Module: Hydra::Ability
- Extended by:
- ActiveSupport::Concern, Deprecation
- Included in:
- Ability, PolicyAwareAbility
- Defined in:
- lib/hydra/ability.rb
Defined Under Namespace
Modules: ClassMethods
Instance Attribute Summary collapse
-
#cache ⇒ Object
readonly
Returns the value of attribute cache.
-
#current_user ⇒ Object
readonly
Returns the value of attribute current_user.
-
#session ⇒ Object
readonly
Returns the value of attribute session.
Class Method Summary collapse
Instance Method Summary collapse
- #create_permissions ⇒ Object
-
#custom_permissions ⇒ Object
Override custom permissions in your own app to add more permissions beyond what is defined by default.
- #default_user_groups ⇒ Object
-
#download_permissions ⇒ Object
Download permissions are exercised in Hydra::Controller::DownloadBehavior.
- #edit_permissions ⇒ Object
- #hydra_default_permissions ⇒ Object
- #initialize(user, session = nil) ⇒ Object
- #read_permissions ⇒ Object
-
#user_groups ⇒ Object
You can override this method if you are using a different AuthZ (such as LDAP).
Instance Attribute Details
#cache ⇒ Object (readonly)
Returns the value of attribute cache.
24 25 26 |
# File 'lib/hydra/ability.rb', line 24 def cache @cache end |
#current_user ⇒ Object (readonly)
Returns the value of attribute current_user.
24 25 26 |
# File 'lib/hydra/ability.rb', line 24 def current_user @current_user end |
#session ⇒ Object (readonly)
Returns the value of attribute session.
24 25 26 |
# File 'lib/hydra/ability.rb', line 24 def session @session end |
Class Method Details
Instance Method Details
#create_permissions ⇒ Object
57 58 59 |
# File 'lib/hydra/ability.rb', line 57 def # no op -- this is automatically run as part of self.ability_logic. Override in your own Ability class to set default create permissions. end |
#custom_permissions ⇒ Object
Override custom permissions in your own app to add more permissions beyond what is defined by default.
99 100 |
# File 'lib/hydra/ability.rb', line 99 def end |
#default_user_groups ⇒ Object
44 45 46 47 |
# File 'lib/hydra/ability.rb', line 44 def default_user_groups # # everyone is automatically a member of the group 'public' ['public'] end |
#download_permissions ⇒ Object
Download permissions are exercised in Hydra::Controller::DownloadBehavior
92 93 94 95 96 |
# File 'lib/hydra/ability.rb', line 92 def can :download, ActiveFedora::Datastream do |ds| can? :read, ds.pid # i.e, can download ds if can read object end end |
#edit_permissions ⇒ Object
61 62 63 64 65 66 67 68 69 70 71 72 73 74 |
# File 'lib/hydra/ability.rb', line 61 def can [:edit, :update, :destroy], String do |pid| test_edit(pid) end can [:edit, :update, :destroy], ActiveFedora::Base do |obj| test_edit(obj.pid) end can [:edit, :update, :destroy], SolrDocument do |obj| cache.put(obj.id, obj) test_edit(obj.id) end end |
#hydra_default_permissions ⇒ Object
50 51 52 53 54 55 |
# File 'lib/hydra/ability.rb', line 50 def logger.debug("Usergroups are " + user_groups.inspect) self.ability_logic.each do |method| send(method) end end |
#initialize(user, session = nil) ⇒ Object
26 27 28 29 30 31 32 |
# File 'lib/hydra/ability.rb', line 26 def initialize(user, session=nil) @current_user = user || Hydra::Ability.user_class.new # guest user (not logged in) @user = @current_user # just in case someone was using this in an override. Just don't. @session = session @cache = Hydra::PermissionsCache.new () end |
#read_permissions ⇒ Object
76 77 78 79 80 81 82 83 84 85 86 87 88 89 |
# File 'lib/hydra/ability.rb', line 76 def can :read, String do |pid| test_read(pid) end can :read, ActiveFedora::Base do |obj| test_read(obj.pid) end can :read, SolrDocument do |obj| cache.put(obj.id, obj) test_read(obj.id) end end |
#user_groups ⇒ Object
You can override this method if you are using a different AuthZ (such as LDAP)
35 36 37 38 39 40 41 42 |
# File 'lib/hydra/ability.rb', line 35 def user_groups return @user_groups if @user_groups @user_groups = default_user_groups @user_groups |= current_user.groups if current_user and current_user.respond_to? :groups @user_groups |= ['registered'] unless current_user.new_record? @user_groups end |