Class: Hyrax::CollectionTypes::PermissionsService

Inherits:
Object
  • Object
show all
Defined in:
app/services/hyrax/collection_types/permissions_service.rb

Class Method Summary collapse

Class Method Details

.can_create_admin_set_collection_type?(user: nil, ability: nil) ⇒ Boolean

Note:

Several checks get the user's groups from the user's ability. The same values can be retrieved directly from a passed in ability. If calling from Abilities, pass the ability. If you try to get the ability from the user, you end up in an infinit loop.

Is the user a creator for admin sets collection types?

Parameters:

  • user (User) (defaults to: nil)

    user (required if ability is nil)

  • ability (Ability) (defaults to: nil)

    the ability coming from cancan ability check (default: nil) (required if user is nil)

Returns:

  • (Boolean)

    true if the user has permission to create collections of type admin_set


72
73
74
75
76
77
78
79
80
81
82
83
84
85
# File 'app/services/hyrax/collection_types/permissions_service.rb', line 72

def self.can_create_admin_set_collection_type?(user: nil, ability: nil)
  return false unless user.present? || ability.present?
  return true if user_admin?(user, ability)
  # both manage and create access can create collections of a type, so no need to include access in the query
  return true if Hyrax::CollectionTypeParticipant.joins(:hyrax_collection_type)
                                                 .where(agent_type: Hyrax::CollectionTypeParticipant::USER_TYPE,
                                                        agent_id: user_id(user, ability),
                                                        hyrax_collection_types: { machine_id: Hyrax::CollectionType::ADMIN_SET_MACHINE_ID }).present?
  return true if Hyrax::CollectionTypeParticipant.joins(:hyrax_collection_type)
                                                 .where(agent_type: Hyrax::CollectionTypeParticipant::GROUP_TYPE,
                                                        agent_id: user_groups(user, ability),
                                                        hyrax_collection_types: { machine_id: Hyrax::CollectionType::ADMIN_SET_MACHINE_ID }).present?
  false
end

.can_create_any_collection_type?(user: nil, ability: nil) ⇒ Boolean

Note:

Several checks get the user's groups from the user's ability. The same values can be retrieved directly from a passed in ability. If calling from Abilities, pass the ability. If you try to get the ability from the user, you end up in an infinit loop.

Is the user a creator for any collection types?

Parameters:

  • user (User) (defaults to: nil)

    user (required if ability is nil)

  • ability (Ability) (defaults to: nil)

    the ability coming from cancan ability check (default: nil) (required if user is nil)

Returns:

  • (Boolean)

    true if the user has permission to create collections of at least one collection type


52
53
54
55
56
57
58
59
60
61
# File 'app/services/hyrax/collection_types/permissions_service.rb', line 52

def self.can_create_any_collection_type?(user: nil, ability: nil)
  return false unless user.present? || ability.present?
  return true if user_admin?(user, ability)
  # both manage and create access can create collections of a type, so no need to include access in the query
  return true if Hyrax::CollectionTypeParticipant.where(agent_type: Hyrax::CollectionTypeParticipant::USER_TYPE,
                                                        agent_id: user_id(user, ability)).any?
  return true if Hyrax::CollectionTypeParticipant.where(agent_type: Hyrax::CollectionTypeParticipant::GROUP_TYPE,
                                                        agent_id: user_groups(user, ability)).any?
  false
end

.can_create_collection_of_type?(collection_type:, user: nil, ability: nil) ⇒ Boolean

Note:

Several checks get the user's groups from the user's ability. The same values can be retrieved directly from a passed in ability. If calling from Abilities, pass the ability. If you try to get the ability from the user, you end up in an infinit loop.

Get a list of collection types that a user can create

Parameters:

  • collection_type (Hyrax::CollectionType)

    the type of the collection being created

  • user (User) (defaults to: nil)

    user (required if ability is nil)

  • ability (Ability) (defaults to: nil)

    the ability coming from cancan ability check (default: nil) (required if user is nil)

Returns:

  • (Boolean)

    true if the user has permission to create collections of specified type


110
111
112
113
# File 'app/services/hyrax/collection_types/permissions_service.rb', line 110

def self.can_create_collection_of_type?(collection_type:, user: nil, ability: nil)
  manage_access_for_collection_type?(user: user, ability: ability, collection_type: collection_type) ||
    create_access_for_collection_type?(user: user, ability: ability, collection_type: collection_type)
end

.can_create_collection_types(user: nil, ability: nil) ⇒ Array<Hyrax::CollectionType>

Note:

Several checks get the user's groups from the user's ability. The same values can be retrieved directly from a passed in ability. If calling from Abilities, pass the ability. If you try to get the ability from the user, you end up in an infinit loop.

Get a list of collection types that a user can create

Parameters:

  • user (User) (defaults to: nil)

    user (required if ability is nil)

  • ability (Ability) (defaults to: nil)

    the ability coming from cancan ability check (default: nil) (required if user is nil)

Returns:


96
97
98
# File 'app/services/hyrax/collection_types/permissions_service.rb', line 96

def self.can_create_collection_types(user: nil, ability: nil)
  collection_types_for_user(user: user, ability: ability, roles: [Hyrax::CollectionTypeParticipant::MANAGE_ACCESS, Hyrax::CollectionTypeParticipant::CREATE_ACCESS])
end

.collection_type_ids_for_user(roles:, user: nil, ability: nil) ⇒ Array<String>

Note:

Several checks get the user's groups from the user's ability. The same values can be retrieved directly from a passed in ability. If calling from Abilities, pass the ability. If you try to get the ability from the user, you end up in an infinit loop.

Ids of collection types that a user can create or manage

Parameters:

  • roles (String)

    type of access, Hyrax::CollectionTypeParticipant::MANAGE_ACCESS and/or Hyrax::CollectionTypeParticipant::CREATE_ACCESS

  • user (User) (defaults to: nil)

    user (required if ability is nil)

  • ability (Ability) (defaults to: nil)

    the ability coming from cancan ability check (default: nil) (required if user is nil)

Returns:

  • (Array<String>)

    ids for collection types for which a user has the specified role


14
15
16
17
18
19
20
21
22
23
24
25
# File 'app/services/hyrax/collection_types/permissions_service.rb', line 14

def self.collection_type_ids_for_user(roles:, user: nil, ability: nil)
  return false unless user.present? || ability.present?
  return Hyrax::CollectionType.all.pluck('DISTINCT id') if user_admin?(user, ability)
  Hyrax::CollectionTypeParticipant.where(agent_type: Hyrax::CollectionTypeParticipant::USER_TYPE,
                                         agent_id: user_id(user, ability),
                                         access: roles)
                                  .or(
                                    Hyrax::CollectionTypeParticipant.where(agent_type: Hyrax::CollectionTypeParticipant::GROUP_TYPE,
                                                                           agent_id: user_groups(user, ability),
                                                                           access: roles)
                                  ).pluck('DISTINCT hyrax_collection_type_id')
end

.collection_types_for_user(roles:, user: nil, ability: nil) ⇒ Array<Hyrax::CollectionType>

Note:

Several checks get the user's groups from the user's ability. The same values can be retrieved directly from a passed in ability. If calling from Abilities, pass the ability. If you try to get the ability from the user, you end up in an infinit loop.

Instances of collection types that a user can create or manage

Parameters:

  • roles (String)

    type of access, Hyrax::CollectionTypeParticipant::MANAGE_ACCESS and/or Hyrax::CollectionTypeParticipant::CREATE_ACCESS

  • user (User) (defaults to: nil)

    user (required if ability is nil)

  • ability (Ability) (defaults to: nil)

    the ability coming from cancan ability check (default: nil) (required if user is nil)

Returns:

  • (Array<Hyrax::CollectionType>)

    instances of collection types for which a user has the specified role


37
38
39
40
41
# File 'app/services/hyrax/collection_types/permissions_service.rb', line 37

def self.collection_types_for_user(roles:, user: nil, ability: nil)
  return false unless user.present? || ability.present?
  return Hyrax::CollectionType.all if user_admin?(user, ability)
  Hyrax::CollectionType.where(id: collection_type_ids_for_user(user: user, roles: roles, ability: ability))
end

.group_edit_grants_for_collection_of_type(collection_type: nil) ⇒ Array<String>

Note:

Several checks get the user's groups from the user's ability. The same values can be retrieved directly from a passed in ability. If calling from Abilities, pass the ability. If you try to get the ability from the user, you end up in an infinit loop.

Get a list of group that should be added as group editors for a new collection of the specified collection type

Parameters:

  • collection_type (Hyrax::CollectionType) (defaults to: nil)

    the type of the collection being created

Returns:

  • (Array<String>)

    array of group identifiers (typically groupname) for groups who can edit collections of this type


204
205
206
207
208
209
210
# File 'app/services/hyrax/collection_types/permissions_service.rb', line 204

def self.group_edit_grants_for_collection_of_type(collection_type: nil)
  return [] unless collection_type
  groups = Hyrax::CollectionTypeParticipant.joins(:hyrax_collection_type).where(hyrax_collection_type_id: collection_type.id,
                                                                                agent_type: Hyrax::CollectionTypeParticipant::GROUP_TYPE,
                                                                                access: Hyrax::CollectionTypeParticipant::MANAGE_ACCESS).pluck('DISTINCT agent_id')
  groups | ['admin']
end

.user_admin?(user, ability) ⇒ Boolean

Returns:

  • (Boolean)

219
220
221
222
223
# File 'app/services/hyrax/collection_types/permissions_service.rb', line 219

def self.user_admin?(user, ability)
  # if called from abilities class, use ability instead of user; otherwise, you end up in an infinite loop
  return ability.admin? if ability.present?
  user.ability.admin?
end

.user_edit_grants_for_collection_of_type(collection_type: nil) ⇒ Array<String>

Note:

Several checks get the user's groups from the user's ability. The same values can be retrieved directly from a passed in ability. If calling from Abilities, pass the ability. If you try to get the ability from the user, you end up in an infinit loop.

Get a list of users who should be added as user editors for a new collection of the specified collection type

Parameters:

  • collection_type (Hyrax::CollectionType) (defaults to: nil)

    the type of the collection being created

Returns:

  • (Array<String>)

    array of user identifiers (typically emails) for users who can edit collections of this type


189
190
191
192
193
194
# File 'app/services/hyrax/collection_types/permissions_service.rb', line 189

def self.user_edit_grants_for_collection_of_type(collection_type: nil)
  return [] unless collection_type
  Hyrax::CollectionTypeParticipant.joins(:hyrax_collection_type).where(hyrax_collection_type_id: collection_type.id,
                                                                       agent_type: Hyrax::CollectionTypeParticipant::USER_TYPE,
                                                                       access: Hyrax::CollectionTypeParticipant::MANAGE_ACCESS).pluck('DISTINCT agent_id')
end