class Reactor::Permission::PermissionProxy

This class acts as a proxy to underlying permission checking classes. There are three possible cases for each permission type (live, read, write, root, create_children):

  1. Given user is SuperUser - all permissions granted

  2. Given user has the permission

  3. Given user doesn't have the permission

Attributes

cache[R]
lookup[R]
obj[R]

Protected Class Methods

permissions() click to toggle source

A table with all available permissions and their identifier.

# File lib/reactor/permission.rb, line 236
def self.permissions
  @permissions ||= {
    :read => 'permissionRead',
    :root => 'permissionRoot',
    :live => 'permissionLiveServerRead',
    :write => 'permissionWrite',
    :create_children => 'permissionCreateChildren',
  }
end

Public Instance Methods

clear(permission) click to toggle source

Takes away the given permission from all groups currently set.

# File lib/reactor/permission.rb, line 205
def clear(permission)
  identifier = identifier(permission)

  crul_obj.permission_clear(identifier)
end
create_children?(user = nil) click to toggle source

Returns true if given user (or current user, if none given) has 'create_children' permission

# File lib/reactor/permission.rb, line 141
def create_children?(user = nil)
  granted?(user, :root) || granted?(user, :create_children)
end
delete?(user = nil) click to toggle source

@see root?

# File lib/reactor/permission.rb, line 146
def delete?(user = nil)
  root?(user)
end
edit?(user = nil) click to toggle source

@see write?

# File lib/reactor/permission.rb, line 161
def edit?(user = nil)
  write?(user)
end
grant(permission, groups) click to toggle source

Grants the given groups the given permission, without effecting already existing groups.

# File lib/reactor/permission.rb, line 188
def grant(permission, groups)
  identifier = identifier(permission)

  groups = [groups] if groups.kind_of?(::String)
  crul_obj.permission_grant(identifier, groups)
end
live?(user=nil) click to toggle source

Returns true if given user (or current user, if none given) has 'live' permission

# File lib/reactor/permission.rb, line 121
def live?(user=nil)
  granted?(user, :live)
end
read?(user = nil) click to toggle source

Returns true if given user (or current user, if none given) has 'read' permission

# File lib/reactor/permission.rb, line 126
def read?(user = nil)
  granted?(user, :root) || granted?(user, :read)
end
release?(user = nil) click to toggle source

Returns true if given user has permissions required to release an object (the exact permissions depend on the state of the object)

# File lib/reactor/permission.rb, line 167
def release?(user = nil)
  if !has_workflow?
    # NOTE: order matters for speed
    write?(user) || root?(user)
  else
    # this is slow
    root?(user) || (has_workflow_api? && obj.workflow.release?)
  end
end
revert?(user = nil) click to toggle source

@see write?

# File lib/reactor/permission.rb, line 156
def revert?(user = nil)
  write?(user)
end
revoke(permission, groups) click to toggle source

Takes away the given permission from the given groups, without effecting already existing groups.

# File lib/reactor/permission.rb, line 197
def revoke(permission, groups)
  identifier = identifier(permission)

  groups = [groups] if groups.kind_of?(::String)
  crul_obj.permission_revoke(identifier, groups)
end
root?(user = nil) click to toggle source

Returns true if given user (or current user, if none given) has 'root' permission

# File lib/reactor/permission.rb, line 136
def root?(user = nil)
  granted?(user, :root)
end
set(permission, groups) click to toggle source

Setter to overwrite the current groups for the given permission with the given groups.

# File lib/reactor/permission.rb, line 179
def set(permission, groups)
  identifier = identifier(permission)

  groups = [groups] if groups.kind_of?(::String)
  crul_obj.permission_set(identifier, groups)
end
take?(user = nil) click to toggle source

@see write?

# File lib/reactor/permission.rb, line 151
def take?(user = nil)
  write?(user)
end
write?(user = nil) click to toggle source

Returns true if given user (or current user, if none given) has 'write' permission

# File lib/reactor/permission.rb, line 131
def write?(user = nil)
  granted?(user, :root) || granted?(user, :write)
end

Protected Instance Methods

crul_obj() click to toggle source
# File lib/reactor/permission.rb, line 215
def crul_obj
  obj.send(:crul_obj)
end
default_user() click to toggle source
# File lib/reactor/permission.rb, line 219
def default_user
  Reactor::Session.instance.user_name || Reactor::Configuration.xml_access[:username]
end
granted?(user, permission) click to toggle source
# File lib/reactor/permission.rb, line 223
def granted?(user, permission)
  user ||= default_user
  cache.lookup(user, "#{obj.id}:#{permission}") do
    lookup.superuser?(user) || lookup.send("#{permission}?", user)
  end
rescue Reactor::Cm::MissingCredentials
  raise
rescue => e
  Rails.logger.error("Error looking up #{user}'s permission for #{permission} operation on #{obj.path} :\n#{e.message}")
  false
end
has_workflow?() click to toggle source

NOTE: this method may lie, when:

  • object received workflow and the cached state says otherwise

  • the workflow api is deactivated

# File lib/reactor/permission.rb, line 253
def has_workflow?
  cache.lookup(:any, "#{obj.path}:workflow") do
    obj.workflow_name.present?
  end
end
has_workflow_api?() click to toggle source
# File lib/reactor/permission.rb, line 259
def has_workflow_api?
  obj.class < Reactor::Workflow::Base
end
identifier(permission) click to toggle source
# File lib/reactor/permission.rb, line 246
def identifier(permission)
  self.class.permissions[permission]
end