Class: Hyrax::CollectionTypes::PermissionsService

Inherits:
Object
  • Object
show all
Defined in:
app/services/hyrax/collection_types/permissions_service.rb

Class Method Summary collapse

Class Method Details

.can_create_admin_set_collection_type?(user: nil, ability: nil) ⇒ Boolean

Note:

Several checks get the user's groups from the user's ability. The same values can be retrieved directly from a passed in ability. If calling from Abilities, pass the ability. If you try to get the ability from the user, you end up in an infinit loop.

Is the user a creator for admin sets collection types?

Parameters:

  • user (User) (defaults to: nil)

    user (required if ability is nil)

  • ability (Ability) (defaults to: nil)

    the ability coming from cancan ability check (default: nil) (required if user is nil)

Returns:

  • (Boolean)

    true if the user has permission to create collections of type admin_set


76
77
78
79
80
81
82
83
84
85
86
87
88
89
# File 'app/services/hyrax/collection_types/permissions_service.rb', line 76

def self.can_create_admin_set_collection_type?(user: nil, ability: nil)
  return false unless user.present? || ability.present?
  return true if user_admin?(user, ability)
  # both manage and create access can create collections of a type, so no need to include access in the query
  return true if Hyrax::CollectionTypeParticipant.joins(:hyrax_collection_type)
                                                 .where(agent_type: Hyrax::CollectionTypeParticipant::USER_TYPE,
                                                        agent_id: user_id(user, ability),
                                                        hyrax_collection_types: { machine_id: Hyrax::CollectionType::ADMIN_SET_MACHINE_ID }).present?
  return true if Hyrax::CollectionTypeParticipant.joins(:hyrax_collection_type)
                                                 .where(agent_type: Hyrax::CollectionTypeParticipant::GROUP_TYPE,
                                                        agent_id: user_groups(user, ability),
                                                        hyrax_collection_types: { machine_id: Hyrax::CollectionType::ADMIN_SET_MACHINE_ID }).present?
  false
end

.can_create_any_collection_type?(user: nil, ability: nil) ⇒ Boolean

Note:

Several checks get the user's groups from the user's ability. The same values can be retrieved directly from a passed in ability. If calling from Abilities, pass the ability. If you try to get the ability from the user, you end up in an infinit loop.

Is the user a creator for any collection types?

Parameters:

  • user (User) (defaults to: nil)

    user (required if ability is nil)

  • ability (Ability) (defaults to: nil)

    the ability coming from cancan ability check (default: nil) (required if user is nil)

Returns:

  • (Boolean)

    true if the user has permission to create collections of at least one collection type


56
57
58
59
60
61
62
63
64
65
# File 'app/services/hyrax/collection_types/permissions_service.rb', line 56

def self.can_create_any_collection_type?(user: nil, ability: nil)
  return false unless user.present? || ability.present?
  return true if user_admin?(user, ability)
  # both manage and create access can create collections of a type, so no need to include access in the query
  return true if Hyrax::CollectionTypeParticipant.where(agent_type: Hyrax::CollectionTypeParticipant::USER_TYPE,
                                                        agent_id: user_id(user, ability)).any?
  return true if Hyrax::CollectionTypeParticipant.where(agent_type: Hyrax::CollectionTypeParticipant::GROUP_TYPE,
                                                        agent_id: user_groups(user, ability)).any?
  false
end

.can_create_collection_of_type?(collection_type:, user: nil, ability: nil) ⇒ Boolean

Note:

Several checks get the user's groups from the user's ability. The same values can be retrieved directly from a passed in ability. If calling from Abilities, pass the ability. If you try to get the ability from the user, you end up in an infinit loop.

Get a list of collection types that a user can create

Parameters:

  • collection_type (Hyrax::CollectionType)

    the type of the collection being created

  • user (User) (defaults to: nil)

    user (required if ability is nil)

  • ability (Ability) (defaults to: nil)

    the ability coming from cancan ability check (default: nil) (required if user is nil)

Returns:

  • (Boolean)

    true if the user has permission to create collections of specified type


114
115
116
117
# File 'app/services/hyrax/collection_types/permissions_service.rb', line 114

def self.can_create_collection_of_type?(collection_type:, user: nil, ability: nil)
  manage_access_for_collection_type?(user: user, ability: ability, collection_type: collection_type) ||
    create_access_for_collection_type?(user: user, ability: ability, collection_type: collection_type)
end

.can_create_collection_types(user: nil, ability: nil) ⇒ Array<Hyrax::CollectionType>

Note:

Several checks get the user's groups from the user's ability. The same values can be retrieved directly from a passed in ability. If calling from Abilities, pass the ability. If you try to get the ability from the user, you end up in an infinit loop.

Get a list of collection types that a user can create

Parameters:

  • user (User) (defaults to: nil)

    user (required if ability is nil)

  • ability (Ability) (defaults to: nil)

    the ability coming from cancan ability check (default: nil) (required if user is nil)

Returns:


100
101
102
# File 'app/services/hyrax/collection_types/permissions_service.rb', line 100

def self.can_create_collection_types(user: nil, ability: nil)
  collection_types_for_user(user: user, ability: ability, roles: [Hyrax::CollectionTypeParticipant::MANAGE_ACCESS, Hyrax::CollectionTypeParticipant::CREATE_ACCESS])
end

.collection_type_ids_for_user(roles:, user: nil, ability: nil) ⇒ Array<String>

Note:

Several checks get the user's groups from the user's ability. The same values can be retrieved directly from a passed in ability. If calling from Abilities, pass the ability. If you try to get the ability from the user, you end up in an infinit loop.

Ids of collection types that a user can create or manage

Parameters:

  • roles (String)

    type of access, Hyrax::CollectionTypeParticipant::MANAGE_ACCESS and/or Hyrax::CollectionTypeParticipant::CREATE_ACCESS

  • user (User) (defaults to: nil)

    user (required if ability is nil)

  • ability (Ability) (defaults to: nil)

    the ability coming from cancan ability check (default: nil) (required if user is nil)

Returns:

  • (Array<String>)

    ids for collection types for which a user has the specified role


15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
# File 'app/services/hyrax/collection_types/permissions_service.rb', line 15

def self.collection_type_ids_for_user(roles:, user: nil, ability: nil)
  return false unless user.present? || ability.present?
  return Hyrax::CollectionType.all.select(:id).distinct.pluck(:id) if user_admin?(user, ability)
  Hyrax::CollectionTypeParticipant.where(agent_type: Hyrax::CollectionTypeParticipant::USER_TYPE,
                                         agent_id: user_id(user, ability),
                                         access: roles)
                                  .or(
                                    Hyrax::CollectionTypeParticipant.where(agent_type: Hyrax::CollectionTypeParticipant::GROUP_TYPE,
                                                                           agent_id: user_groups(user, ability),
                                                                           access: roles)
                                  )
                                  .select(:hyrax_collection_type_id)
                                  .distinct
                                  .pluck(:hyrax_collection_type_id)
end

.collection_types_for_user(roles:, user: nil, ability: nil) ⇒ Array<Hyrax::CollectionType>

Note:

Several checks get the user's groups from the user's ability. The same values can be retrieved directly from a passed in ability. If calling from Abilities, pass the ability. If you try to get the ability from the user, you end up in an infinit loop.

Instances of collection types that a user can create or manage

Parameters:

  • roles (String)

    type of access, Hyrax::CollectionTypeParticipant::MANAGE_ACCESS and/or Hyrax::CollectionTypeParticipant::CREATE_ACCESS

  • user (User) (defaults to: nil)

    user (required if ability is nil)

  • ability (Ability) (defaults to: nil)

    the ability coming from cancan ability check (default: nil) (required if user is nil)

Returns:

  • (Array<Hyrax::CollectionType>)

    instances of collection types for which a user has the specified role


41
42
43
44
45
# File 'app/services/hyrax/collection_types/permissions_service.rb', line 41

def self.collection_types_for_user(roles:, user: nil, ability: nil)
  return false unless user.present? || ability.present?
  return Hyrax::CollectionType.all if user_admin?(user, ability)
  Hyrax::CollectionType.where(id: collection_type_ids_for_user(user: user, roles: roles, ability: ability))
end

.group_edit_grants_for_collection_of_type(collection_type: nil) ⇒ Array<String>

Note:

Several checks get the user's groups from the user's ability. The same values can be retrieved directly from a passed in ability. If calling from Abilities, pass the ability. If you try to get the ability from the user, you end up in an infinit loop.

Get a list of group that should be added as group editors for a new collection of the specified collection type

Parameters:

  • collection_type (Hyrax::CollectionType) (defaults to: nil)

    the type of the collection being created

Returns:

  • (Array<String>)

    array of group identifiers (typically groupname) for groups who can edit collections of this type


206
207
208
209
210
211
212
# File 'app/services/hyrax/collection_types/permissions_service.rb', line 206

def self.group_edit_grants_for_collection_of_type(collection_type: nil)
  return [] unless collection_type
  groups = Hyrax::CollectionTypeParticipant.joins(:hyrax_collection_type).where(hyrax_collection_type_id: collection_type.id,
                                                                                agent_type: Hyrax::CollectionTypeParticipant::GROUP_TYPE,
                                                                                access: Hyrax::CollectionTypeParticipant::MANAGE_ACCESS).pluck(Arel.sql('DISTINCT agent_id'))
  groups | ['admin']
end

.user_admin?(user, ability) ⇒ Boolean

Returns:

  • (Boolean)

221
222
223
224
225
# File 'app/services/hyrax/collection_types/permissions_service.rb', line 221

def self.user_admin?(user, ability)
  # if called from abilities class, use ability instead of user; otherwise, you end up in an infinite loop
  return ability.admin? if ability.present?
  user.ability.admin?
end

.user_edit_grants_for_collection_of_type(collection_type: nil) ⇒ Array<String>

Note:

Several checks get the user's groups from the user's ability. The same values can be retrieved directly from a passed in ability. If calling from Abilities, pass the ability. If you try to get the ability from the user, you end up in an infinit loop.

Get a list of users who should be added as user editors for a new collection of the specified collection type

Parameters:

  • collection_type (Hyrax::CollectionType) (defaults to: nil)

    the type of the collection being created

Returns:

  • (Array<String>)

    array of user identifiers (typically emails) for users who can edit collections of this type


191
192
193
194
195
196
# File 'app/services/hyrax/collection_types/permissions_service.rb', line 191

def self.user_edit_grants_for_collection_of_type(collection_type: nil)
  return [] unless collection_type
  Hyrax::CollectionTypeParticipant.joins(:hyrax_collection_type).where(hyrax_collection_type_id: collection_type.id,
                                                                       agent_type: Hyrax::CollectionTypeParticipant::USER_TYPE,
                                                                       access: Hyrax::CollectionTypeParticipant::MANAGE_ACCESS).pluck(Arel.sql('DISTINCT agent_id'))
end