Module: Authorizable::ModelMethods::ClassMethods
- Defined in:
- lib/authorizable.rb
Instance Method Summary (collapse)
-
- (Object) acts_as_authorizable
This mixin method will manage different inclusion regarding the type of the object calling it , so :
-
define the scope useful to get objects list depending on permissions and workspaces
-
include the specific instance methods allowing to check permission on an object instance.
-
Instance Method Details
- (Object) acts_as_authorizable
This mixin method will manage different inclusion regarding the type of the object calling it , so :
-
define the scope useful to get objects list depending on permissions and workspaces
-
include the specific instance methods allowing to check permission on an object instance
55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 |
# File 'lib/authorizable.rb', line 55 def include Authorizable::ModelMethods::InstanceMethods if ITEMS.include?(self.to_s.underscore) named_scope :matching_user_with_permission_in_containers, lambda { |user, , container_ids, container| # Check if these workspace are matching the really authorized ones, and set 'nil for all' condition #@container_ids ||= container.classify.constantize.allowed_user_with_permission(user, self.to_s.underscore + '_' + permission, container).find(:all, :select => "#{container.pluralize}.id, #{container.pluralize}.title").map{ |e| e.id.to_i } container_ids ||= container.classify.constantize.(user, self.to_s.underscore + '_' + , container).map{ |e| e.id.to_i } container_ids = container_ids.map{|w_id| w_id.to_i} & container.classify.constantize.(user, self.to_s.underscore + '_' + , container).map{ |e| e.id.to_i } # So we can retrieve directly as the workspaces are checked, hihihi if container_ids.first { :select => "DISTINCT #{self.to_s.underscore.pluralize}.*", :joins => "LEFT JOIN items_#{container.pluralize} ON #{self.to_s.underscore.pluralize}.id = items_#{container.pluralize}.itemable_id AND items_#{container.pluralize}.itemable_type='#{self.to_s}'", :conditions => "items_#{container.pluralize}.#{container}_id IN (#{container_ids.join(',')})"} else # In order to return nothing ... { :conditions => "1=2"} end } include Authorizable::ModelMethods::ItemInstanceMethods elsif CONTAINERS.include?(self.to_s.underscore) named_scope :matching_user_with_permission_in_containers, lambda { |user, , container_ids, container| # Check if these workspace are matching the really authorized ones, and set 'nil for all' condition container_ids ||= container.classify.constantize.(user, container + '_' + , container).map{ |e| e.id.to_i } container_ids = container_ids.map{|w_id| w_id.to_i} & container.classify.constantize.(user, self.to_s.underscore + '_' + , container).map{ |e| e.id.to_i } # In case of system permission if user.(container, ) { } # So we can retrieve directly as the workspaces are checked, hihihi elsif container_ids.first { :conditions => "id IN (#{container_ids.join(',')})" } else # In order to return nothing ... { :conditions => "1=2"} end } # Scope getting the workspaces authorized for an user with a specific permission named_scope :allowed_user_with_permission, lambda { |user, , container| raise 'User required' unless user raise 'Permission name' unless if user.has_system_role('superadmin') { :order => "#{container.pluralize}.title ASC" } else { :joins => "LEFT JOIN users_containers ON users_containers.containerable_id = #{container.pluralize}.id AND users_containers.containerable_type = '#{container.capitalize}' AND users_containers.user_id = #{user.id.to_i} "+ "LEFT JOIN permissions_roles ON permissions_roles.role_id = users_containers.role_id "+ "LEFT JOIN permissions ON permissions_roles.permission_id = permissions.id", :conditions => "permissions.name = '#{.to_s}'" , :select => "DISTINCT #{container.pluralize}.*", :order => "#{container.pluralize}.title ASC" } end } # Scope getting the workspaces authorized for an user with a specific role named_scope :allowed_user_with_container_role, lambda { |user, role_name, container| raise 'User required' unless user raise 'Role name' unless role_name { :joins => "LEFT JOIN users_containers ON users_containers.containerable_id = #{container.pluralize}.id AND users_containers.containerable_type = '#{container.capitalize}' AND users_containers.user_id = #{user.id.to_i} "+ "LEFT JOIN roles ON roles.id = users_containers.role_id", :conditions => "roles.name = '#{role_name.to_s}'" , :select => "DISTINCT #{container.pluralize}.*", :order => "#{container.pluralize}.title ASC" } } include Authorizable::ModelMethods::ContainerInstanceMethods elsif ['user'].include?(self.to_s.underscore) named_scope :matching_user_with_permission_in_containers, lambda { |user, , container_ids, container| # Check if these workspace are matching the really authorized ones, and set 'nil for all' condition container_ids ||= container.classify.constantize.(user, self.to_s.underscore+'_'+, container).map{ |e| e.id.to_i } container_ids = container_ids.map{|w_id| w_id.to_i} & container.classify.constantize.(user, self.to_s.underscore + '_' + , container).map{ |e| e.id.to_i } # In case of system permission if user.(self.to_s.underscore, ) {} # So we can retrieve directly as the workspaces are checked, hihihi elsif container_ids.first { :select => "DISTINCT #{self.to_s.underscore.pluralize}.*", :joins => "LEFT JOIN users_containers ON #{self.to_s.underscore.pluralize}.id = users_containers.user_id", :conditions => "users_containers.#{container}_id IN (#{container_ids.join(',')})" } else # In order to return nothing ... { :conditions => "1=2"} end } include Authorizable::ModelMethods::UserInstanceMethods end end |
