Class: Hyrax::CollectionTypes::PermissionsService

Inherits:

Object

• Object
• Hyrax::CollectionTypes::PermissionsService

Defined in:

app/services/hyrax/collection_types/permissions_service.rb

Class Method Summary

• .can_create_admin_set_collection_type?(user: nil, ability: nil) ⇒ Boolean

  Is the user a creator for admin sets collection types?.

• .can_create_any_collection_type?(user: nil, ability: nil) ⇒ Boolean

  Is the user a creator for any collection types?.

• .can_create_collection_of_type?(collection_type:, user: nil, ability: nil) ⇒ Boolean

  Get a list of collection types that a user can create.

• .can_create_collection_types(user: nil, ability: nil) ⇒ Array<Hyrax::CollectionType>

  Get a list of collection types that a user can create.

• .collection_type_ids_for_user(roles:, user: nil, ability: nil) ⇒ Array<String>

  Ids of collection types that a user can create or manage.

• .collection_types_for_user(roles:, user: nil, ability: nil) ⇒ Array<Hyrax::CollectionType>

  Instances of collection types that a user can create or manage.

• .group_edit_grants_for_collection_of_type(collection_type: nil) ⇒ Array<String>

  Get a list of group that should be added as group editors for a new collection of the specified collection type.

• .user_admin?(user, ability) ⇒ Boolean
• .user_edit_grants_for_collection_of_type(collection_type: nil) ⇒ Array<String>

  Get a list of users who should be added as user editors for a new collection of the specified collection type.

Class Method Details

.can_create_admin_set_collection_type?(user: nil, ability: nil) ⇒ Boolean

Note:

Several checks get the user’s groups from the user’s ability. The same values can be retrieved directly from a passed in ability. If calling from Abilities, pass the ability. If you try to get the ability from the user, you end up in an infinit loop.

Is the user a creator for admin sets collection types?

Parameters:

• user (User) (defaults to: nil) —

  user (required if ability is nil)

• ability (Ability) (defaults to: nil) —

  the ability coming from cancan ability check (default: nil) (required if user is nil)

Returns:

• (Boolean) —

  true if the user has permission to create collections of type admin_set

# File 'app/services/hyrax/collection_types/permissions_service.rb', line 72

def self.can_create_admin_set_collection_type?(user: nil, ability: nil)
  return false unless user.present? || ability.present?
  return true if user_admin?(user, ability)
  # both manage and create access can create collections of a type, so no need to include access in the query
  return true if Hyrax::CollectionTypeParticipant.joins(:hyrax_collection_type)
                                                 .where(agent_type: Hyrax::CollectionTypeParticipant::USER_TYPE,
                                                        agent_id: user_id(user, ability),
                                                        hyrax_collection_types: { machine_id: Hyrax::CollectionType::ADMIN_SET_MACHINE_ID }).present?
  return true if Hyrax::CollectionTypeParticipant.joins(:hyrax_collection_type)
                                                 .where(agent_type: Hyrax::CollectionTypeParticipant::GROUP_TYPE,
                                                        agent_id: user_groups(user, ability),
                                                        hyrax_collection_types: { machine_id: Hyrax::CollectionType::ADMIN_SET_MACHINE_ID }).present?
  false
end

.can_create_any_collection_type?(user: nil, ability: nil) ⇒ Boolean

Note:

Several checks get the user’s groups from the user’s ability. The same values can be retrieved directly from a passed in ability. If calling from Abilities, pass the ability. If you try to get the ability from the user, you end up in an infinit loop.

Is the user a creator for any collection types?

Parameters:

• user (User) (defaults to: nil) —

  user (required if ability is nil)

• ability (Ability) (defaults to: nil) —

  the ability coming from cancan ability check (default: nil) (required if user is nil)

Returns:

• (Boolean) —

  true if the user has permission to create collections of at least one collection type

# File 'app/services/hyrax/collection_types/permissions_service.rb', line 52

def self.can_create_any_collection_type?(user: nil, ability: nil)
  return false unless user.present? || ability.present?
  return true if user_admin?(user, ability)
  # both manage and create access can create collections of a type, so no need to include access in the query
  return true if Hyrax::CollectionTypeParticipant.where(agent_type: Hyrax::CollectionTypeParticipant::USER_TYPE,
                                                        agent_id: user_id(user, ability)).any?
  return true if Hyrax::CollectionTypeParticipant.where(agent_type: Hyrax::CollectionTypeParticipant::GROUP_TYPE,
                                                        agent_id: user_groups(user, ability)).any?
  false
end

.can_create_collection_of_type?(collection_type:, user: nil, ability: nil) ⇒ Boolean

Note:

Several checks get the user’s groups from the user’s ability. The same values can be retrieved directly from a passed in ability. If calling from Abilities, pass the ability. If you try to get the ability from the user, you end up in an infinit loop.

Get a list of collection types that a user can create

Parameters:

• collection_type (Hyrax::CollectionType) —

  the type of the collection being created

• user (User) (defaults to: nil) —

  user (required if ability is nil)

• ability (Ability) (defaults to: nil) —

  the ability coming from cancan ability check (default: nil) (required if user is nil)

Returns:

• (Boolean) —

  true if the user has permission to create collections of specified type

# File 'app/services/hyrax/collection_types/permissions_service.rb', line 110

def self.can_create_collection_of_type?(collection_type:, user: nil, ability: nil)
  manage_access_for_collection_type?(user: user, ability: ability, collection_type: collection_type) ||
    create_access_for_collection_type?(user: user, ability: ability, collection_type: collection_type)
end

.can_create_collection_types(user: nil, ability: nil) ⇒ Array<Hyrax::CollectionType>

Note:

Several checks get the user’s groups from the user’s ability. The same values can be retrieved directly from a passed in ability. If calling from Abilities, pass the ability. If you try to get the ability from the user, you end up in an infinit loop.

Get a list of collection types that a user can create

Parameters:

• user (User) (defaults to: nil) —

  user (required if ability is nil)

• ability (Ability) (defaults to: nil) —

  the ability coming from cancan ability check (default: nil) (required if user is nil)

Returns:

• (Array<Hyrax::CollectionType>) —

  array of collection types the user can create

# File 'app/services/hyrax/collection_types/permissions_service.rb', line 96

def self.can_create_collection_types(user: nil, ability: nil)
  collection_types_for_user(user: user, ability: ability, roles: [Hyrax::CollectionTypeParticipant::MANAGE_ACCESS, Hyrax::CollectionTypeParticipant::CREATE_ACCESS])
end

.collection_type_ids_for_user(roles:, user: nil, ability: nil) ⇒ Array<String>

Note:

Several checks get the user’s groups from the user’s ability. The same values can be retrieved directly from a passed in ability. If calling from Abilities, pass the ability. If you try to get the ability from the user, you end up in an infinit loop.

Ids of collection types that a user can create or manage

Parameters:

• roles (String) —

  type of access, Hyrax::CollectionTypeParticipant::MANAGE_ACCESS and/or Hyrax::CollectionTypeParticipant::CREATE_ACCESS

• user (User) (defaults to: nil) —

  user (required if ability is nil)

• ability (Ability) (defaults to: nil) —

  the ability coming from cancan ability check (default: nil) (required if user is nil)

Returns:

• (Array<String>) —

  ids for collection types for which a user has the specified role

# File 'app/services/hyrax/collection_types/permissions_service.rb', line 14

def self.collection_type_ids_for_user(roles:, user: nil, ability: nil)
  return false unless user.present? || ability.present?
  return Hyrax::CollectionType.all.pluck('DISTINCT id') if user_admin?(user, ability)
  Hyrax::CollectionTypeParticipant.where(agent_type: Hyrax::CollectionTypeParticipant::USER_TYPE,
                                         agent_id: user_id(user, ability),
                                         access: roles)
                                  .or(
                                    Hyrax::CollectionTypeParticipant.where(agent_type: Hyrax::CollectionTypeParticipant::GROUP_TYPE,
                                                                           agent_id: user_groups(user, ability),
                                                                           access: roles)
                                  ).pluck('DISTINCT hyrax_collection_type_id')
end

.collection_types_for_user(roles:, user: nil, ability: nil) ⇒ Array<Hyrax::CollectionType>

Note:

Several checks get the user’s groups from the user’s ability. The same values can be retrieved directly from a passed in ability. If calling from Abilities, pass the ability. If you try to get the ability from the user, you end up in an infinit loop.

Instances of collection types that a user can create or manage

Parameters:

• roles (String) —

  type of access, Hyrax::CollectionTypeParticipant::MANAGE_ACCESS and/or Hyrax::CollectionTypeParticipant::CREATE_ACCESS

• user (User) (defaults to: nil) —

  user (required if ability is nil)

• ability (Ability) (defaults to: nil) —

  the ability coming from cancan ability check (default: nil) (required if user is nil)

Returns:

• (Array<Hyrax::CollectionType>) —

  instances of collection types for which a user has the specified role

# File 'app/services/hyrax/collection_types/permissions_service.rb', line 37

def self.collection_types_for_user(roles:, user: nil, ability: nil)
  return false unless user.present? || ability.present?
  return Hyrax::CollectionType.all if user_admin?(user, ability)
  Hyrax::CollectionType.where(id: collection_type_ids_for_user(user: user, roles: roles, ability: ability))
end

.group_edit_grants_for_collection_of_type(collection_type: nil) ⇒ Array<String>

Note:

Several checks get the user’s groups from the user’s ability. The same values can be retrieved directly from a passed in ability. If calling from Abilities, pass the ability. If you try to get the ability from the user, you end up in an infinit loop.

Get a list of group that should be added as group editors for a new collection of the specified collection type

Parameters:

• collection_type (Hyrax::CollectionType) (defaults to: nil) —

  the type of the collection being created

Returns:

• (Array<String>) —

  array of group identifiers (typically groupname) for groups who can edit collections of this type

# File 'app/services/hyrax/collection_types/permissions_service.rb', line 204

def self.group_edit_grants_for_collection_of_type(collection_type: nil)
  return [] unless collection_type
  groups = Hyrax::CollectionTypeParticipant.joins(:hyrax_collection_type).where(hyrax_collection_type_id: collection_type.id,
                                                                                agent_type: Hyrax::CollectionTypeParticipant::GROUP_TYPE,
                                                                                access: Hyrax::CollectionTypeParticipant::MANAGE_ACCESS).pluck('DISTINCT agent_id')
  groups | ['admin']
end

.user_admin?(user, ability) ⇒ Boolean

Returns:

• (Boolean)

# File 'app/services/hyrax/collection_types/permissions_service.rb', line 219

def self.user_admin?(user, ability)
  # if called from abilities class, use ability instead of user; otherwise, you end up in an infinite loop
  return ability.admin? if ability.present?
  user.ability.admin?
end

.user_edit_grants_for_collection_of_type(collection_type: nil) ⇒ Array<String>

Note:

Several checks get the user’s groups from the user’s ability. The same values can be retrieved directly from a passed in ability. If calling from Abilities, pass the ability. If you try to get the ability from the user, you end up in an infinit loop.

Get a list of users who should be added as user editors for a new collection of the specified collection type

Parameters:

• collection_type (Hyrax::CollectionType) (defaults to: nil) —

  the type of the collection being created

Returns:

• (Array<String>) —

  array of user identifiers (typically emails) for users who can edit collections of this type

# File 'app/services/hyrax/collection_types/permissions_service.rb', line 189

def self.user_edit_grants_for_collection_of_type(collection_type: nil)
  return [] unless collection_type
  Hyrax::CollectionTypeParticipant.joins(:hyrax_collection_type).where(hyrax_collection_type_id: collection_type.id,
                                                                       agent_type: Hyrax::CollectionTypeParticipant::USER_TYPE,
                                                                       access: Hyrax::CollectionTypeParticipant::MANAGE_ACCESS).pluck('DISTINCT agent_id')
end