Module: Card::Set::All::Permissions
- Extended by:
- Card::Set
- Defined in:
- platypus/tmp/set/gem-defaults/mod007-permissions/all/permissions.rb
Overview
Set: All cards (Permissions)
Defined Under Namespace
Modules: ClassMethods
Constant Summary
Constants included
from Helpers
Helpers::SET_PATTERN_TEST_REGEXP
Constants included
from Event::Api
Event::Api::OPTIONS
Class Method Summary
collapse
Instance Method Summary
collapse
Methods included from Card::Set
reset
Methods included from I18nScope
#mod_name, #scope
Methods included from Registrar
#extended, #finalize_load, #process_base_modules, #register_set
Methods included from Helpers
#format_module, #format_modules, #method_missing, #modules, #pattern_code, #respond_to_missing?, #set_name_parts, #shortname, #underscored_name
#assign_type, #attachment, #define_set_from_error, #ensure_set, #setting_opts, #stage_method
Methods included from Format
#before, #format, layout_method_name, #view, view_method_name, view_setting_method_name, wrapper_method_name
#include_set, #include_set_formats
Methods included from Trait
#card_accessor, #card_reader, #card_writer, #require_field
Methods included from Event::Api
#event
Class Method Details
.source_location ⇒ Object
7
|
# File 'platypus/tmp/set/gem-defaults/mod007-permissions/all/permissions.rb', line 7
def self.source_location; "/Users/ethan/dev/decko/gem/mod/permissions/set/all/permissions.rb"; end
|
Instance Method Details
#action_for_permission_check ⇒ Object
226
227
228
|
# File 'platypus/tmp/set/gem-defaults/mod007-permissions/all/permissions.rb', line 226
def action_for_permission_check
? :update : action
end
|
#add_to_read_rule_update_queue(updates) ⇒ Object
216
217
218
|
# File 'platypus/tmp/set/gem-defaults/mod007-permissions/all/permissions.rb', line 216
def add_to_read_rule_update_queue updates
@read_rule_update_queue = Array.wrap(@read_rule_update_queue).concat updates
end
|
#anyone_can?(action) ⇒ Boolean
48
49
50
|
# File 'platypus/tmp/set/gem-defaults/mod007-permissions/all/permissions.rb', line 48
def anyone_can? action
who_can(action).include? AnyoneID
end
|
#deny_because(why) ⇒ Object
98
99
100
101
|
# File 'platypus/tmp/set/gem-defaults/mod007-permissions/all/permissions.rb', line 98
def deny_because why
@permission_errors << why if @permission_errors
false
end
|
#direct_rule_card(action) ⇒ Object
52
53
54
55
56
|
# File 'platypus/tmp/set/gem-defaults/mod007-permissions/all/permissions.rb', line 52
def direct_rule_card action
direct_rule_id = rule_card_id action
require_permission_rule! direct_rule_id, action
Card.quick_fetch direct_rule_id
end
|
#each_field_as_bot(&block) ⇒ Object
187
188
189
190
191
192
193
194
|
# File 'platypus/tmp/set/gem-defaults/mod007-permissions/all/permissions.rb', line 187
def each_field_as_bot &block
Auth.as_bot do
field_cards.compact.each(&block)
end
end
|
#event: check_permissions ⇒ Object
220
221
222
223
224
|
# File 'platypus/tmp/set/gem-defaults/mod007-permissions/all/permissions.rb', line 220
event :check_permissions, :validate do
track_permission_errors do
ok? action_for_permission_check
end
end
|
#event: set_field_read_rules ⇒ Object
175
176
177
|
# File 'platypus/tmp/set/gem-defaults/mod007-permissions/all/permissions.rb', line 175
event :set_field_read_rules, after: :set_read_rule, on: :update, changed: :type_id do
each_field_as_bot(&:update_read_rule)
end
|
#event: set_read_rule ⇒ Object
don’t know why we introduced this
but we have to preserve read rules to make
delete acts visible in recent changes -pk
event :clear_read_rule, :store, on: :delete do
self.read_rule_id = self.read_rule_class = nil
end
169
170
171
172
173
|
# File 'platypus/tmp/set/gem-defaults/mod007-permissions/all/permissions.rb', line 169
event :set_read_rule, :store, on: :save, changed: %i[type_id name] do
read_rule_id, read_rule_class = permission_rule_id_and_class(:read)
self.read_rule_id = read_rule_id
self.read_rule_class = read_rule_class
end
|
#event: update_read_rule ⇒ Object
203
204
205
206
207
208
209
210
211
212
213
214
|
# File 'platypus/tmp/set/gem-defaults/mod007-permissions/all/permissions.rb', line 203
event :update_read_rule do
without_timestamps do
reset_patterns rcard_id, rclass = permission_rule_id_and_class :read
self.read_rule_id = rcard_id
self.read_rule_class = rclass
Card.where(id: id).update_all read_rule_id: rcard_id, read_rule_class: rclass
expire :hard
update_field_read_rules
end
end
|
#left_permission_rule_id(action) ⇒ Object
70
71
72
73
74
|
# File 'platypus/tmp/set/gem-defaults/mod007-permissions/all/permissions.rb', line 70
def left_permission_rule_id action
lcard = left_or_new(skip_virtual: true, skip_modules: true)
action = :update if action == :create && lcard.real? && lcard.action != :create
lcard.permission_rule_id action
end
|
#ok?(action) ⇒ Boolean
ok? and ok! are public facing methods to approve one action at a time
fetching: if the optional :trait parameter is supplied, it is passed
to fetch and the test is perfomed on the fetched card, therefore:
trait: :account would fetch this card plus a tag codenamed :account
trait: :roles, new: {} would initialize a new card with default ({}) options.
34
35
36
37
38
39
40
41
42
|
# File 'platypus/tmp/set/gem-defaults/mod007-permissions/all/permissions.rb', line 34
def ok? action
@ok ||= {}
aok = @ok[Auth.as_id] ||= {}
if (cached = aok[action])
cached
else
aok[action] = send "ok_to_#{action}"
end
end
|
#ok_to_create ⇒ Object
123
124
125
126
127
128
|
# File 'platypus/tmp/set/gem-defaults/mod007-permissions/all/permissions.rb', line 123
def ok_to_create
return false unless permit :create
return true if simple?
%i[left right].find { |side| !ok_to_create_side side } ? false : true
end
|
#ok_to_create_side(side) ⇒ Object
130
131
132
133
134
135
136
137
138
139
140
|
# File 'platypus/tmp/set/gem-defaults/mod007-permissions/all/permissions.rb', line 130
def ok_to_create_side side
return true if side == :left && superleft
part_card = send side, new: {}
return true unless part_card&.new_card? && !part_card.ok?(:create)
deny_because you_cant("create #{part_card.name}")
false
end
|
#ok_to_delete ⇒ Object
158
159
160
|
# File 'platypus/tmp/set/gem-defaults/mod007-permissions/all/permissions.rb', line 158
def ok_to_delete
permit :delete
end
|
#ok_to_read ⇒ Object
142
143
144
145
146
147
148
149
|
# File 'platypus/tmp/set/gem-defaults/mod007-permissions/all/permissions.rb', line 142
def ok_to_read
return true if Auth.always_ok?
self.read_rule_id ||= permission_rule_id :read
return true if Auth.as_card.read_rules_hash[read_rule_id]
deny_because you_cant "read this"
end
|
#ok_to_update ⇒ Object
151
152
153
154
155
156
|
# File 'platypus/tmp/set/gem-defaults/mod007-permissions/all/permissions.rb', line 151
def ok_to_update
return false unless permit(:update)
return true unless type_id_changed? && !permitted?(:create)
deny_because you_cant("change to this type (need create permission)")
end
|
#permission_rule_card(action) ⇒ Object
76
77
78
|
# File 'platypus/tmp/set/gem-defaults/mod007-permissions/all/permissions.rb', line 76
def permission_rule_card action
Card.fetch permission_rule_id(action)
end
|
#permission_rule_id(action) ⇒ Object
58
59
60
61
62
63
64
|
# File 'platypus/tmp/set/gem-defaults/mod007-permissions/all/permissions.rb', line 58
def permission_rule_id action
if compound? && rule(action).match?(/^\[?\[?_left\]?\]?$/)
left_permission_rule_id action
else
rule_card_id action
end
end
|
#permission_rule_id_and_class(action) ⇒ Object
66
67
68
|
# File 'platypus/tmp/set/gem-defaults/mod007-permissions/all/permissions.rb', line 66
def permission_rule_id_and_class action
[permission_rule_id(action), direct_rule_card(action).rule_class_name]
end
|
#permit(action, verb = nil) ⇒ Object
110
111
112
113
114
115
116
117
118
119
120
121
|
# File 'platypus/tmp/set/gem-defaults/mod007-permissions/all/permissions.rb', line 110
def permit action, verb=nil
if Card.config.read_only
deny_because "Currently in read-only mode"
return false
end
return true if permitted? action
verb ||= action.to_s
deny_because you_cant("#{verb} #{name.present? ? name : 'this'}")
end
|
#permitted?(action) ⇒ Boolean
103
104
105
106
107
108
|
# File 'platypus/tmp/set/gem-defaults/mod007-permissions/all/permissions.rb', line 103
def permitted? action
return false if Card.config.read_only return true if Auth.always_ok?
Auth.as_card.among? who_can(action)
end
|
#repair_permissions! ⇒ Object
18
19
20
21
|
# File 'platypus/tmp/set/gem-defaults/mod007-permissions/all/permissions.rb', line 18
def repair_permissions!
rule_id, rule_class = permission_rule_id_and_class :read
update_columns read_rule_id: rule_id, read_rule_class: rule_class
end
|
#require_permission_rule!(rule_id, action) ⇒ Object
80
81
82
83
84
85
86
87
88
|
# File 'platypus/tmp/set/gem-defaults/mod007-permissions/all/permissions.rb', line 80
def require_permission_rule! rule_id, action
return if rule_id
errors.add :permission_denied,
t(:permission_error_no_action_rule, action: action, name: name)
raise Card::Error::PermissionDenied, self
end
|
#rule_class_name ⇒ Object
90
91
92
|
# File 'platypus/tmp/set/gem-defaults/mod007-permissions/all/permissions.rb', line 90
def rule_class_name
trunk.type_id == SetID ? name.trunk_name.tag : nil
end
|
#track_permission_errors ⇒ Object
230
231
232
233
234
235
236
|
# File 'platypus/tmp/set/gem-defaults/mod007-permissions/all/permissions.rb', line 230
def track_permission_errors
@permission_errors = []
result = yield
@permission_errors.each { |msg| errors.add :permission_denied, msg }
@permission_errors = nil
result
end
|
#update_field_read_rules ⇒ Object
179
180
181
182
183
184
185
|
# File 'platypus/tmp/set/gem-defaults/mod007-permissions/all/permissions.rb', line 179
def update_field_read_rules
return unless type_id_changed? || read_rule_id_changed?
each_field_as_bot do |field|
field.update_read_rule if field.rule(:read) == "_left"
end
end
|
#who_can(action) ⇒ Object
44
45
46
|
# File 'platypus/tmp/set/gem-defaults/mod007-permissions/all/permissions.rb', line 44
def who_can action
permission_rule_card(action).item_cards.map(&:id)
end
|
#without_timestamps ⇒ Object
196
197
198
199
200
201
|
# File 'platypus/tmp/set/gem-defaults/mod007-permissions/all/permissions.rb', line 196
def without_timestamps
Card.record_timestamps = false
yield
ensure
Card.record_timestamps = true
end
|
#you_cant(what) ⇒ Object
94
95
96
|
# File 'platypus/tmp/set/gem-defaults/mod007-permissions/all/permissions.rb', line 94
def you_cant what
"You don't have permission to #{what}"
end
|