Module: Hyrax::Ability

Extended by:
ActiveSupport::Concern
Defined in:
app/models/concerns/hyrax/ability.rb,
app/models/concerns/hyrax/ability/admin_set_ability.rb,
app/models/concerns/hyrax/ability/collection_ability.rb,
app/models/concerns/hyrax/ability/solr_document_ability.rb,
app/models/concerns/hyrax/ability/collection_type_ability.rb,
app/models/concerns/hyrax/ability/permission_template_ability.rb

Overview

TODO:

catalog and document the actions we authorize here. everything we allow or disable from this module should be clear to application side adopters.

Note:

This is intended as a mixin layered over Blacklight::AccessControls::Ability and Hydra::AccessControls. Its implementation may depend in part on behavioral details of either of those two mixins. As of Hyrax 3.0.0 there's an ongoing effort to clarify and document the specific dependencies.

Provides Hyrax's engine level user/group authorizations.

Authorization (allow or deny) of the following actions is managed by the rules defined here:

- read:
- show:
- edit:
- update:
- create:
- discover:
- manage:
- download:
- destroy:
- collect:
- toggle_trophy:
- transfer:
- accept:
- reject:
- manage_any:
- create_any:
- view_admin_show_any:
- review:
- create_collection_type:

Examples:

creating an application Ability

# app/models/ability.rb
class Ability
  include Hydra::Ability
  include Hyrax::Ability
end

See Also:

Defined Under Namespace

Modules: AdminSetAbility, CollectionAbility, CollectionTypeAbility, PermissionTemplateAbility, SolrDocumentAbility

Instance Method Summary collapse

Instance Method Details

#admin?Boolean

Override this method in your ability model if you use a different group or other logic to designate an administrator.

Returns:

  • (Boolean)

112
113
114
# File 'app/models/concerns/hyrax/ability.rb', line 112

def admin?
  user_groups.include? admin_group_name
end

#can_create_any_work?Boolean

Returns true if can create at least one type of work and they can deposit into at least one AdminSet

Returns:

  • (Boolean)

104
105
106
107
108
# File 'app/models/concerns/hyrax/ability.rb', line 104

def can_create_any_work?
  Hyrax.config.curation_concerns.any? do |curation_concern_type|
    can?(:create, curation_concern_type)
  end && admin_set_with_deposit?
end

#download_groups(id) ⇒ Object

Samvera doesn't use download user/groups, so make it an alias to read Grant all groups with read or edit access permission to download


85
86
87
88
89
90
91
# File 'app/models/concerns/hyrax/ability.rb', line 85

def download_groups(id)
  doc = permissions_doc(id)
  return [] if doc.nil?
  groups = Array(doc[self.class.read_group_field]) + Array(doc[self.class.edit_group_field])
  Rails.logger.debug("[CANCAN] download_groups: #{groups.inspect}")
  groups
end

#download_users(id) ⇒ Object

Grant all users with read or edit access permission to download


94
95
96
97
98
99
100
# File 'app/models/concerns/hyrax/ability.rb', line 94

def download_users(id)
  doc = permissions_doc(id)
  return [] if doc.nil?
  users = Array(doc[self.class.read_user_field]) + Array(doc[self.class.edit_user_field])
  Rails.logger.debug("[CANCAN] download_users: #{users.inspect}")
  users
end