diff options
| -rw-r--r-- | app/models/permission.rb | 8 | ||||
| -rw-r--r-- | app/models/user.rb | 52 | ||||
| -rw-r--r-- | doc/README_FOR_APP | 1 | ||||
| -rw-r--r-- | test/fixtures/nodes.yml | 6 |
4 files changed, 60 insertions, 7 deletions
diff --git a/app/models/permission.rb b/app/models/permission.rb index 3914c9c..438538e 100644 --- a/app/models/permission.rb +++ b/app/models/permission.rb | |||
| @@ -1,11 +1,13 @@ | |||
| 1 | class Permission < ActiveRecord::Base | 1 | class Permission < ActiveRecord::Base |
| 2 | # Validations | 2 | # Validations |
| 3 | validates_presence_of :user_id, :node_id, :granted | 3 | validates_presence_of :user_id, :node_id, :granted |
| 4 | validates_inclusion_of :granted, :in => [true, false] | ||
| 4 | 5 | ||
| 5 | # Associations | 6 | # Associations |
| 6 | belongs_to :user | 7 | belongs_to :user |
| 7 | belongs_to :node | 8 | belongs_to :node |
| 8 | 9 | ||
| 9 | # Security | 10 | # Named scopes |
| 10 | attr_protected :user_id, :node_id, :granted # Allow no mass assignments | 11 | named_scope :for_node, lambda { |node| { :conditions => ['node_id = ?', (node.is_a? Node ? node.id : node)] } } |
| 12 | named_scope :for_user, lambda { |user| { :conditions => ['user_id = ?', (user.is_a? User ? user.id : user)] } } | ||
| 11 | end | 13 | end |
diff --git a/app/models/user.rb b/app/models/user.rb index 2bb4879..365fa8a 100644 --- a/app/models/user.rb +++ b/app/models/user.rb | |||
| @@ -38,4 +38,56 @@ class User < ActiveRecord::Base | |||
| 38 | def email=(value) | 38 | def email=(value) |
| 39 | write_attribute :email, (value ? value.downcase : nil) | 39 | write_attribute :email, (value ? value.downcase : nil) |
| 40 | end | 40 | end |
| 41 | |||
| 42 | # Permission stuff | ||
| 43 | |||
| 44 | def grant(node) | ||
| 45 | set_permission(true, node) | ||
| 46 | end | ||
| 47 | |||
| 48 | def revoke(node) | ||
| 49 | set_permission(false, node) | ||
| 50 | end | ||
| 51 | |||
| 52 | def inherit(node) | ||
| 53 | permission = self.permissions.for_node(node).first | ||
| 54 | permission.destroy if permission | ||
| 55 | end | ||
| 56 | |||
| 57 | def get_permission_for(node) | ||
| 58 | permissions = {} | ||
| 59 | self.permissions.for_node(node).each do |permission| | ||
| 60 | permissions[permission.identifier.to_sym] = permission.granted | ||
| 61 | end | ||
| 62 | permissions | ||
| 63 | end | ||
| 64 | |||
| 65 | # Checks for permission on the node and if necessary ascends the | ||
| 66 | # nodetree until permission is found or returns false if it is not found | ||
| 67 | # at all. | ||
| 68 | def has_permission?(node) | ||
| 69 | node_permission = self.permissions.for_node(node) | ||
| 70 | return node_permission unless node_permission.nil? | ||
| 71 | |||
| 72 | node.ancestors.reverse.each do |p| | ||
| 73 | local_permission = self.get_permissions_for(p)[identifier] | ||
| 74 | unless local_permission.nil? | ||
| 75 | return local_permission | ||
| 76 | end | ||
| 77 | end | ||
| 78 | |||
| 79 | return false | ||
| 80 | end | ||
| 81 | |||
| 82 | private | ||
| 83 | |||
| 84 | def set_permission(granted, node) | ||
| 85 | permission = self.permissions.for_node(node).first | ||
| 86 | if permission | ||
| 87 | permission.granted = granted | ||
| 88 | else | ||
| 89 | self.permissions.create!( :node => node, | ||
| 90 | :granted => granted ) | ||
| 91 | end | ||
| 92 | end | ||
| 41 | end | 93 | end |
diff --git a/doc/README_FOR_APP b/doc/README_FOR_APP index eeb47c0..6e95bd7 100644 --- a/doc/README_FOR_APP +++ b/doc/README_FOR_APP | |||
| @@ -123,7 +123,6 @@ Bob has no permissions whatsoever still he is allowed to edit a #Page anywhere, | |||
| 123 | because this action will only create a new revision of the #Page which is not | 123 | because this action will only create a new revision of the #Page which is not |
| 124 | immediately published. He won't be able to manipulate a #Node in any way | 124 | immediately published. He won't be able to manipulate a #Node in any way |
| 125 | (unique_name, slug, ordering, structure) because this would affect the frontend | 125 | (unique_name, slug, ordering, structure) because this would affect the frontend |
| 126 | without further notice. | ||
| 127 | 126 | ||
| 128 | Having a #Permission on a #Node makes Bob an admin for this #Node and all it's | 127 | Having a #Permission on a #Node makes Bob an admin for this #Node and all it's |
| 129 | children. Now Bob can do pretty much anything on these nodes including such fun | 128 | children. Now Bob can do pretty much anything on these nodes including such fun |
diff --git a/test/fixtures/nodes.yml b/test/fixtures/nodes.yml index 07ac089..d244a2c 100644 --- a/test/fixtures/nodes.yml +++ b/test/fixtures/nodes.yml | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | # Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html | 1 | # Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html |
| 2 | 2 | ||
| 3 | one: | 3 | root: |
| 4 | id: 1 | 4 | id: 1 |
| 5 | lft: 1 | 5 | lft: 1 |
| 6 | rgt: 6 | 6 | rgt: 6 |
| @@ -9,7 +9,7 @@ one: | |||
| 9 | unique_name: | 9 | unique_name: |
| 10 | 10 | ||
| 11 | 11 | ||
| 12 | two: | 12 | first_child: |
| 13 | id: 2 | 13 | id: 2 |
| 14 | lft: 2 | 14 | lft: 2 |
| 15 | rgt: 3 | 15 | rgt: 3 |
| @@ -17,7 +17,7 @@ two: | |||
| 17 | slug: first_child | 17 | slug: first_child |
| 18 | unique_name: first_child | 18 | unique_name: first_child |
| 19 | 19 | ||
| 20 | three: | 20 | second_child: |
| 21 | id: 3 | 21 | id: 3 |
| 22 | lft: 4 | 22 | lft: 4 |
| 23 | rgt: 5 | 23 | rgt: 5 |
