Module: Joinable::ActsAsJoinableComponent::ClassMethods

Includes:

Joinable::ActsAsPermissable::ClassMethods

Defined in:

lib/joinable/acts_as_joinable_component.rb

Class Method Summary

• .extended(base) ⇒ Object

Instance Method Summary

• #with_permission_sql(user, permission, options = {}) ⇒ Object

  Returns the SQL necessary to find all components for which there is no associated joinable or the user has a membership with a specific permission.

Methods included from Joinable::ActsAsPermissable::ClassMethods

#find_with_privacy, #permission_sql_condition

Class Method Details

.extended(base) ⇒ Object

# File 'lib/joinable/acts_as_joinable_component.rb', line 46

def self.extended(base)        
  base.has_one :permission_link, :as => :component, :dependent => :destroy
  base.after_create :find_joinable_and_create_permission_link

  base.class_eval do
    scope :with_permission, lambda { |user, permission| select("#{table_name}.*").where(with_permission_sql(user, permission)) }
  end
end

Instance Method Details

#with_permission_sql(user, permission, options = {}) ⇒ Object

Returns the SQL necessary to find all components for which there is no associated joinable or the user has a membership with a specific permission.

Permissions which require special handling:

• view_* - This is a class of permissions that start with the word ‘view’. When determining if a user can view any aspect of a joinable, we also check

  if the project is open.
  

• join_and_* - This is a class of permissions that start with the words ‘join_and_’. When determining if a user will have a certain permission

  after they join a project, we need to check the default_permission_set of the project.
  

# File 'lib/joinable/acts_as_joinable_component.rb', line 65

def with_permission_sql(user, permission, options = {})
  permission = permission.to_s
  
  case user
  when String
    user_id = user
  else
    user_id = user.id
  end
    
  component_type = options[:type_column] || name
  component_id = options[:id_column] || table_name + ".id"

  permission_without_join_and_prefix = permission.gsub('join_and_', '')
  comparison_permission = permission_without_join_and_prefix == 'view' ? "permission_links.component_view_permission" : "'#{permission_without_join_and_prefix}'"

  if permission.starts_with?('view')
    "#{no_inherited_permissions_exist_sql(component_type, component_id)} OR #{membership_permission_exists_sql(user_id, component_type, component_id, comparison_permission)} OR #{default_permission_set_permission_exists_sql(component_type, component_id, comparison_permission)}"
  elsif permission.starts_with?('join_and_')
    default_permission_set_permission_exists_sql(component_type, component_id, comparison_permission)
  else
    "#{no_inherited_permissions_exist_sql(component_type, component_id)} OR #{membership_permission_exists_sql(user_id, component_type, component_id, comparison_permission)}"
  end
end