16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
# File 'lib/authorize/active_record.rb', line 16
def authorizable_resource
include Authorize::Resource
has_many :permissions, :class_name => "Authorize::Permission", :as => :resource, :dependent => :delete_all
has_many :roles, :class_name => "Authorize::Role", :as => :resource
reflection = reflections[:permissions]
auth_fk = "#{reflection.quoted_table_name}.#{connection.quote_column_name(reflection.primary_key_name)}"
resource_pk = "#{connection.quote_table_name(table_name)}.#{connection.quote_column_name(primary_key)}"
named_scope :permitted, lambda {|*args|
roles = args.shift
options = {:modes => []}.merge(args.last.kind_of?(Hash) ? args.pop : {})
modes = args + options[:modes]
modes << options[:mode] if options[:mode]
scope = Permission.as(roles)
scope = scope.to_do(Authorize::Permission::Mask[*modes]) unless modes.empty?
sq0 = scope.construct_finder_sql({:select => 1, :conditions => {:resource_id => nil, :resource_type => nil}})
sq1 = scope.construct_finder_sql({:select => 1, :conditions => {:resource_type => base_class.name, :resource_id => nil}})
sq2 = scope.scoped(:conditions => "#{auth_fk} = #{resource_pk}").construct_finder_sql({:select => 1, :conditions => {:resource_type => base_class.name}})
{:conditions => "EXISTS (#{sq0} UNION #{sq1} UNION #{sq2})"}
}
end
|