Class: Lanes::User

Inherits:

Model

• Object
• ActiveRecord::Base
• Model
• Lanes::User

Defined in:

lib/lanes/access/user.rb

Constant Summary

USER_EDITABLE_ATTRIBUTES =

We override the default implementation so that we can gaurantee that the current user can always update their own information

[:name, :email, :password]

Class Method Summary

• .can_write_attributes?(attr, user) ⇒ Boolean
• .current ⇒ User

  If all that’s needed is the user’s id, see ‘current_id`, that method does not not attempt to instantiate a User Defaults to nil.

• .current_id ⇒ Fixnum

  Retrieve the current id of the user we’re proxying for.

• .scoped_to(user) ⇒ UserProxy

  sets the user for the duration of the block.

Instance Method Summary

• #can_delete?(model, id) ⇒ Boolean

  Can the User delete the model?.

• #can_read?(model, attribute = nil) ⇒ Boolean

  Can the User view the model?.

• #can_write?(model, attribute = nil) ⇒ Boolean

  Can the User create and update the model?.

• #can_write_attributes?(attr, user) ⇒ Boolean
• #roles ⇒ Object
• #setting_attribute_is_allowed?(name, user) ⇒ Boolean
• #workspace_data ⇒ Object

Methods included from Concerns::ApiAttributeAccess

#_set_attribute_data_from_collection, #set_attribute_data

Class Method Details

.can_write_attributes?(attr, user) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/lanes/access/user.rb', line 53

def self.can_write_attributes?( attr, user )
    ( attr[:id] && attr[:id].to_i == user.id ) ? true : super
end

.current ⇒ User

If all that’s needed is the user’s id, see ‘current_id`, that method does not not attempt to instantiate a User Defaults to nil

Returns:

• (User) —

  The user who’s currently interacting with Lanes.

# File 'lib/lanes/access/user.rb', line 63

def self.current
    uid = Thread.current[:lanes_current_user]
    if uid.is_a?(User)
        uid
    else
        user = Thread.current[:lanes_current_user] = User.find_by_id(uid)
        return user ? user.id : nil
    end
end

.current_id ⇒ Fixnum

Retrieve the current id of the user we’re proxying for. get’s a bit complicated since we can proxy both for a user object or just the user’s id

Returns:

• (Fixnum) —

  current user’s ID. If the current user is not set, returns 0

# File 'lib/lanes/access/user.rb', line 77

def self.current_id
    uid = Thread.current[:lanes_current_user]
    if uid.nil?
        0
    elsif uid.is_a?(User)
        uid.id
    else
        uid
    end
end

.scoped_to(user) ⇒ UserProxy

sets the user for the duration of the block

Examples:

Inside a Rails controller

class DocumentsController < ApplicationController
    around_filter :set_lanes_user

    # update's the Document's owner to current
    # But sets all the notes to be owned by admin
    def update_owner
        doc = Document.find(params[:id])
        doc.current_owner = Lanes::User.current
        Lanes::User.scoped_to( admin_user ) do
            doc.notes.each{ |note| note.set_owner_to_current! } # will set to Lanese::User.current
        end
    end

    private

    def set_lanes_user
        Lanes::User.scoped_to( session[:user_id] ) do
             yield
        end
     end
 end

Returns:

• (UserProxy) —

  self

# File 'lib/lanes/access/user.rb', line 114

def self.scoped_to( user )
    prev_user, Thread.current[:lanes_current_user] = self.current, user
    yield user
ensure
    Thread.current[:lanes_current_user] = prev_user
end

Instance Method Details

#can_delete?(model, id) ⇒ Boolean

Returns Can the User delete the model?.

Parameters:

• model (Lanes::Model)
• id (Numberic) —

  the id for the model

Returns:

• (Boolean) —

  Can the User delete the model?

# File 'lib/lanes/access/user.rb', line 40

def can_delete?(model, id)
    roles.can_delete?(model, id)
end

#can_read?(model, attribute = nil) ⇒ Boolean

Returns Can the User view the model?.

Parameters:

• model (Lanes::Model)
• attribute (Symbol) (defaults to: nil)

Returns:

• (Boolean) —

  Can the User view the model?

# File 'lib/lanes/access/user.rb', line 26

def can_read?(model, attribute = nil)
    roles.can_read?(model, attribute)
end

#can_write?(model, attribute = nil) ⇒ Boolean

Returns Can the User create and update the model?.

Parameters:

• model (Lanes::Model)
• attribute (Symbol) (defaults to: nil)

Returns:

• (Boolean) —

  Can the User create and update the model?

# File 'lib/lanes/access/user.rb', line 33

def can_write?(model, attribute = nil)
    roles.can_write?(model, attribute)
end

#can_write_attributes?(attr, user) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/lanes/access/user.rb', line 50

def can_write_attributes?( attr, user )
    ( !new_record? && user.id == self.id ) ? true : super
end

#roles ⇒ Object

# File 'lib/lanes/access/user.rb', line 13

def roles
    @cached_roles ||= Access::RoleCollection.new(self)
end

#setting_attribute_is_allowed?(name, user) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/lanes/access/user.rb', line 47

def setting_attribute_is_allowed?(name, user)
    ( !new_record? && user.id == self.id && USER_EDITABLE_ATTRIBUTES.include?(name) ) ? true : super
end

#workspace_data ⇒ Object

# File 'lib/lanes/access/user.rb', line 17

def workspace_data
    my_data = attributes.slice('id','login','name','email','created_at',
      'created_by','updated_at','updated_by','role_names')
    { user: my_data, access: Access.for_user(self) }
end