Module: Hydra::Ability

Extended by:

ActiveSupport::Concern

Included in:

Ability

Defined in:

lib/hydra/ability.rb

Defined Under Namespace

Modules: ClassMethods

Instance Attribute Summary

• #cache ⇒ Object readonly

  Returns the value of attribute cache.

• #current_user ⇒ Object readonly

  Returns the value of attribute current_user.

• #session ⇒ Object readonly

  Returns the value of attribute session.

Class Method Summary

• .user_class ⇒ Object

Instance Method Summary

• #create_permissions ⇒ Object
• #custom_permissions ⇒ Object

  Override custom permissions in your own app to add more permissions beyond what is defined by default.

• #default_user_groups ⇒ Object
• #edit_permissions ⇒ Object
• #hydra_default_permissions ⇒ Object
• #initialize(user, session = nil) ⇒ Object
• #read_permissions ⇒ Object
• #user_groups ⇒ Object

  You can override this method if you are using a different AuthZ (such as LDAP).

Instance Attribute Details

#cache ⇒ Object (readonly)

Returns the value of attribute cache.

# File 'lib/hydra/ability.rb', line 23

def cache
  @cache
end

#current_user ⇒ Object (readonly)

Returns the value of attribute current_user.

# File 'lib/hydra/ability.rb', line 23

def current_user
  @current_user
end

#session ⇒ Object (readonly)

Returns the value of attribute session.

# File 'lib/hydra/ability.rb', line 23

def session
  @session
end

Class Method Details

.user_class ⇒ Object

# File 'lib/hydra/ability.rb', line 19

def self.user_class
  Hydra.config[:user_model] ?  Hydra.config[:user_model].constantize : ::User
end

Instance Method Details

#create_permissions ⇒ Object

# File 'lib/hydra/ability.rb', line 56

def create_permissions
  can :create, :all if user_groups.include? 'registered'
end

#custom_permissions ⇒ Object

Override custom permissions in your own app to add more permissions beyond what is defined by default.

# File 'lib/hydra/ability.rb', line 92

def custom_permissions
end

#default_user_groups ⇒ Object

# File 'lib/hydra/ability.rb', line 43

def default_user_groups
  # # everyone is automatically a member of the group 'public'
  ['public']
end

#edit_permissions ⇒ Object

# File 'lib/hydra/ability.rb', line 60

def edit_permissions
  can [:edit, :update, :destroy], String do |pid|
    test_edit(pid)
  end 

  can [:edit, :update, :destroy], ActiveFedora::Base do |obj|
    test_edit(obj.pid)
  end
   
  can :edit, SolrDocument do |obj|
    cache.put(obj.id, obj)
    test_edit(obj.id)
  end       
end

#hydra_default_permissions ⇒ Object

# File 'lib/hydra/ability.rb', line 49

def hydra_default_permissions
  logger.debug("Usergroups are " + user_groups.inspect)
  self.ability_logic.each do |method|
    send(method)
  end
end

#initialize(user, session = nil) ⇒ Object

# File 'lib/hydra/ability.rb', line 25

def initialize(user, session=nil)
  @current_user = user || Hydra::Ability.user_class.new # guest user (not logged in)
  @user = @current_user # just in case someone was using this in an override. Just don't.
  @session = session
  @cache = Hydra::PermissionsCache.new
  hydra_default_permissions()
end

#read_permissions ⇒ Object

# File 'lib/hydra/ability.rb', line 75

def read_permissions
  can :read, String do |pid|
    test_read(pid)
  end

  can :read, ActiveFedora::Base do |obj|
    test_read(obj.pid)
  end 
  
  can :read, SolrDocument do |obj|
    cache.put(obj.id, obj)
    test_read(obj.id)
  end 
end

#user_groups ⇒ Object

You can override this method if you are using a different AuthZ (such as LDAP)

# File 'lib/hydra/ability.rb', line 34

def user_groups
  return @user_groups if @user_groups
  
  @user_groups = default_user_groups
  @user_groups |= current_user.groups if current_user and current_user.respond_to? :groups
  @user_groups |= ['registered'] unless current_user.new_record?
  @user_groups
end