module MnoEnterprise::Concerns::Models::Ability

Public Class Methods

new(user, session) click to toggle source
Instance methods
# File lib/mno_enterprise/concerns/models/ability.rb, line 22
def initialize(user, session)
  user ||= MnoEnterprise::User.new

  #===================================================
  # Organization
  #===================================================
  can :create, MnoEnterprise::Organization

  can :read, MnoEnterprise::Organization do |organization|
    !!user.role(organization)
  end

  can [:update, :destroy, :manage_billing], MnoEnterprise::Organization do |organization|
    user.role(organization) == 'Super Admin'
  end

  can [:upload,
       :purchase,
       :invite_member,
       :administrate,
       :manage_app_instances,
       :manage_teams], MnoEnterprise::Organization do |organization|
    ['Super Admin','Admin'].include? user.role(organization)
  end

  # To be updated
  can :sync_apps, MnoEnterprise::Organization do |organization|
    user.role(organization)
  end

  # To be updated
  can :check_apps_sync, MnoEnterprise::Organization do |organization|
    user.role(organization)
  end

  #===================================================
  # AppInstance
  #===================================================
  can :access, MnoEnterprise::AppInstance do |app_instance|
    !!user.role(app_instance.owner) && (
    ['Super Admin','Admin'].include?(user.role(app_instance.owner)) ||
        user.teams.empty? ||
        user.teams.map(&:app_instances).compact.flatten.map(&:id).include?(app_instance.id)
    )
  end

  #===================================================
  # Impac
  #===================================================
  orgs_with_acl = user.organizations.active.include_acl(session[:impersonator_user_id]).to_a
  impac_abilities(orgs_with_acl)

  #===================================================
  # Admin abilities
  #===================================================
  admin_abilities(user)

  # Define abilities for the passed in user here. For example:
  #
  #   user ||= User.new # guest user (not logged in)
  #   if user.admin?
  #     can :manage, :all
  #   else
  #     can :read, :all
  #   end
  #
  # The first argument to `can` is the action you are giving the user
  # permission to do.
  # If you pass :manage it will apply to every action. Other common actions
  # here are :read, :create, :update and :destroy.
  #
  # The second argument is the resource the user can perform the action on.
  # If you pass :all it will apply to every resource. Otherwise pass a Ruby
  # class of the resource.
  #
  # The third argument is an optional hash of conditions to further filter the
  # objects.
  # For example, here the user can only update published articles.
  #
  #   can :update, Article, :published => true
  #
  # See the wiki for details:
  # https://github.com/CanCanCommunity/cancancan/wiki/Defining-Abilities
end

Public Instance Methods

admin_abilities(user) click to toggle source

Abilities for admin user

# File lib/mno_enterprise/concerns/models/ability.rb, line 174
def admin_abilities(user)
  if user.admin_role.to_s.casecmp('admin').zero? || user.admin_role.to_s.casecmp('staff').zero?
    can :manage_app_instances, MnoEnterprise::Organization
    can :manage_sub_tenant, MnoEnterprise::SubTenant
  end
end
impac_abilities(orgs_with_acl) click to toggle source

Enables / disables Impac! Angular capabilities

# File lib/mno_enterprise/concerns/models/ability.rb, line 108
def impac_abilities(orgs_with_acl)
  can :create_impac_dashboards, MnoEnterprise::Impac::Dashboard do |d|
    orgs = d.organizations(orgs_with_acl)
    orgs.present? && orgs.all? do |org|
      org.acl[:related] && org.acl[:related][:dashboards] && org.acl[:related][:dashboards][:create]
    end
  end

  can :update_impac_dashboards, MnoEnterprise::Impac::Dashboard do |d|
    orgs = d.organizations(orgs_with_acl)
    orgs.present? && orgs.all? do |org|
      org.acl[:related] && org.acl[:related][:dashboards] && org.acl[:related][:dashboards][:update]
    end
  end

  can :destroy_impac_dashboards, MnoEnterprise::Impac::Dashboard do |d|
    orgs = d.organizations(orgs_with_acl)
    orgs.present? && orgs.all? do |org|
      org.acl[:related] && org.acl[:related][:dashboards] && org.acl[:related][:dashboards][:destroy]
    end
  end

  can :create_impac_widgets, MnoEnterprise::Impac::Widget do |w|
    orgs = w.organizations(orgs_with_acl)
    orgs.present? && orgs.all? do |org|
      org.acl[:related] && org.acl[:related][:widgets] && org.acl[:related][:widgets][:create]
    end
  end

  can :update_impac_widgets, MnoEnterprise::Impac::Widget do |w|
    orgs = w.organizations(orgs_with_acl)
    orgs.present? && orgs.all? do |org|
      org.acl[:related] && org.acl[:related][:widgets] && org.acl[:related][:widgets][:update]
    end
  end

  can :destroy_impac_widgets, MnoEnterprise::Impac::Widget do |w|
    orgs = w.organizations(orgs_with_acl)
    orgs.present? && orgs.all? do |org|
      org.acl[:related] && org.acl[:related][:widgets] && org.acl[:related][:widgets][:destroy]
    end
  end

  can :create_impac_kpis, MnoEnterprise::Impac::Kpi do |k|
    orgs = k.organizations(orgs_with_acl)
    orgs.present? && orgs.all? do |org|
      org.acl[:related] && org.acl[:related][:kpis] && org.acl[:related][:kpis][:create]
    end
  end

  can :update_impac_kpis, MnoEnterprise::Impac::Kpi do |k|
    orgs = k.organizations(orgs_with_acl)
    orgs.present? && orgs.all? do |org|
      org.acl[:related] && org.acl[:related][:kpis] && org.acl[:related][:kpis][:update]
    end
  end

  can :destroy_impac_kpis, MnoEnterprise::Impac::Kpi do |k|
    orgs = k.organizations(orgs_with_acl)
    orgs.present? && orgs.all? do |org|
      org.acl[:related] && org.acl[:related][:kpis] && org.acl[:related][:kpis][:destroy]
    end
  end
end