From 41abc82e4db97d9d9eb4bab4af95d5550f9516b5 Mon Sep 17 00:00:00 2001 From: simon Date: Sun, 15 Feb 2009 19:52:11 +0100 Subject: * permission api on user model --- app/models/permission.rb | 8 +++++--- app/models/user.rb | 52 ++++++++++++++++++++++++++++++++++++++++++++++++ doc/README_FOR_APP | 1 - test/fixtures/nodes.yml | 6 +++--- 4 files changed, 60 insertions(+), 7 deletions(-) diff --git a/app/models/permission.rb b/app/models/permission.rb index 3914c9c..438538e 100644 --- a/app/models/permission.rb +++ b/app/models/permission.rb @@ -1,11 +1,13 @@ class Permission < ActiveRecord::Base # Validations - validates_presence_of :user_id, :node_id, :granted + validates_presence_of :user_id, :node_id, :granted + validates_inclusion_of :granted, :in => [true, false] # Associations belongs_to :user belongs_to :node - # Security - attr_protected :user_id, :node_id, :granted # Allow no mass assignments + # Named scopes + named_scope :for_node, lambda { |node| { :conditions => ['node_id = ?', (node.is_a? Node ? node.id : node)] } } + named_scope :for_user, lambda { |user| { :conditions => ['user_id = ?', (user.is_a? User ? user.id : user)] } } end diff --git a/app/models/user.rb b/app/models/user.rb index 2bb4879..365fa8a 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -38,4 +38,56 @@ class User < ActiveRecord::Base def email=(value) write_attribute :email, (value ? value.downcase : nil) end + + # Permission stuff + + def grant(node) + set_permission(true, node) + end + + def revoke(node) + set_permission(false, node) + end + + def inherit(node) + permission = self.permissions.for_node(node).first + permission.destroy if permission + end + + def get_permission_for(node) + permissions = {} + self.permissions.for_node(node).each do |permission| + permissions[permission.identifier.to_sym] = permission.granted + end + permissions + end + + # Checks for permission on the node and if necessary ascends the + # nodetree until permission is found or returns false if it is not found + # at all. + def has_permission?(node) + node_permission = self.permissions.for_node(node) + return node_permission unless node_permission.nil? + + node.ancestors.reverse.each do |p| + local_permission = self.get_permissions_for(p)[identifier] + unless local_permission.nil? + return local_permission + end + end + + return false + end + + private + + def set_permission(granted, node) + permission = self.permissions.for_node(node).first + if permission + permission.granted = granted + else + self.permissions.create!( :node => node, + :granted => granted ) + end + end end diff --git a/doc/README_FOR_APP b/doc/README_FOR_APP index eeb47c0..6e95bd7 100644 --- a/doc/README_FOR_APP +++ b/doc/README_FOR_APP @@ -123,7 +123,6 @@ Bob has no permissions whatsoever still he is allowed to edit a #Page anywhere, because this action will only create a new revision of the #Page which is not immediately published. He won't be able to manipulate a #Node in any way (unique_name, slug, ordering, structure) because this would affect the frontend -without further notice. Having a #Permission on a #Node makes Bob an admin for this #Node and all it's children. Now Bob can do pretty much anything on these nodes including such fun diff --git a/test/fixtures/nodes.yml b/test/fixtures/nodes.yml index 07ac089..d244a2c 100644 --- a/test/fixtures/nodes.yml +++ b/test/fixtures/nodes.yml @@ -1,6 +1,6 @@ # Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html -one: +root: id: 1 lft: 1 rgt: 6 @@ -9,7 +9,7 @@ one: unique_name: -two: +first_child: id: 2 lft: 2 rgt: 3 @@ -17,7 +17,7 @@ two: slug: first_child unique_name: first_child -three: +second_child: id: 3 lft: 4 rgt: 5 -- cgit v1.3