Module: MongoMapper::Plugins::Authorized::InstanceMethods

Defined in:

lib/rad/mongo_mapper/acts_as/authorized.rb

Defined Under Namespace

Classes: HandyRoles

Instance Method Summary

• #add_role(role) ⇒ Object
• #anonymous? ⇒ Boolean

  Roles.

• #can?(operation, object = nil) ⇒ Boolean

  can?.

• #can_view?(object) ⇒ Boolean
• #effective_space_permissions ⇒ Object

  Effective Permissions.

• #effective_space_permissions_as_owner ⇒ Object
• #has_role?(role) ⇒ Boolean
• #major_roles ⇒ Object
• #owner?(object) ⇒ Boolean
• #owner_name ⇒ Object

  Owner.

• #registered? ⇒ Boolean
• #remove_role(role) ⇒ Object
• #roles ⇒ Object

Instance Method Details

#add_role(role) ⇒ Object

# File 'lib/rad/mongo_mapper/acts_as/authorized.rb', line 44

def add_role role
  role = role.to_s
  Rad.multitenant_mode?.must_be.true
  
  if role == 'admin'
    account_id = Account.current.id
    admin_of_accounts << account_id unless admin_of_accounts.include? account_id
  else              
    roles = Role.denormalize_to_lower_roles [role]
    self.space_roles = space_roles + [role] unless space_roles.include?(role)
  end          
  clear_cache
  roles
end

#anonymous? ⇒ Boolean

Roles

Returns:

• (Boolean)

# File 'lib/rad/mongo_mapper/acts_as/authorized.rb', line 36

def anonymous?
  name == 'anonymous'
end

#can?(operation, object = nil) ⇒ Boolean

can?

Returns:

• (Boolean)

# File 'lib/rad/mongo_mapper/acts_as/authorized.rb', line 117

def can? operation, object = nil
  operation = operation.to_s
  
  return true if has_role?(:admin)
  
  custom_method = "able_#{operation}?"          
  return object.send custom_method, self if object.respond_to? custom_method
  
  effective_space_permissions[operation] or (
    owner?(object) and effective_space_permissions_as_owner[operation]
  )
end

#can_view?(object) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/rad/mongo_mapper/acts_as/authorized.rb', line 130

def can_view? object
  can? :view, object
end

#effective_space_permissions ⇒ Object

Effective Permissions

# File 'lib/rad/mongo_mapper/acts_as/authorized.rb', line 138

def effective_space_permissions
  unless effective_space_permissions = cache[:effective_space_permissions]          
    effective_space_permissions = calculate_effective_roles_for roles
    cache[:effective_space_permissions] = effective_space_permissions
  end
  effective_space_permissions
end

#effective_space_permissions_as_owner ⇒ Object

# File 'lib/rad/mongo_mapper/acts_as/authorized.rb', line 146

def effective_space_permissions_as_owner
  unless effective_space_permissions_as_owner = cache[:effective_space_permissions_as_owner]          
    effective_space_permissions_as_owner = calculate_effective_roles_for ['owner']
    cache[:effective_space_permissions_as_owner] = effective_space_permissions_as_owner
  end
  effective_space_permissions_as_owner
end

#has_role?(role) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/rad/mongo_mapper/acts_as/authorized.rb', line 109

def has_role? role
  roles.include? role
end

#major_roles ⇒ Object

# File 'lib/rad/mongo_mapper/acts_as/authorized.rb', line 105

def major_roles
  cache[:major_roles] ||= Role.major_roles roles
end

#owner?(object) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/rad/mongo_mapper/acts_as/authorized.rb', line 28

def owner? object
  # object.should! :respond_to?, :owner_name
  !object.blank? and !name.blank? and object.respond_to(:owner_name) == self.name
end

#owner_name ⇒ Object

Owner

# File 'lib/rad/mongo_mapper/acts_as/authorized.rb', line 26

def owner_name; anonymous? ? nil : name end

#registered? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/rad/mongo_mapper/acts_as/authorized.rb', line 40

def registered?
  !anonymous?
end

#remove_role(role) ⇒ Object

# File 'lib/rad/mongo_mapper/acts_as/authorized.rb', line 59

def remove_role role
  role = role.to_s
  Rad.multitenant_mode?.must_be.true
            
  if role == 'admin'
    admin_of_accounts.delete Account.current.id
  else          
    roles = Role.denormalize_to_higher_roles [role]
    self.space_roles = space_roles - roles
  end
  clear_cache
  roles
end

#roles ⇒ Object

# File 'lib/rad/mongo_mapper/acts_as/authorized.rb', line 73

def roles        
  unless roles = cache[:roles]
    if Rad.multitenant_mode?
      roles = space_roles.clone
      roles << 'admin' if admin_of_accounts.include? Account.current.id
    else
      roles = []
    end
  
    roles << 'user'
  
    if anonymous?
      roles << 'anonymous'
    else
      roles << 'registered'
    end

    roles << "user:#{name}" unless name.blank?
  
    roles << 'admin' if global_admin and !roles.include?('admin')
    
    roles << 'manager' if roles.include?('admin') and !roles.include?('manager')
    
    roles = Role.denormalize_to_lower_roles(roles)
    
    roles = HandyRoles.new roles
              
    cache[:roles] = roles
  end
  roles
end