diff options
| author | simon <simon@zagal.local> | 2009-02-15 19:52:11 +0100 |
|---|---|---|
| committer | hukl <hukl@eight.local> | 2009-02-15 20:22:51 +0100 |
| commit | 41abc82e4db97d9d9eb4bab4af95d5550f9516b5 (patch) | |
| tree | ef2cd2256b9cb36b9ece4944f7b0e8c046e44d3a /app/models | |
| parent | 874b7af0499fc73313a60debada20134d536a941 (diff) | |
* permission api on user model
Diffstat (limited to 'app/models')
| -rw-r--r-- | app/models/permission.rb | 8 | ||||
| -rw-r--r-- | app/models/user.rb | 52 |
2 files changed, 57 insertions, 3 deletions
diff --git a/app/models/permission.rb b/app/models/permission.rb index 3914c9c..438538e 100644 --- a/app/models/permission.rb +++ b/app/models/permission.rb | |||
| @@ -1,11 +1,13 @@ | |||
| 1 | class Permission < ActiveRecord::Base | 1 | class Permission < ActiveRecord::Base |
| 2 | # Validations | 2 | # Validations |
| 3 | validates_presence_of :user_id, :node_id, :granted | 3 | validates_presence_of :user_id, :node_id, :granted |
| 4 | validates_inclusion_of :granted, :in => [true, false] | ||
| 4 | 5 | ||
| 5 | # Associations | 6 | # Associations |
| 6 | belongs_to :user | 7 | belongs_to :user |
| 7 | belongs_to :node | 8 | belongs_to :node |
| 8 | 9 | ||
| 9 | # Security | 10 | # Named scopes |
| 10 | attr_protected :user_id, :node_id, :granted # Allow no mass assignments | 11 | named_scope :for_node, lambda { |node| { :conditions => ['node_id = ?', (node.is_a? Node ? node.id : node)] } } |
| 12 | named_scope :for_user, lambda { |user| { :conditions => ['user_id = ?', (user.is_a? User ? user.id : user)] } } | ||
| 11 | end | 13 | end |
diff --git a/app/models/user.rb b/app/models/user.rb index 2bb4879..365fa8a 100644 --- a/app/models/user.rb +++ b/app/models/user.rb | |||
| @@ -38,4 +38,56 @@ class User < ActiveRecord::Base | |||
| 38 | def email=(value) | 38 | def email=(value) |
| 39 | write_attribute :email, (value ? value.downcase : nil) | 39 | write_attribute :email, (value ? value.downcase : nil) |
| 40 | end | 40 | end |
| 41 | |||
| 42 | # Permission stuff | ||
| 43 | |||
| 44 | def grant(node) | ||
| 45 | set_permission(true, node) | ||
| 46 | end | ||
| 47 | |||
| 48 | def revoke(node) | ||
| 49 | set_permission(false, node) | ||
| 50 | end | ||
| 51 | |||
| 52 | def inherit(node) | ||
| 53 | permission = self.permissions.for_node(node).first | ||
| 54 | permission.destroy if permission | ||
| 55 | end | ||
| 56 | |||
| 57 | def get_permission_for(node) | ||
| 58 | permissions = {} | ||
| 59 | self.permissions.for_node(node).each do |permission| | ||
| 60 | permissions[permission.identifier.to_sym] = permission.granted | ||
| 61 | end | ||
| 62 | permissions | ||
| 63 | end | ||
| 64 | |||
| 65 | # Checks for permission on the node and if necessary ascends the | ||
| 66 | # nodetree until permission is found or returns false if it is not found | ||
| 67 | # at all. | ||
| 68 | def has_permission?(node) | ||
| 69 | node_permission = self.permissions.for_node(node) | ||
| 70 | return node_permission unless node_permission.nil? | ||
| 71 | |||
| 72 | node.ancestors.reverse.each do |p| | ||
| 73 | local_permission = self.get_permissions_for(p)[identifier] | ||
| 74 | unless local_permission.nil? | ||
| 75 | return local_permission | ||
| 76 | end | ||
| 77 | end | ||
| 78 | |||
| 79 | return false | ||
| 80 | end | ||
| 81 | |||
| 82 | private | ||
| 83 | |||
| 84 | def set_permission(granted, node) | ||
| 85 | permission = self.permissions.for_node(node).first | ||
| 86 | if permission | ||
| 87 | permission.granted = granted | ||
| 88 | else | ||
| 89 | self.permissions.create!( :node => node, | ||
| 90 | :granted => granted ) | ||
| 91 | end | ||
| 92 | end | ||
| 41 | end | 93 | end |
