class Reactor::Permission::PermissionProxy
This class acts as a proxy to underlying permission checking classes. There are three possible cases for each permission type (live, read, write, root, create_children):
-
Given user is SuperUser - all permissions granted
-
Given user has the permission
-
Given user doesn't have the permission
Attributes
Protected Class Methods
A table with all available permissions and their identifier.
# File lib/reactor/permission.rb, line 236 def self.permissions @permissions ||= { :read => 'permissionRead', :root => 'permissionRoot', :live => 'permissionLiveServerRead', :write => 'permissionWrite', :create_children => 'permissionCreateChildren', } end
Public Instance Methods
Takes away the given permission
from all groups currently set.
# File lib/reactor/permission.rb, line 205 def clear(permission) identifier = identifier(permission) crul_obj.permission_clear(identifier) end
Returns true if given user (or current user, if none given) has 'create_children' permission
# File lib/reactor/permission.rb, line 141 def create_children?(user = nil) granted?(user, :root) || granted?(user, :create_children) end
@see root?
# File lib/reactor/permission.rb, line 146 def delete?(user = nil) root?(user) end
@see write?
# File lib/reactor/permission.rb, line 161 def edit?(user = nil) write?(user) end
Grants the given groups
the given permission
, without effecting already existing groups.
# File lib/reactor/permission.rb, line 188 def grant(permission, groups) identifier = identifier(permission) groups = [groups] if groups.kind_of?(::String) crul_obj.permission_grant(identifier, groups) end
Returns true if given user (or current user, if none given) has 'live' permission
# File lib/reactor/permission.rb, line 121 def live?(user=nil) granted?(user, :live) end
Returns true if given user (or current user, if none given) has 'read' permission
# File lib/reactor/permission.rb, line 126 def read?(user = nil) granted?(user, :root) || granted?(user, :read) end
Returns true if given user has permissions required to release an object (the exact permissions depend on the state of the object)
# File lib/reactor/permission.rb, line 167 def release?(user = nil) if !has_workflow? # NOTE: order matters for speed write?(user) || root?(user) else # this is slow root?(user) || (has_workflow_api? && obj.workflow.release?) end end
@see write?
# File lib/reactor/permission.rb, line 156 def revert?(user = nil) write?(user) end
Takes away the given permission
from the given groups
, without effecting already existing groups.
# File lib/reactor/permission.rb, line 197 def revoke(permission, groups) identifier = identifier(permission) groups = [groups] if groups.kind_of?(::String) crul_obj.permission_revoke(identifier, groups) end
Returns true if given user (or current user, if none given) has 'root' permission
# File lib/reactor/permission.rb, line 136 def root?(user = nil) granted?(user, :root) end
Setter to overwrite the current groups for the given permission
with the given groups
.
# File lib/reactor/permission.rb, line 179 def set(permission, groups) identifier = identifier(permission) groups = [groups] if groups.kind_of?(::String) crul_obj.permission_set(identifier, groups) end
@see write?
# File lib/reactor/permission.rb, line 151 def take?(user = nil) write?(user) end
Returns true if given user (or current user, if none given) has 'write' permission
# File lib/reactor/permission.rb, line 131 def write?(user = nil) granted?(user, :root) || granted?(user, :write) end
Protected Instance Methods
# File lib/reactor/permission.rb, line 215 def crul_obj obj.send(:crul_obj) end
# File lib/reactor/permission.rb, line 219 def default_user Reactor::Session.instance.user_name || Reactor::Configuration.xml_access[:username] end
# File lib/reactor/permission.rb, line 223 def granted?(user, permission) user ||= default_user cache.lookup(user, "#{obj.id}:#{permission}") do lookup.superuser?(user) || lookup.send("#{permission}?", user) end rescue Reactor::Cm::MissingCredentials raise rescue => e Rails.logger.error("Error looking up #{user}'s permission for #{permission} operation on #{obj.path} :\n#{e.message}") false end
NOTE: this method may lie, when:
-
object received workflow and the cached state says otherwise
-
the workflow api is deactivated
# File lib/reactor/permission.rb, line 253 def has_workflow? cache.lookup(:any, "#{obj.path}:workflow") do obj.workflow_name.present? end end
# File lib/reactor/permission.rb, line 259 def has_workflow_api? obj.class < Reactor::Workflow::Base end
# File lib/reactor/permission.rb, line 246 def identifier(permission) self.class.permissions[permission] end