Class: Permission

Inherits:

Sequel::Model

• Object
• Sequel::Model
• Permission

Includes:

ASModel

Defined in:

backend/app/model/permission.rb

Constant Summary

Constants included from JSONModel

JSONModel::REFERENCE_KEY_REGEX

Class Method Summary

• .define(code, description, opts = {}) ⇒ Object
• .derived?(code) ⇒ Boolean
• .derived_permissions_for(code) ⇒ Object
• .hide(code) ⇒ Object

  These methods provide a mechanism for plugins to hide (or show) permissions that are not relevant due to customizations made by the plugin.

• .show(code) ⇒ Object

Methods included from ASModel

all_models, included, update_publish_flag, update_suppressed_flag

Methods included from JSONModel

JSONModel, #JSONModel, add_error_handler, all, allow_unmapped_enum_value, backend_url, check_valid_refs, client_mode?, custom_validations, destroy_model, enum_default_value, enum_values, handle_error, init, load_schema, #models, models, parse_jsonmodel_ref, parse_reference, repository, repository_for, schema_src, set_publish_flags!, set_repository, strict_mode, strict_mode?, validate_schema, with_repository

Class Method Details

.define(code, description, opts = {}) ⇒ Object

# File 'backend/app/model/permission.rb', line 20

def self.define(code, description, opts = {})
  if opts[:implied_by]
    # Derived permissions aren't actually stored in the database: we just add
    # them to the user's list of permissions at query time.
    @derived_permissions << opts.merge(:permission_code => code,
                                       :description => description)

    return
  end

  opts[:level] ||= "repository"

  opts[:system] = (opts[:system] ? 1 : 0)

  permission = (Permission[:permission_code => code] or
                Permission.create(opts.merge(:permission_code => code,
                                             :description => description)))

  # Admin users automatically get everything
  admins = Group.any_repo[:group_code => Group.ADMIN_GROUP_CODE]
  admins.grant(permission.permission_code)
end

.derived?(code) ⇒ Boolean

Returns:

• (Boolean)

# File 'backend/app/model/permission.rb', line 9

def self.derived?(code)
  @derived_permissions.any? {|p| p[:permission_code].casecmp(code) == 0}
end

.derived_permissions_for(code) ⇒ Object

# File 'backend/app/model/permission.rb', line 14

def self.derived_permissions_for(code)
  @derived_permissions.select {|p| p[:implied_by].casecmp(code) == 0}.
                       map {|p| p[:permission_code]}
end

.hide(code) ⇒ Object

These methods provide a mechanism for plugins to hide (or show) permissions that are not relevant due to customizations made by the plugin. This is done by setting the :system attribute to true. System permissions behave exactly like other permissions except they are hidden from the user. NOTE: the update is done via a direct database query rather than via the model because the permission table does not have a :lock_version column, so the optimistic_locking plugin freaks out on Permission.update

# File 'backend/app/model/permission.rb', line 53

def self.hide(code)
  DB.open do |db|
    db[:permission].filter(:permission_code => code).update(:system => 1)
  end
end

.show(code) ⇒ Object

# File 'backend/app/model/permission.rb', line 59

def self.show(code)
  DB.open do |db|
    db[:permission].filter(:permission_code => code).update(:system => 0)
  end
end