summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
authorsimon <simon@zagal.local>2009-02-15 19:52:11 +0100
committerhukl <hukl@eight.local>2009-02-15 20:22:51 +0100
commit41abc82e4db97d9d9eb4bab4af95d5550f9516b5 (patch)
treeef2cd2256b9cb36b9ece4944f7b0e8c046e44d3a /app
parent874b7af0499fc73313a60debada20134d536a941 (diff)
* permission api on user model
Diffstat (limited to 'app')
-rw-r--r--app/models/permission.rb8
-rw-r--r--app/models/user.rb52
2 files changed, 57 insertions, 3 deletions
diff --git a/app/models/permission.rb b/app/models/permission.rb
index 3914c9c..438538e 100644
--- a/app/models/permission.rb
+++ b/app/models/permission.rb
@@ -1,11 +1,13 @@
1class Permission < ActiveRecord::Base 1class Permission < ActiveRecord::Base
2 # Validations 2 # Validations
3 validates_presence_of :user_id, :node_id, :granted 3 validates_presence_of :user_id, :node_id, :granted
4 validates_inclusion_of :granted, :in => [true, false]
4 5
5 # Associations 6 # Associations
6 belongs_to :user 7 belongs_to :user
7 belongs_to :node 8 belongs_to :node
8 9
9 # Security 10 # Named scopes
10 attr_protected :user_id, :node_id, :granted # Allow no mass assignments 11 named_scope :for_node, lambda { |node| { :conditions => ['node_id = ?', (node.is_a? Node ? node.id : node)] } }
12 named_scope :for_user, lambda { |user| { :conditions => ['user_id = ?', (user.is_a? User ? user.id : user)] } }
11end 13end
diff --git a/app/models/user.rb b/app/models/user.rb
index 2bb4879..365fa8a 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -38,4 +38,56 @@ class User < ActiveRecord::Base
38 def email=(value) 38 def email=(value)
39 write_attribute :email, (value ? value.downcase : nil) 39 write_attribute :email, (value ? value.downcase : nil)
40 end 40 end
41
42 # Permission stuff
43
44 def grant(node)
45 set_permission(true, node)
46 end
47
48 def revoke(node)
49 set_permission(false, node)
50 end
51
52 def inherit(node)
53 permission = self.permissions.for_node(node).first
54 permission.destroy if permission
55 end
56
57 def get_permission_for(node)
58 permissions = {}
59 self.permissions.for_node(node).each do |permission|
60 permissions[permission.identifier.to_sym] = permission.granted
61 end
62 permissions
63 end
64
65 # Checks for permission on the node and if necessary ascends the
66 # nodetree until permission is found or returns false if it is not found
67 # at all.
68 def has_permission?(node)
69 node_permission = self.permissions.for_node(node)
70 return node_permission unless node_permission.nil?
71
72 node.ancestors.reverse.each do |p|
73 local_permission = self.get_permissions_for(p)[identifier]
74 unless local_permission.nil?
75 return local_permission
76 end
77 end
78
79 return false
80 end
81
82 private
83
84 def set_permission(granted, node)
85 permission = self.permissions.for_node(node).first
86 if permission
87 permission.granted = granted
88 else
89 self.permissions.create!( :node => node,
90 :granted => granted )
91 end
92 end
41end 93end