Class: Permission

Inherits:
Sequel::Model
  • Object
show all
Includes:
ASModel
Defined in:
backend/app/model/permission.rb

Constant Summary

Constants included from JSONModel

JSONModel::REFERENCE_KEY_REGEX

Class Method Summary collapse

Methods included from ASModel

all_models, included, update_publish_flag, update_suppressed_flag

Methods included from JSONModel

JSONModel, #JSONModel, add_error_handler, all, allow_unmapped_enum_value, backend_url, check_valid_refs, client_mode?, custom_validations, destroy_model, enum_default_value, enum_values, handle_error, init, load_schema, #models, models, parse_jsonmodel_ref, parse_reference, repository, repository_for, schema_src, set_publish_flags!, set_repository, strict_mode, strict_mode?, validate_schema, with_repository

Class Method Details

.define(code, description, opts = {}) ⇒ Object



20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# File 'backend/app/model/permission.rb', line 20

def self.define(code, description, opts = {})
  if opts[:implied_by]
    # Derived permissions aren't actually stored in the database: we just add
    # them to the user's list of permissions at query time.
    @derived_permissions << opts.merge(:permission_code => code,
                                       :description => description)

    return
  end

  opts[:level] ||= "repository"

  opts[:system] = (opts[:system] ? 1 : 0)

  permission = (Permission[:permission_code => code] or
                Permission.create(opts.merge(:permission_code => code,
                                             :description => description)))

  # Admin users automatically get everything
  admins = Group.any_repo[:group_code => Group.ADMIN_GROUP_CODE]
  admins.grant(permission.permission_code)
end

.derived?(code) ⇒ Boolean

Returns:

  • (Boolean)


9
10
11
# File 'backend/app/model/permission.rb', line 9

def self.derived?(code)
  @derived_permissions.any? {|p| p[:permission_code].casecmp(code) == 0}
end

.derived_permissions_for(code) ⇒ Object



14
15
16
17
# File 'backend/app/model/permission.rb', line 14

def self.derived_permissions_for(code)
  @derived_permissions.select {|p| p[:implied_by].casecmp(code) == 0}.
                       map {|p| p[:permission_code]}
end

.hide(code) ⇒ Object

These methods provide a mechanism for plugins to hide (or show) permissions that are not relevant due to customizations made by the plugin. This is done by setting the :system attribute to true. System permissions behave exactly like other permissions except they are hidden from the user. NOTE: the update is done via a direct database query rather than via the model because the permission table does not have a :lock_version column, so the optimistic_locking plugin freaks out on Permission.update



53
54
55
56
57
# File 'backend/app/model/permission.rb', line 53

def self.hide(code)
  DB.open do |db|
    db[:permission].filter(:permission_code => code).update(:system => 1)
  end
end

.show(code) ⇒ Object



59
60
61
62
63
# File 'backend/app/model/permission.rb', line 59

def self.show(code)
  DB.open do |db|
    db[:permission].filter(:permission_code => code).update(:system => 0)
  end
end