Module: Motor::BuildSchema::ApplyPermissions

Defined in:
lib/motor/build_schema/apply_permissions.rb

Class Method Summary collapse

Class Method Details

.call(schema, ability) ⇒ Object


8
9
10
11
12
13
14
15
16
17
18
19
20
# File 'lib/motor/build_schema/apply_permissions.rb', line 8

def call(schema, ability)
  schema.map do |model|
    klass = model[:class_name].constantize

    next unless ability.can?(:read, klass)

    model[:associations] = filter_associations(model[:associations], ability)
    model[:columns] = filter_columns(klass, model[:columns], ability)
    model[:actions] = filter_actions(klass, model[:actions], ability)

    model
  end.compact
end

.filter_actions(model, actions, ability) ⇒ Object


43
44
45
46
47
# File 'lib/motor/build_schema/apply_permissions.rb', line 43

def filter_actions(model, actions, ability)
  actions.select do |action|
    ability.can?(action[:name].to_sym, model)
  end
end

.filter_associations(associations, ability) ⇒ Object


22
23
24
25
26
# File 'lib/motor/build_schema/apply_permissions.rb', line 22

def filter_associations(associations, ability)
  associations.select do |assoc|
    ability.can?(:read, assoc[:model_name].classify.constantize)
  end
end

.filter_columns(model, columns, ability) ⇒ Object


28
29
30
31
32
33
34
35
36
37
38
39
40
41
# File 'lib/motor/build_schema/apply_permissions.rb', line 28

def filter_columns(model, columns, ability)
  columns.map do |column|
    next unless ability.can?(:read, model, column[:name])

    next if column.dig(:reference, :model_name).present? &&
            !ability.can?(:read, column[:reference][:model_name].classify.constantize)

    unless ability.can?(:update, model, column[:name])
      column = column.merge(access_type: BuildSchema::ColumnAccessTypes::READ_ONLY)
    end

    column
  end.compact
end