Module: Card::Format::Permission

Included in:
Card::Format
Defined in:
lib/card/format/permission.rb

Instance Method Summary collapse

Instance Method Details

#check_view(view, skip_perms) ⇒ Object



18
19
20
21
22
23
24
25
# File 'lib/card/format/permission.rb', line 18

def check_view view, skip_perms
  case
  when skip_perms                       then view
  when view_always_permitted?(view)     then view
  when unknown_disqualifies_view?(view) then view_for_unknown view
  else permitted_view view  # run explicit permission checks
  end
end

#deny_view(view) ⇒ Object



51
52
53
54
# File 'lib/card/format/permission.rb', line 51

def deny_view view
  root.error_status = 403 if focal? && voo.root?
  Card::Format.denial[view] || :denial
end

#handle_view_denial(view, approved_view) ⇒ Object



12
13
14
15
16
# File 'lib/card/format/permission.rb', line 12

def handle_view_denial view, approved_view
  return if approved_view == view

  @denied_view = view
end

#ok?(task) ⇒ Boolean

Returns:

  • (Boolean)


71
72
73
74
75
76
# File 'lib/card/format/permission.rb', line 71

def ok? task
  task = :create if task == :update && card.new_card?
  @ok ||= {}
  @ok[task] = card.ok? task if @ok[task].nil?
  @ok[task]
end

#ok_view(view, skip_perms = false) ⇒ Object



4
5
6
7
8
9
10
# File 'lib/card/format/permission.rb', line 4

def ok_view view, skip_perms=false
  raise Card::Error::UserError, tr(:too_deep) if subformats_nested_too_deeply?

  approved_view = check_view view, skip_perms
  handle_view_denial view, approved_view
  approved_view
end

#permitted_view(view) ⇒ Object



43
44
45
46
47
48
49
# File 'lib/card/format/permission.rb', line 43

def permitted_view view
  if (@denied_task = task_denied_for_view view)
    deny_view view
  else
    view
  end
end

#subformats_nested_too_deeply?Boolean

Returns:

  • (Boolean)


34
35
36
37
# File 'lib/card/format/permission.rb', line 34

def subformats_nested_too_deeply?
  # prevent recursion
  depth >= Card.config.max_depth
end

#task_denied_for_view(view) ⇒ Object



56
57
58
59
60
61
62
63
# File 'lib/card/format/permission.rb', line 56

def task_denied_for_view view
  perms_required = Card::Format.perms[view] || :read
  if perms_required.is_a? Proc
    :read unless perms_required.call(self)  # read isn't quite right
  else
    [perms_required].flatten.find { |task| !ok? task }
  end
end

#unknown_disqualifies_view?(view) ⇒ Boolean

Returns:

  • (Boolean)


27
28
29
30
31
32
# File 'lib/card/format/permission.rb', line 27

def unknown_disqualifies_view? view
  # view can't handle unknown cards (and card is unknown)
  return false if tagged view, :unknown_ok

  card.unknown?
end

#view_always_permitted?(view) ⇒ Boolean

Returns:

  • (Boolean)


39
40
41
# File 'lib/card/format/permission.rb', line 39

def view_always_permitted? view
  Card::Format.perms[view] == :none
end

#view_for_unknown(_view) ⇒ Object



65
66
67
68
69
# File 'lib/card/format/permission.rb', line 65

def view_for_unknown _view
  # note: overridden in HTML
  root.error_status = 404 if focal?
  focal? ? :not_found : :missing
end