leaf/ability.rb', line 5

def initialize(user, ip_address = nil)

  case user.try(:role).try(:name)
  when 'Administrator'
    can :index, Profile
    can [:read, :create, :update], [User, Profile]
    can :destroy, Profile do |profile|
      if profile.user
        if profile != user.profile && profile.user.id != 1
          if defined?(EnjuCirculation)
            if profile.user.checkouts.not_returned.empty?
              true if profile.user.deletable_by?(user)
            end
          else
            true if profile.user.deletable_by?(user)
          end
        end
      else
        true
      end
    end
    can [:read, :create, :update], UserGroup
    can :destroy, UserGroup do |user_group|
      user_group.profiles.empty?
    end
    can :manage, [
      UserHasRole
    ]
    can :manage, [
      UserExportFile,
      UserImportFile
    ] if LibraryGroup.site_config.network_access_allowed?(ip_address)
    can :update, [
      Role
    ] if LibraryGroup.site_config.network_access_allowed?(ip_address)
    can :read, [
      Role,
      UserImportResult
    ] if LibraryGroup.site_config.network_access_allowed?(ip_address)
  when 'Librarian'
    can :create, Profile
    can :read, Profile do |profile|
      profile == user.profile or %w(Librarian User Guest).include?(profile.required_role.name)
    end
    can :update, Profile do |profile|
      if profile == user.profile
        true
      else
        if %w(Librarian User Guest).include?(profile.required_role.name)
          unless profile.try(:user).try(:has_role?, 'Administrator')
            true
          end
        end
      end
    end
    can :destroy, Profile do |profile|
      if profile.user
        if profile != user.profile && profile.user.id != 1
          if defined?(EnjuCirculation)
             if profile.user.checkouts.not_returned.empty?
               true if profile.user.deletable_by?(user)
             end
          else
            true if profile.user.deletable_by?(user)
          end
        end
      else
        true
      end
    end
    can :manage, [
      UserImportFile
    ] if LibraryGroup.site_config.network_access_allowed?(ip_address)
    can :read, [
      Role,
      UserGroup
    ]
    can :read, [
      UserImportResult
    ] if LibraryGroup.site_config.network_access_allowed?(ip_address)
  when 'User'
    can :show, Profile do |profile|
      profile == user.profile or %w(User Guest).include?(profile.required_role.name)
    end
    can :update, Profile do |profile|
      profile == user.profile
    end
    can :read, [
      UserGroup
    ]
  else
    can :read, [
      UserGroup
    ]
  end
end