module Card::View::Permission

View permissions support view-specific permission handling

Views can be configured in {Set::Format::AbstractFormat#view view definitions} with the ‘perms` directive, eg

# only render if user has permission to update card
view :myview, perms: :update do...

Constants

CRUD

Public Instance Methods

view_perms() click to toggle source
# File lib/card/view/permission.rb, line 13
def view_perms
  @view_perms = setting(:perms) || :read
end

Private Instance Methods

alter_unknown() click to toggle source

views for unknown cards can be configured in view definitions or render/nest options (the latter take precedence)

# File lib/card/view/permission.rb, line 36
def alter_unknown
  return if card.known?

  unknown_setting = setting :unknown
  return if unknown_setting&.to_s == "true" # requested view supports unknown

  configured_view = (unknown || unknown_setting)&.to_sym
  format.view_for_unknown configured_view
end
altered_view() click to toggle source
# File lib/card/view/permission.rb, line 19
def altered_view
  return if skip_check?

  alter_unknown || denial
end
crud?(task) click to toggle source
# File lib/card/view/permission.rb, line 52
def crud? task
  task.in? CRUD
end
denial() click to toggle source
# File lib/card/view/permission.rb, line 46
def denial
  return unless (task = denied_task)

  format.view_for_denial requested_view, task
end
denied_task() click to toggle source
# File lib/card/view/permission.rb, line 56
def denied_task
  Array.wrap(view_perms).find do |task|
    if crud? task
      !format.ok? task
    else
      !format.send task
    end
  end
end
setting(setting_name, view=nil) click to toggle source
# File lib/card/view/permission.rb, line 29
def setting setting_name, view=nil
  view ||= requested_view
  format.view_setting setting_name, view
end
skip_check?() click to toggle source
# File lib/card/view/permission.rb, line 25
def skip_check?
  normalized_options[:skip_perms] || view_perms == :none
end