Module: Marty::Permissions

Included in:
Form, Grid, MainAuthApp, Marty::Postings::NewForm, Tree
Defined in:
lib/marty/permissions.rb

Constant Summary collapse

NETZKE_ENDPOINTS =

FIXME: for backwards compatibility returns true if permission is not specified in has_marty_permissions

[:create, :read, :update, :delete].freeze

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.extended(mod) ⇒ Object

FIXME: hack to override Netzke invoke endpoint for classes with Marty::Permissions



70
71
72
73
74
75
76
77
78
79
80
 
# File 'lib/marty/permissions.rb', line 70

def self.extended(mod)
  mod.class_exec do
    def invoke_endpoint(endpoint, params, configs = [])
      return super(endpoint, params, configs) if self.class.can_call_endpoint?(endpoint)

      self.client = Netzke::Core::EndpointResponse.new
      client.netzke_notify 'Permission Denied'
      client
    end
  end
end

Instance Method Details

#can_call_endpoint?(endpoint) ⇒ Boolean

Returns:

  • (Boolean) 


58
59
60
61
62
63
64
65
66
 
# File 'lib/marty/permissions.rb', line 58

def can_call_endpoint?(endpoint)
  # Netzke endpoints access is controlled by Netzke permissions
  return true if NETZKE_ENDPOINTS.include?(endpoint.to_sym)

  return true unless respond_to?(:marty_permissions)
  return true unless marty_permissions.key?(endpoint.to_sym)

  can_perform_action?(endpoint)
end

#can_perform_action?(action) ⇒ Boolean

Returns:

  • (Boolean) 


20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/marty/permissions.rb', line 20

def can_perform_action?(action)
  return false unless respond_to?(:marty_permissions)

  roles = current_user_roles
  roles = roles << :any if has_any_perm?

  aroles = marty_permissions[action.to_sym] || []
  # TODO: Use code below when switching to Ruby 2.1
  # Set[ *aroles].intersect? roles.to_set
  !(Set[*aroles] & roles.to_set).empty?
end

#can_perform_actionsObject 



32
33
34
35
36
37
38
39
40
41
42
43
 
# File 'lib/marty/permissions.rb', line 32

def can_perform_actions
  return [] unless respond_to?(:marty_permissions)

  roles = current_user_roles
  roles = roles << :any if has_any_perm?

  marty_permissions.map do |action, aroles|
    # TODO: Use code below when switching to Ruby 2.1
    # action if Set[ *aroles].intersect? roles.to_set
    action unless (Set[*aroles] & roles.to_set).empty?
  end.compact
end

#current_user_rolesObject 



15
16
17
18
 
# File 'lib/marty/permissions.rb', line 15

def current_user_roles
  user_roles = Mcfly.whodunnit.user_roles rescue []
  user_roles.map { |r| r.role.to_sym }.to_set
end

#has_any_perm?Boolean

Returns:

  • (Boolean) 


45
46
47
 
# File 'lib/marty/permissions.rb', line 45

def has_any_perm?
  current_user_roles.any?
end

#has_marty_permissions(attrs) ⇒ Object

Call using following format

has_marty_permissions   create: [:dev, :admin],
                        read: :any,
                        update: :admin,
                        delete: []

:any gives permission to the action if user belongs to at least 1 role



9
10
11
12
13
 
# File 'lib/marty/permissions.rb', line 9

def has_marty_permissions(attrs)
  raise 'bad attrs' unless attrs.is_a?(Hash)

  define_singleton_method(:marty_permissions) { attrs }
end

#has_perm?(role) ⇒ Boolean

Returns:

  • (Boolean) 


49
50
51
 
# File 'lib/marty/permissions.rb', line 49

def has_perm?(role)
  current_user_roles.member? role.to_sym
end