Class: Kaui::Ability

Inherits:
Object
  • Object
show all
Includes:
CanCan::Ability
Defined in:
app/models/kaui/ability.rb

Instance Method Summary collapse

Constructor Details

#initialize(user) ⇒ Ability

Returns a new instance of Ability.



5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'app/models/kaui/ability.rb', line 5

def initialize(user)
  if Kaui.demo_mode
    # Show the links, the server will enforce permissions
    can :manage, :all
    return
  end

  # user is a Kaui::User object (from Devise)
  user.permissions.each do |permission|
    # permission is something like invoice:item_adjust or payment:refund
    # We rely on a naming convention where the left part refers to a Kaui model
    model, action = permission_to_model_action(permission)
    if model == '*' and action == '*'
      # All permissions!
      can :manage, :all
    elsif model == '*' and action != '*'
      # TODO
    elsif action == '*'
      # TODO Not sure the :all is really working (but we don't use it)
      can :all, ('Kaui::' + model.camelize).constantize rescue nil
    else
      can action.to_sym, ('Kaui::' + model.camelize).constantize rescue nil
    end
  end
rescue KillBillClient::API::Unauthorized => _
end

Instance Method Details

#permission_to_model_action(permission) ⇒ Object 



32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
 
# File 'app/models/kaui/ability.rb', line 32

def permission_to_model_action(permission)
  #
  # Permissions are defined in Kill Kill apis (https://github.com/killbill/killbill-api/blob/master/src/main/java/org/killbill/billing/security/Permission.java)
  # and they look something like 'invoice:item_adjust' or 'payment:refund', where the first part is the Kill Bill module and the second the action.
  #
  # For most of those the Kill Bill module maps to the Kaui model, but for a few, the naming convention breaks, so in order to keep the API clean, we do the fix up
  # in KAUI itself:
  #
  to_be_model, action = permission.split(':')
  # Currently the only actions implemented for overdue and catalog (upload_config) are those implemented at the tenant level:
  if %w(tenant overdue catalog).include?(to_be_model)
    to_be_model = 'admin_tenant'
  end
  if to_be_model == 'entitlement'
    to_be_model = 'subscription'
  end

  [to_be_model, action]
end