Module: Hydra::Ability

Extended by:
ActiveSupport::Concern, Deprecation
Included in:
Ability, PolicyAwareAbility
Defined in:
lib/hydra/ability.rb

Defined Under Namespace

Modules: ClassMethods

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#cacheObject (readonly)

Returns the value of attribute cache.



24
25
26
 
# File 'lib/hydra/ability.rb', line 24

def cache
  @cache
end

#current_userObject (readonly)

Returns the value of attribute current_user.



24
25
26
 
# File 'lib/hydra/ability.rb', line 24

def current_user
  @current_user
end

#sessionObject (readonly)

Returns the value of attribute session.



24
25
26
 
# File 'lib/hydra/ability.rb', line 24

def session
  @session
end

Class Method Details

.user_classObject 



20
21
22
 
# File 'lib/hydra/ability.rb', line 20

def self.user_class
  Hydra.config[:user_model] ?  Hydra.config[:user_model].constantize : ::User
end

Instance Method Details

#create_permissionsObject 



57
58
59
 
# File 'lib/hydra/ability.rb', line 57

def create_permissions
  # no op -- this is automatically run as part of self.ability_logic. Override in your own Ability class to set default create permissions.
end

#custom_permissionsObject

Override custom permissions in your own app to add more permissions beyond what is defined by default.



99
100
 
# File 'lib/hydra/ability.rb', line 99

def custom_permissions
end

#default_user_groupsObject 



44
45
46
47
 
# File 'lib/hydra/ability.rb', line 44

def default_user_groups
  # # everyone is automatically a member of the group 'public'
  ['public']
end

#download_permissionsObject

Download permissions are exercised in Hydra::Controller::DownloadBehavior



92
93
94
95
96
 
# File 'lib/hydra/ability.rb', line 92

def download_permissions
  can :download, ActiveFedora::Datastream do |ds|
    can? :read, ds.pid # i.e, can download ds if can read object
  end
end

#edit_permissionsObject 



61
62
63
64
65
66
67
68
69
70
71
72
73
74
 
# File 'lib/hydra/ability.rb', line 61

def edit_permissions
  can [:edit, :update, :destroy], String do |pid|
    test_edit(pid)
  end 

  can [:edit, :update, :destroy], ActiveFedora::Base do |obj|
    test_edit(obj.pid)
  end
   
  can [:edit, :update, :destroy], SolrDocument do |obj|
    cache.put(obj.id, obj)
    test_edit(obj.id)
  end       
end

#hydra_default_permissionsObject 



50
51
52
53
54
55
 
# File 'lib/hydra/ability.rb', line 50

def hydra_default_permissions
  logger.debug("Usergroups are " + user_groups.inspect)
  self.ability_logic.each do |method|
    send(method)
  end
end

#initialize(user, session = nil) ⇒ Object 



26
27
28
29
30
31
32
 
# File 'lib/hydra/ability.rb', line 26

def initialize(user, session=nil)
  @current_user = user || Hydra::Ability.user_class.new # guest user (not logged in)
  @user = @current_user # just in case someone was using this in an override. Just don't.
  @session = session
  @cache = Hydra::PermissionsCache.new
  hydra_default_permissions()
end

#read_permissionsObject 



76
77
78
79
80
81
82
83
84
85
86
87
88
89
 
# File 'lib/hydra/ability.rb', line 76

def read_permissions
  can :read, String do |pid|
    test_read(pid)
  end

  can :read, ActiveFedora::Base do |obj|
    test_read(obj.pid)
  end 
  
  can :read, SolrDocument do |obj|
    cache.put(obj.id, obj)
    test_read(obj.id)
  end 
end

#user_groupsObject

You can override this method if you are using a different AuthZ (such as LDAP)



35
36
37
38
39
40
41
42
 
# File 'lib/hydra/ability.rb', line 35

def user_groups
  return @user_groups if @user_groups
  
  @user_groups = default_user_groups
  @user_groups |= current_user.groups if current_user and current_user.respond_to? :groups
  @user_groups |= ['registered'] unless current_user.new_record?
  @user_groups
end