From 41abc82e4db97d9d9eb4bab4af95d5550f9516b5 Mon Sep 17 00:00:00 2001 From: simon Date: Sun, 15 Feb 2009 19:52:11 +0100 Subject: * permission api on user model --- app/models/permission.rb | 8 +++++--- app/models/user.rb | 52 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 57 insertions(+), 3 deletions(-) (limited to 'app') diff --git a/app/models/permission.rb b/app/models/permission.rb index 3914c9c..438538e 100644 --- a/app/models/permission.rb +++ b/app/models/permission.rb @@ -1,11 +1,13 @@ class Permission < ActiveRecord::Base # Validations - validates_presence_of :user_id, :node_id, :granted + validates_presence_of :user_id, :node_id, :granted + validates_inclusion_of :granted, :in => [true, false] # Associations belongs_to :user belongs_to :node - # Security - attr_protected :user_id, :node_id, :granted # Allow no mass assignments + # Named scopes + named_scope :for_node, lambda { |node| { :conditions => ['node_id = ?', (node.is_a? Node ? node.id : node)] } } + named_scope :for_user, lambda { |user| { :conditions => ['user_id = ?', (user.is_a? User ? user.id : user)] } } end diff --git a/app/models/user.rb b/app/models/user.rb index 2bb4879..365fa8a 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -38,4 +38,56 @@ class User < ActiveRecord::Base def email=(value) write_attribute :email, (value ? value.downcase : nil) end + + # Permission stuff + + def grant(node) + set_permission(true, node) + end + + def revoke(node) + set_permission(false, node) + end + + def inherit(node) + permission = self.permissions.for_node(node).first + permission.destroy if permission + end + + def get_permission_for(node) + permissions = {} + self.permissions.for_node(node).each do |permission| + permissions[permission.identifier.to_sym] = permission.granted + end + permissions + end + + # Checks for permission on the node and if necessary ascends the + # nodetree until permission is found or returns false if it is not found + # at all. + def has_permission?(node) + node_permission = self.permissions.for_node(node) + return node_permission unless node_permission.nil? + + node.ancestors.reverse.each do |p| + local_permission = self.get_permissions_for(p)[identifier] + unless local_permission.nil? + return local_permission + end + end + + return false + end + + private + + def set_permission(granted, node) + permission = self.permissions.for_node(node).first + if permission + permission.granted = granted + else + self.permissions.create!( :node => node, + :granted => granted ) + end + end end -- cgit v1.3