/
authorization_rules.rb
258 lines (246 loc) · 9.79 KB
/
authorization_rules.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
# frozen_string_literal: true
authorization do
role :root do
has_omnipotence
end
role :admin do
includes :member
has_permission_on :group_members, :group_memberships, :group_membership_requests, :group_profiles, :group_prefs, to: :manage
has_permission_on :admin_groups, to: %i[manage disable enable]
has_permission_on :group_requests do
to %i[index review confirm reject destroy]
end
has_permission_on :admin_users, to: %i[manage approve]
has_permission_on :admin_user_locations, to: %i[manage geometry combined_geometry]
has_permission_on :admin_home, to: :view
has_permission_on :admin_message_moderations, to: :view
has_permission_on :admin_stats, to: :view
has_permission_on :admin_planning_filters, to: :manage
has_permission_on :admin_site_configs, to: :manage
has_permission_on :admin_templates, to: :show
has_permission_on :issues, to: %i[edit update destroy]
has_permission_on :"library/documents", :library_documents, :library_notes, to: :manage
has_permission_on :message_threads, :group_message_threads, :issue_message_threads, to: %i[manage edit_all_fields]
has_permission_on :messages, to: %i[censor approve reject]
has_permission_on :site_comments, to: :manage
has_permission_on :user_prefs, :user_profiles, to: :manage
has_permission_on :users, to: %i[view_profile view_full_name]
has_permission_on :rails_mailers, to: %i[view index preview]
end
role :member do
includes :guest
has_permission_on :dashboards, to: [:show]
has_permission_on :group_requests do
to %i[new create]
end
has_permission_on :group_requests do
to :cancel
if_attribute user: is { user }
end
has_permission_on :groups do
to :view_active_users
if_attribute committee_members: contains { user }
end
has_permission_on :group_members, :group_memberships do
to :manage
if_attribute committee_members: contains { user }
end
has_permission_on :group_potential_members do
to %i[new create]
if_attribute committee_members: contains { user }
end
has_permission_on :group_membership_requests do
to %i[new create]
end
has_permission_on :group_membership_requests do
to :cancel
if_attribute user: is { user }
end
has_permission_on :group_membership_requests do
to %i[index review confirm reject]
if_attribute committee_members: contains { user }
end
has_permission_on :group_prefs do
to :manage
if_attribute committee_members: contains { user }
end
has_permission_on :group_profiles do
to :manage
if_attribute committee_members: contains { user }
end
has_permission_on :group_message_moderations do
to :index
if_attribute committee_members: contains { user }
end
has_permission_on :issues, to: %i[new create vote_up vote_clear]
has_permission_on :issues do
to %i[edit update]
if_attribute created_by: is { user }
end
has_permission_on :issue_tags, to: [:update]
has_permission_on :messages, to: %i[new]
has_permission_on :messages, to: %i[create vote_up vote_clear] do
if_permitted_to :show, :thread
end
has_permission_on :message_library_notes, to: %i[new create]
has_permission_on :message_library_documents, to: %i[new create]
has_permission_on :issue_message_threads, to: %i[new create]
has_permission_on :group_message_threads do
to %i[new create]
if_attribute group: is_in { user.groups }
end
has_permission_on :message_threads, :group_message_threads, :issue_message_threads do
to %i[manage edit_all_fields]
if_attribute group_committee_members: contains { user }
end
has_permission_on :message_threads, :group_message_threads, :issue_message_threads do
to %i[edit update]
if_attribute created_by: is { user }, created_at_as_i: is_in { 24.hours.ago.to_i..Time.now.to_i }
end
has_permission_on :message_threads, :group_message_threads, :issue_message_threads do
to :show
if_attribute private_to_committee?: is { true }, group_committee_members: contains { user }
end
has_permission_on :message_threads, :group_message_threads, :issue_message_threads do
to :view
if_attribute private_message?: is { true }, user: is { user }
if_attribute private_message?: is { true }, created_by: is { user }
end
has_permission_on :message_threads, :group_message_threads, :issue_message_threads do
to :show
if_attribute private_to_group?: is { true }, group: is_in { user.groups }
end
has_permission_on :message_threads do
to :open
if_attribute subscribers: contains { user }, closed: is { true }
end
has_permission_on :message_threads do
to :close
if_attribute subscribers: contains { user }, closed: is { false }
end
has_permission_on :message_threads do
to :vote_detail
if_permitted_to :show
end
has_permission_on :messages do
to %i[censor approve reject]
if_attribute thread: { group_committee_members: contains { user } }
end
has_permission_on :message_thread_subscriptions, to: %i[destroy edit] do
if_attribute user: is { user }
end
has_permission_on :message_thread_subscriptions do
to [:create]
if_attribute thread: { public?: true }
end
has_permission_on :message_thread_subscriptions do
to [:create]
if_attribute thread: { private_to_group?: true, group: is_in { user.groups } }
end
has_permission_on :message_thread_subscriptions do
to [:create]
if_attribute thread: { private_to_committee?: true, group_committee_members: contains { user } }
end
has_permission_on :message_thread_tags, to: :update
has_permission_on :message_thread_user_priorities, to: %i[create update]
has_permission_on [:message_thread_leaders], join_by: :and do
to [:create]
if_attribute subscribers: contains { user }, closed: false
end
has_permission_on(
:message_cyclestreets_photos, :message_documents,
:message_library_items, :message_photos
) do
to %i[create view]
if_permitted_to :show, :thread
end
has_permission_on :message_polls, to: :vote do
if_permitted_to :show, :thread
end
has_permission_on :libraries, :library_documents, :library_notes, to: %i[index new create show]
has_permission_on :"library/documents", :library_documents, :library_notes do
to :manage
if_attribute created_by: is { user }
end
has_permission_on :library_tags, to: :update
has_permission_on :planning_applications, to: %i[view geometry all_geometries search show_uid hide unhide]
has_permission_on :planning_application_issues, to: %i[new create]
has_permission_on :user_locations, to: %i[manage geometry combined_geometry]
has_permission_on :user_prefs do
to :manage
if_attribute id: is { user.id }
end
has_permission_on :user_profiles do
to :manage
if_attribute id: is { user.id }
end
has_permission_on :user_profiles, to: :view do
if_permitted_to :view_profile
end
has_permission_on :users do
to :view_full_name
if_attribute id: is { user.id }
if_attribute groups: intersects_with { user.groups }
if_attribute requested_groups: intersects_with { user.in_group_committee }
end
has_permission_on :users, to: :send_private_message, join_by: :and do
if_permitted_to :view_full_name
if_attribute id: is_not { user.id }
if_attribute blocked_user_ids: does_not_contain { user.id }
if_attribute blocked_by_user_ids: does_not_contain { user.id }
end
has_permission_on :users, to: :view_profile do
if_permitted_to :view_full_name
if_attribute profile: { visibility: "public" }
end
has_permission_on :users_private_message_threads, to: %i[new create] do
if_permitted_to :view_full_name
if_attribute id: is_not { user.id }
end
has_permission_on :users_private_message_threads, to: [:index]
has_permission_on :private_messages, to: [:index]
has_permission_on :user_blocks, to: [:manage]
end
role :guest do
has_permission_on :users do
to :view_profile
if_attribute profile: { visibility: "public" }
end
has_permission_on :dashboards, to: %i[search deadlines]
has_permission_on :devise_sessions, :devise_registrations, :devise_confirmations,
:devise_invitations, :devise_passwords, :devise_invitable_registrations, :users_registrations, to: :manage
has_permission_on :home, to: :show
has_permission_on :groups, to: %i[view all_geometries search]
has_permission_on :group_profiles, to: %i[view geometry]
has_permission_on :issues, to: %i[show index geometry all_geometries search vote_detail]
has_permission_on :issue_photos, to: [:show]
has_permission_on :libraries, :library_documents, :library_notes, to: %i[view search relevant]
has_permission_on :message_threads, :group_message_threads, :issue_message_threads do
to :show
if_attribute public?: is { true }
end
has_permission_on :message_threads, :group_message_threads, :issue_message_threads, to: %i[index search]
has_permission_on :message_photos do
to :show
if_permitted_to :show, :thread
end
has_permission_on :pages, to: :show
has_permission_on :api_v1_issues, to: :index
has_permission_on :site_comments, to: %i[new create]
has_permission_on :tags, to: %i[show autocomplete_tag_name index all_geometries]
has_permission_on :user_profiles, to: :view do
if_permitted_to :view_profile
end
has_permission_on :group_hashtags do
to %i[index show]
end
end
end
privileges do
privilege :manage do
includes :view, :new, :create, :edit, :update, :destroy
end
privilege :view do
includes :index, :show
end
end