Class: Reactor::Permission::PermissionProxy

Inherits:

Object

• Object
• Reactor::Permission::PermissionProxy

Defined in:

lib/reactor/permission.rb

Overview

This class acts as a proxy to underlying permission checking classes. There are three possible cases for each permission type (live, read, write, root, create_children):

1. Given user is SuperUser - all permissions granted

2. Given user has the permission

3. Given user doesn’t have the permission

Instance Method Summary

• #clear(permission) ⇒ Object

  Takes away the given permission from all groups currently set.

• #create_children?(user = nil) ⇒ Boolean

  Returns true if given user (or current user, if none given) has ‘create_children’ permission.

• #delete?(user = nil) ⇒ Boolean
• #edit?(user = nil) ⇒ Boolean
• #grant(permission, groups) ⇒ Object

  Grants the given groups the given permission, without effecting already existing groups.

• #initialize(obj) ⇒ PermissionProxy constructor

  :nodoc:.

• #live?(user = nil) ⇒ Boolean

  Returns true if given user (or current user, if none given) has ‘live’ permission.

• #read?(user = nil) ⇒ Boolean

  Returns true if given user (or current user, if none given) has ‘read’ permission.

• #release?(user = nil) ⇒ Boolean

  Returns true if given user has permissions required to release an object (the exact permissions depend on the state of the object).

• #revert?(user = nil) ⇒ Boolean
• #revoke(permission, groups) ⇒ Object

  Takes away the given permission from the given groups, without effecting already existing groups.

• #root?(user = nil) ⇒ Boolean

  Returns true if given user (or current user, if none given) has ‘root’ permission.

• #set(permission, groups) ⇒ Object

  Setter to overwrite the current groups for the given permission with the given groups.

• #take?(user = nil) ⇒ Boolean
• #write?(user = nil) ⇒ Boolean

  Returns true if given user (or current user, if none given) has ‘write’ permission.

Constructor Details

#initialize(obj) ⇒ PermissionProxy

:nodoc:

# File 'lib/reactor/permission.rb', line 115

def initialize(obj) #:nodoc:
  @obj = obj
  @cache = Reactor::Cache::Permission.instance
  @lookup = PermissionLookup.new(obj)
end

Instance Method Details

#clear(permission) ⇒ Object

Takes away the given permission from all groups currently set.

# File 'lib/reactor/permission.rb', line 206

def clear(permission)
  identifier = identifier(permission)

  crul_obj.permission_clear(identifier)
end

#create_children?(user = nil) ⇒ Boolean

Returns true if given user (or current user, if none given) has ‘create_children’ permission

Returns:

• (Boolean)

# File 'lib/reactor/permission.rb', line 142

def create_children?(user = nil)
  granted?(user, :root) || granted?(user, :create_children)
end

#delete?(user = nil) ⇒ Boolean

Returns:

• (Boolean)

See Also:

• #root?

# File 'lib/reactor/permission.rb', line 147

def delete?(user = nil)
  root?(user)
end

#edit?(user = nil) ⇒ Boolean

Returns:

• (Boolean)

See Also:

• #write?

# File 'lib/reactor/permission.rb', line 162

def edit?(user = nil)
  write?(user)
end

#grant(permission, groups) ⇒ Object

Grants the given groups the given permission, without effecting already existing groups.

# File 'lib/reactor/permission.rb', line 189

def grant(permission, groups)
  identifier = identifier(permission)

  groups = [groups] if groups.kind_of?(::String)
  crul_obj.permission_grant(identifier, groups)
end

#live?(user = nil) ⇒ Boolean

Returns true if given user (or current user, if none given) has ‘live’ permission

Returns:

• (Boolean)

# File 'lib/reactor/permission.rb', line 122

def live?(user=nil)
  granted?(user, :live)
end

#read?(user = nil) ⇒ Boolean

Returns true if given user (or current user, if none given) has ‘read’ permission

Returns:

• (Boolean)

# File 'lib/reactor/permission.rb', line 127

def read?(user = nil)
  granted?(user, :root) || granted?(user, :read)
end

#release?(user = nil) ⇒ Boolean

Returns true if given user has permissions required to release an object (the exact permissions depend on the state of the object)

Returns:

• (Boolean)

# File 'lib/reactor/permission.rb', line 168

def release?(user = nil)
  if !has_workflow?
    # NOTE: order matters for speed
    write?(user) || root?(user)
  else
    # this is slow
    root?(user) || (has_workflow_api? && obj.workflow.release?)
  end
end

#revert?(user = nil) ⇒ Boolean

Returns:

• (Boolean)

See Also:

• #write?

# File 'lib/reactor/permission.rb', line 157

def revert?(user = nil)
  write?(user)
end

#revoke(permission, groups) ⇒ Object

Takes away the given permission from the given groups, without effecting already existing groups.

# File 'lib/reactor/permission.rb', line 198

def revoke(permission, groups)
  identifier = identifier(permission)

  groups = [groups] if groups.kind_of?(::String)
  crul_obj.permission_revoke(identifier, groups)
end

#root?(user = nil) ⇒ Boolean

Returns true if given user (or current user, if none given) has ‘root’ permission

Returns:

• (Boolean)

# File 'lib/reactor/permission.rb', line 137

def root?(user = nil)
  granted?(user, :root)
end

#set(permission, groups) ⇒ Object

Setter to overwrite the current groups for the given permission with the given groups.

# File 'lib/reactor/permission.rb', line 180

def set(permission, groups)
  identifier = identifier(permission)

  groups = [groups] if groups.kind_of?(::String)
  crul_obj.permission_set(identifier, groups)
end

#take?(user = nil) ⇒ Boolean

Returns:

• (Boolean)

See Also:

• #write?

# File 'lib/reactor/permission.rb', line 152

def take?(user = nil)
  write?(user)
end

#write?(user = nil) ⇒ Boolean

Returns true if given user (or current user, if none given) has ‘write’ permission

Returns:

• (Boolean)

# File 'lib/reactor/permission.rb', line 132

def write?(user = nil)
  granted?(user, :root) || granted?(user, :write)
end