-
Notifications
You must be signed in to change notification settings - Fork 78
/
ability.rb
89 lines (74 loc) · 2.83 KB
/
ability.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
module Sufia
module Ability
extend ActiveSupport::Concern
included do
self.ability_logic += [:user_abilities,
:featured_work_abilities,
:editor_abilities,
:stats_abilities,
:citation_abilities,
:proxy_deposit_abilities,
:uploaded_file_abilities,
:feature_abilities,
:admin_set_abilities]
end
def uploaded_file_abilities
return unless registered_user?
can :create, [UploadedFile, BatchUpload]
can :destroy, UploadedFile, user: current_user
# BatchUpload permissions depend on the kind of objects being made by the batch,
# but it must be authorized directly in the controller, not here.
# Note: cannot call `authorized_models` without going recursive.
end
def proxy_deposit_abilities
can :transfer, String do |id|
user_is_depositor?(id)
end
can :create, ProxyDepositRequest if registered_user?
can :accept, ProxyDepositRequest, receiving_user_id: current_user.id, status: 'pending'
can :reject, ProxyDepositRequest, receiving_user_id: current_user.id, status: 'pending'
# a user who sent a proxy deposit request can cancel it if it's pending.
can :destroy, ProxyDepositRequest, sending_user_id: current_user.id, status: 'pending'
end
def user_abilities
can [:edit, :update, :toggle_trophy], ::User, id: current_user.id
end
def featured_work_abilities
can [:create, :destroy, :update], FeaturedWork if admin?
end
def editor_abilities
can :read, ContentBlock
return unless admin?
can :read, :admin_dashboard
can :create, TinymceAsset
can [:create, :update], ContentBlock
can :edit, ::SolrDocument
end
def stats_abilities
can :read, Sufia::Statistics if admin?
alias_action :stats, to: :read
end
def citation_abilities
alias_action :citation, to: :read
end
def feature_abilities
can :manage, Sufia::Feature if admin?
end
def admin_set_abilities
can :manage, [AdminSet, Sufia::PermissionTemplate, Sufia::PermissionTemplateAccess] if admin?
can [:create, :edit, :update, :destroy], Sufia::PermissionTemplate do |template|
test_edit(template.admin_set_id)
end
can [:create, :edit, :update, :destroy], Sufia::PermissionTemplateAccess do |access|
test_edit(access.permission_template.admin_set_id)
end
end
private
def user_is_depositor?(document_id)
CurationConcerns::WorkRelation.new.search_with_conditions(
id: document_id,
DepositSearchBuilder.depositor_field => current_user.user_key
).any?
end
end
end