Module: Hyrax::Ability

Extended by:
ActiveSupport::Concern
Defined in:
app/models/concerns/hyrax/ability.rb,
app/models/concerns/hyrax/ability/admin_set_ability.rb,
app/models/concerns/hyrax/ability/collection_ability.rb,
app/models/concerns/hyrax/ability/solr_document_ability.rb,
app/models/concerns/hyrax/ability/collection_type_ability.rb,
app/models/concerns/hyrax/ability/permission_template_ability.rb

Overview

TODO:

catalog and document the actions we authorize here. everything we allow or disable from this module should be clear to application side adopters.

Note:

This is intended as a mixin layered over Blacklight::AccessControls::Ability and Hydra::AccessControls. Its implementation may depend in part on behavioral details of either of those two mixins. As of Hyrax 3.0.0 there's an ongoing effort to clarify and document the specific dependencies.

Provides Hyrax's engine level user/group permissions.

Examples:

creating an application Ability

# app/models/ability.rb
class Ability
  include Hydra::Ability
  include Hyrax::Ability
end

See Also:

Defined Under Namespace

Modules: AdminSetAbility, CollectionAbility, CollectionTypeAbility, PermissionTemplateAbility, SolrDocumentAbility

Instance Method Summary collapse

Instance Method Details

#admin?Boolean

Override this method in your ability model if you use a different group or other logic to designate an administrator.

Returns:

  • (Boolean)

89
90
91
# File 'app/models/concerns/hyrax/ability.rb', line 89

def admin?
  user_groups.include? admin_group_name
end

#can_create_any_work?Boolean

Returns true if can create at least one type of work and they can deposit into at least one AdminSet

Returns:

  • (Boolean)

81
82
83
84
85
# File 'app/models/concerns/hyrax/ability.rb', line 81

def can_create_any_work?
  Hyrax.config.curation_concerns.any? do |curation_concern_type|
    can?(:create, curation_concern_type)
  end && admin_set_with_deposit?
end

#download_groups(id) ⇒ Object

Samvera doesn't use download user/groups, so make it an alias to read Grant all groups with read or edit access permission to download


62
63
64
65
66
67
68
# File 'app/models/concerns/hyrax/ability.rb', line 62

def download_groups(id)
  doc = permissions_doc(id)
  return [] if doc.nil?
  groups = Array(doc[self.class.read_group_field]) + Array(doc[self.class.edit_group_field])
  Rails.logger.debug("[CANCAN] download_groups: #{groups.inspect}")
  groups
end

#download_users(id) ⇒ Object

Grant all users with read or edit access permission to download


71
72
73
74
75
76
77
# File 'app/models/concerns/hyrax/ability.rb', line 71

def download_users(id)
  doc = permissions_doc(id)
  return [] if doc.nil?
  users = Array(doc[self.class.read_user_field]) + Array(doc[self.class.edit_user_field])
  Rails.logger.debug("[CANCAN] download_users: #{users.inspect}")
  users
end