Module: Hyrax::Ability

Extended by:

ActiveSupport::Concern

Defined in:

app/models/concerns/hyrax/ability.rb,
app/models/concerns/hyrax/ability/resource_ability.rb,
app/models/concerns/hyrax/ability/admin_set_ability.rb,
app/models/concerns/hyrax/ability/collection_ability.rb,
app/models/concerns/hyrax/ability/solr_document_ability.rb,
app/models/concerns/hyrax/ability/collection_type_ability.rb,
app/models/concerns/hyrax/ability/flexible_metadata_ability.rb,
app/models/concerns/hyrax/ability/permission_template_ability.rb

Overview

TODO:

catalog and document the actions we authorize here. everything we allow or disable from this module should be clear to application side adopters.

Note:

This is intended as a mixin layered over Blacklight::AccessControls::Ability and Hydra::AccessControls. Its implementation may depend in part on behavioral details of either of those two mixins. As of Hyrax 3.0.0 there’s an ongoing effort to clarify and document the specific dependencies.

Provides Hyrax’s engine level user/group authorizations.

Authorization (allow or deny) of the following actions is managed by the rules defined here:

- read:
- show:
- edit:
- update:
- create:
- discover:
- manage:
- download:
- destroy:
- collect:
- toggle_trophy:
- transfer:
- accept:
- reject:
- manage_any:
- create_any:
- view_admin_show_any:
- review:
- create_collection_type:

Examples:

creating an application Ability

# app/models/ability.rb
class Ability
  include Hydra::Ability
  include Hyrax::Ability
end

See Also:

• https://www.rubydoc.info/github/CanCanCommunity/cancancan
• https://www.rubydoc.info/gems/blacklight-access_controls/

Defined Under Namespace

Modules: AdminSetAbility, CollectionAbility, CollectionTypeAbility, FlexibleMetadataAbility, PermissionTemplateAbility, ResourceAbility, SolrDocumentAbility

Instance Method Summary

• #admin? ⇒ Boolean

  Override this method in your ability model if you use a different group or other logic to designate an administrator.

• #can_create_any_work? ⇒ Boolean

  Returns true if can create at least one type of work and they can deposit into at least one AdminSet.

• #download_groups(id) ⇒ Object

  Samvera doesn’t use download user/groups, so make it an alias to read Grant all groups with read or edit access permission to download.

• #download_users(id) ⇒ Object

  Grant all users with read or edit access permission to download.

Instance Method Details

#admin? ⇒ Boolean

Override this method in your ability model if you use a different group or other logic to designate an administrator.

Returns:

• (Boolean)

# File 'app/models/concerns/hyrax/ability.rb', line 116

def admin?
  user_groups.include? admin_group_name
end

#can_create_any_work? ⇒ Boolean

Returns true if can create at least one type of work and they can deposit into at least one AdminSet

Returns:

• (Boolean)

# File 'app/models/concerns/hyrax/ability.rb', line 108

def can_create_any_work?
  curation_concerns_models.any? do |curation_concern_type|
    can?(:create, curation_concern_type)
  end && admin_set_with_deposit?
end

#download_groups(id) ⇒ Object

Samvera doesn’t use download user/groups, so make it an alias to read Grant all groups with read or edit access permission to download

# File 'app/models/concerns/hyrax/ability.rb', line 89

def download_groups(id)
  doc = permissions_doc(id)
  return [] if doc.nil?
  groups = Array(doc[self.class.read_group_field]) + Array(doc[self.class.edit_group_field])
  Hyrax.logger.debug("[CANCAN] download_groups: #{groups.inspect}")
  groups
end

#download_users(id) ⇒ Object

Grant all users with read or edit access permission to download

# File 'app/models/concerns/hyrax/ability.rb', line 98

def download_users(id)
  doc = permissions_doc(id)
  return [] if doc.nil?
  users = Array(doc[self.class.read_user_field]) + Array(doc[self.class.edit_user_field])
  Hyrax.logger.debug("[CANCAN] download_users: #{users.inspect}")
  users
end