Class: Hyrax::EditPermissionsService

Inherits:

Object

• Object
• Hyrax::EditPermissionsService

Defined in:

app/services/hyrax/edit_permissions_service.rb

Overview

Encapsulates the logic to determine which object permissions may be edited by a given user

- user is permitted to update any work permissions coming ONLY from collections they manage
- user is not permitted to update a work permission if it comes from a collection they do not manage, even if also from a managed collection
- user is permitted to update only non-manager permissions from any Collections
- user is permitted to update any non-collection permissions

Defined Under Namespace

Classes: BlockedPermissions, PermissionPresenter

Instance Attribute Summary

• #depositor ⇒ Object readonly

  Returns the value of attribute depositor.

• #unauthorized_collection_managers ⇒ Object readonly

  Returns the value of attribute unauthorized_collection_managers.

Class Method Summary

• .build_service_object_from(form:, ability:) ⇒ Hyrax::EditPermissionService

Instance Method Summary

• #cannot_edit_permissions?(permission_hash) ⇒ Boolean private

  True if user cannot edit the given permissions.

• #excluded_permission?(permission_hash) ⇒ Boolean private

  True if given permissions are one of fixed exclusions.

• #initialize(object:, ability:) ⇒ EditPermissionsService constructor

  A new instance of EditPermissionsService.

• #with_applicable_permission(permission_hash:) { ... } ⇒ Object

  This method either:.

Constructor Details

#initialize(object:, ability:) ⇒ EditPermissionsService

Returns a new instance of EditPermissionsService.

Parameters:

• object (#depositor, #admin_set_id, #member_of_collection_ids) —

  GenericWorkForm (if called for object) or GenericWork (if called for file set)

• ability (Ability) —

  user’s current_ability

# File 'app/services/hyrax/edit_permissions_service.rb', line 38

def initialize(object:, ability:)
  @object = object
  @ability = ability
  @depositor = object.depositor
  unauthorized = manager_permissions_to_block
  @unauthorized_managers = unauthorized.unauthorized_managers
  @unauthorized_collection_managers = unauthorized.unauthorized_collection_managers
end

Instance Attribute Details

#depositor ⇒ Object (readonly)

Returns the value of attribute depositor.

# File 'app/services/hyrax/edit_permissions_service.rb', line 34

def depositor
  @depositor
end

#unauthorized_collection_managers ⇒ Object (readonly)

Returns the value of attribute unauthorized_collection_managers.

# File 'app/services/hyrax/edit_permissions_service.rb', line 34

def unauthorized_collection_managers
  @unauthorized_collection_managers
end

Class Method Details

.build_service_object_from(form:, ability:) ⇒ Hyrax::EditPermissionService

Note:

form object.class = SimpleForm::FormBuilder

For works (i.e. GenericWork):
- form object.object = Hyrax::GenericWorkForm
- form object.object.model = GenericWork
- use the work itself
For file_sets:
- form object.object.class = FileSet
- use work the file_set is in
No other object types are supported by this view. %>

Parameters:

• form (SimpleForm::FormBuilder)
• current_ability (Ability)

Returns:

• (Hyrax::EditPermissionService)

Since:

• v3.0.0

# File 'app/services/hyrax/edit_permissions_service.rb', line 26

def self.build_service_object_from(form:, ability:)
  if form.object.respond_to?(:model) && form.object.model.work?
    new(object: form.object, ability: ability)
  elsif form.object.file_set?
    new(object: form.object.in_works.first, ability: ability)
  end
end

Instance Method Details

#cannot_edit_permissions?(permission_hash) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

TODO:

refactor this code to use “can_edit?”; Thinking in negations can be challenging.

Returns true if user cannot edit the given permissions.

Parameters:

• permission_hash (Hash) —

  one set of permission fields for object :access

Returns:

• (Boolean) —

  true if user cannot edit the given permissions

# File 'app/services/hyrax/edit_permissions_service.rb', line 52

def cannot_edit_permissions?(permission_hash)
  permission_hash.fetch(:access) == "edit" && @unauthorized_managers.include?(permission_hash.fetch(:name))
end

#excluded_permission?(permission_hash) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns true if given permissions are one of fixed exclusions.

Parameters:

• permission_hash (Hash) —

  one set of permission fields for object :access

Returns:

• (Boolean) —

  true if given permissions are one of fixed exclusions

# File 'app/services/hyrax/edit_permissions_service.rb', line 60

def excluded_permission?(permission_hash)
  exclude_from_display.include? permission_hash.fetch(:name).downcase
end

#with_applicable_permission(permission_hash:) { ... } ⇒ Object

This method either:

• returns false if the given permission_hash is part of the fixed exclusions.

• yields a PermissionPresenter to provide additional logic and text for rendering

Parameters:

• permission_hash (Hash<:name, :access>)

Yields:

• PermissionPresenter

Returns:

• false if the given permission_hash is a fixed exclusion

See Also:

• #excluded_permission?

# File 'app/services/hyrax/edit_permissions_service.rb', line 76

def with_applicable_permission(permission_hash:)
  return false if excluded_permission?(permission_hash)
  yield(PermissionPresenter.new(service: self, permission_hash: permission_hash))
end