Class: Ability

Inherits:
Object
  • Object
show all
Includes:
CanCan::Ability
Defined in:
app/models/ability.rb

Instance Method Summary collapse

Constructor Details

#initialize(user) ⇒ Ability

Returns a new instance of Ability.


4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
# File 'app/models/ability.rb', line 4

def initialize(user)
  if user.blank?
    # not logged in
    cannot :manage, :all
    basic_read_only

  elsif user.has_role?(:admin)
    # admin
    can :manage, :all
  elsif user.has_role?(:member)
    # Topic
    unless user.newbie?
      can :create, Topic
    end
    can :favorite, Topic
    can :unfavorite, Topic
    can :follow, Topic
    can :unfollow, Topic
    can :update, Topic do |topic|
      (topic.user_id == user.id)
    end
    can :change_node, Topic do |topic|
      topic.lock_node == false || user.admin?
    end
    can :destroy, Topic do |topic|
      (topic.user_id == user.id) && (topic.replies_count == 0)
    end

    # Reply
    # 新手用户晚上禁止回帖,防 spam,可在面板设置是否打开
    unless user.newbie? &&
           (Setting.reject_newbie_reply_in_the_evening == 'true') &&
           (Time.zone.now.hour < 9 || Time.zone.now.hour > 22)
      can :create, Reply
    end
    can :update, Reply do |reply|
      reply.user_id == user.id
    end
    can :destroy, Reply do |reply|
      reply.user_id == user.id
    end

    # Note
    can :create, Note
    can :update, Note do |note|
      note.user_id == user.id
    end
    can :destroy, Note do |note|
      note.user_id == user.id
    end
    can :read, Note do |note|
      note.user_id == user.id
    end
    can :read, Note do |note|
      note.publish == true
    end

    # Wiki
    if user.has_role?(:wiki_editor)
      can :create, Page
      can :edit, Page do |page|
        page.locked == false
      end
      can :update, Page do |page|
        page.locked == false
      end
    end

    # Photo
    can :tiny_new, Photo
    can :create, Photo
    can :update, Photo do |photo|
      photo.user_id == photo.id
    end
    can :destroy, Photo do |photo|
      photo.user_id == photo.id
    end

    # Comment
    can :create, Comment
    can :update, Comment do |comment|
      comment.user_id == comment.id
    end
    can :destroy, Comment do |comment|
      comment.user_id == comment.id
    end

    # Site
    if user.has_role?(:site_editor)
      can :create, Site
    end

    basic_read_only
  else
    # banned or unknown situation
    cannot :manage, :all
    basic_read_only
  end
end