module Hydra::Ability
Public Class Methods
new(user, options = {})
click to toggle source
# File lib/hydra/ability.rb, line 23 def initialize(user, options = {}) @current_user = user || Hydra::Ability.user_class.new # guest user (not logged in) @user = @current_user # just in case someone was using this in an override. Just don't. @options = options @cache = Blacklight::AccessControls::PermissionsCache.new hydra_default_permissions() end
user_class()
click to toggle source
# File lib/hydra/ability.rb, line 19 def self.user_class Hydra.config[:user_model] ? Hydra.config[:user_model].constantize : ::User end
Public Instance Methods
create_permissions()
click to toggle source
# File lib/hydra/ability.rb, line 35 def create_permissions # no op -- this is automatically run as part of self.ability_logic. Override in your own Ability class to set default create permissions. end
custom_permissions()
click to toggle source
Override custom permissions in your own app to add more permissions beyond what is defined by default.
# File lib/hydra/ability.rb, line 81 def custom_permissions end
discover_permissions()
click to toggle source
Calls superclass method
# File lib/hydra/ability.rb, line 63 def discover_permissions super can :discover, ActiveFedora::Base do |obj| test_discover(obj.id) end end
download_permissions()
click to toggle source
Download permissions are exercised in Hydra::Controller::DownloadBehavior
# File lib/hydra/ability.rb, line 72 def download_permissions can :download, ActiveFedora::File do |file| parent_uri = file.uri.to_s.sub(/\/[^\/]*$/, '') parent_id = ActiveFedora::Base.uri_to_id(parent_uri) can? :read, parent_id # i.e, can download if can read parent resource end end
edit_permissions()
click to toggle source
# File lib/hydra/ability.rb, line 39 def edit_permissions # Loading an object from Fedora can be slow, so assume that if a string is passed, it's an object id can [:edit, :update, :destroy], String do |id| test_edit(id) end can [:edit, :update, :destroy], ActiveFedora::Base do |obj| test_edit(obj.id) end can [:edit, :update, :destroy], SolrDocument do |obj| cache.put(obj.id, obj) test_edit(obj.id) end end
hydra_default_permissions()
click to toggle source
# File lib/hydra/ability.rb, line 31 def hydra_default_permissions grant_permissions end
read_permissions()
click to toggle source
Calls superclass method
# File lib/hydra/ability.rb, line 55 def read_permissions super can :read, ActiveFedora::Base do |obj| test_read(obj.id) end end
Protected Instance Methods
edit_groups(id)
click to toggle source
# File lib/hydra/ability.rb, line 94 def edit_groups(id) doc = permissions_doc(id) return [] if doc.nil? eg = doc[self.class.edit_group_field] || [] Rails.logger.debug("[CANCAN] edit_groups: #{eg.inspect}") return eg end
edit_users(id)
click to toggle source
# File lib/hydra/ability.rb, line 110 def edit_users(id) doc = permissions_doc(id) return [] if doc.nil? ep = doc[self.class.edit_user_field] || [] Rails.logger.debug("[CANCAN] edit_users: #{ep.inspect}") return ep end
read_groups(id)
click to toggle source
edit implies read, so read_groups
is the union of edit and read groups
Calls superclass method
# File lib/hydra/ability.rb, line 103 def read_groups(id) rg = super rg |= edit_groups(id) Rails.logger.debug("[CANCAN] read_groups: #{rg.inspect}") rg end
read_users(id)
click to toggle source
edit implies read, so read_users
is the union of edit and read users
Calls superclass method
# File lib/hydra/ability.rb, line 119 def read_users(id) rp = super rp |= edit_users(id) Rails.logger.debug("[CANCAN] read_users: #{rp.inspect}") rp end
test_edit(id)
click to toggle source
# File lib/hydra/ability.rb, line 86 def test_edit(id) Rails.logger.debug("[CANCAN] Checking edit permissions for user: #{current_user.user_key} with groups: #{user_groups.inspect}") group_intersection = user_groups & edit_groups(id) result = !group_intersection.empty? || edit_users(id).include?(current_user.user_key) Rails.logger.debug("[CANCAN] decision: #{result}") result end