summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorsimon <simon@zagal.local>2009-02-15 19:52:11 +0100
committerhukl <hukl@eight.local>2009-02-15 20:22:51 +0100
commit41abc82e4db97d9d9eb4bab4af95d5550f9516b5 (patch)
treeef2cd2256b9cb36b9ece4944f7b0e8c046e44d3a
parent874b7af0499fc73313a60debada20134d536a941 (diff)
* permission api on user model
-rw-r--r--app/models/permission.rb8
-rw-r--r--app/models/user.rb52
-rw-r--r--doc/README_FOR_APP1
-rw-r--r--test/fixtures/nodes.yml6
4 files changed, 60 insertions, 7 deletions
diff --git a/app/models/permission.rb b/app/models/permission.rb
index 3914c9c..438538e 100644
--- a/app/models/permission.rb
+++ b/app/models/permission.rb
@@ -1,11 +1,13 @@
1class Permission < ActiveRecord::Base 1class Permission < ActiveRecord::Base
2 # Validations 2 # Validations
3 validates_presence_of :user_id, :node_id, :granted 3 validates_presence_of :user_id, :node_id, :granted
4 validates_inclusion_of :granted, :in => [true, false]
4 5
5 # Associations 6 # Associations
6 belongs_to :user 7 belongs_to :user
7 belongs_to :node 8 belongs_to :node
8 9
9 # Security 10 # Named scopes
10 attr_protected :user_id, :node_id, :granted # Allow no mass assignments 11 named_scope :for_node, lambda { |node| { :conditions => ['node_id = ?', (node.is_a? Node ? node.id : node)] } }
12 named_scope :for_user, lambda { |user| { :conditions => ['user_id = ?', (user.is_a? User ? user.id : user)] } }
11end 13end
diff --git a/app/models/user.rb b/app/models/user.rb
index 2bb4879..365fa8a 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -38,4 +38,56 @@ class User < ActiveRecord::Base
38 def email=(value) 38 def email=(value)
39 write_attribute :email, (value ? value.downcase : nil) 39 write_attribute :email, (value ? value.downcase : nil)
40 end 40 end
41
42 # Permission stuff
43
44 def grant(node)
45 set_permission(true, node)
46 end
47
48 def revoke(node)
49 set_permission(false, node)
50 end
51
52 def inherit(node)
53 permission = self.permissions.for_node(node).first
54 permission.destroy if permission
55 end
56
57 def get_permission_for(node)
58 permissions = {}
59 self.permissions.for_node(node).each do |permission|
60 permissions[permission.identifier.to_sym] = permission.granted
61 end
62 permissions
63 end
64
65 # Checks for permission on the node and if necessary ascends the
66 # nodetree until permission is found or returns false if it is not found
67 # at all.
68 def has_permission?(node)
69 node_permission = self.permissions.for_node(node)
70 return node_permission unless node_permission.nil?
71
72 node.ancestors.reverse.each do |p|
73 local_permission = self.get_permissions_for(p)[identifier]
74 unless local_permission.nil?
75 return local_permission
76 end
77 end
78
79 return false
80 end
81
82 private
83
84 def set_permission(granted, node)
85 permission = self.permissions.for_node(node).first
86 if permission
87 permission.granted = granted
88 else
89 self.permissions.create!( :node => node,
90 :granted => granted )
91 end
92 end
41end 93end
diff --git a/doc/README_FOR_APP b/doc/README_FOR_APP
index eeb47c0..6e95bd7 100644
--- a/doc/README_FOR_APP
+++ b/doc/README_FOR_APP
@@ -123,7 +123,6 @@ Bob has no permissions whatsoever still he is allowed to edit a #Page anywhere,
123because this action will only create a new revision of the #Page which is not 123because this action will only create a new revision of the #Page which is not
124immediately published. He won't be able to manipulate a #Node in any way 124immediately published. He won't be able to manipulate a #Node in any way
125(unique_name, slug, ordering, structure) because this would affect the frontend 125(unique_name, slug, ordering, structure) because this would affect the frontend
126without further notice.
127 126
128Having a #Permission on a #Node makes Bob an admin for this #Node and all it's 127Having a #Permission on a #Node makes Bob an admin for this #Node and all it's
129children. Now Bob can do pretty much anything on these nodes including such fun 128children. Now Bob can do pretty much anything on these nodes including such fun
diff --git a/test/fixtures/nodes.yml b/test/fixtures/nodes.yml
index 07ac089..d244a2c 100644
--- a/test/fixtures/nodes.yml
+++ b/test/fixtures/nodes.yml
@@ -1,6 +1,6 @@
1# Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html 1# Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html
2 2
3one: 3root:
4 id: 1 4 id: 1
5 lft: 1 5 lft: 1
6 rgt: 6 6 rgt: 6
@@ -9,7 +9,7 @@ one:
9 unique_name: 9 unique_name:
10 10
11 11
12two: 12first_child:
13 id: 2 13 id: 2
14 lft: 2 14 lft: 2
15 rgt: 3 15 rgt: 3
@@ -17,7 +17,7 @@ two:
17 slug: first_child 17 slug: first_child
18 unique_name: first_child 18 unique_name: first_child
19 19
20three: 20second_child:
21 id: 3 21 id: 3
22 lft: 4 22 lft: 4
23 rgt: 5 23 rgt: 5