Class: Hyrax::Collections::PermissionsService

Inherits:

Object

• Object
• Hyrax::Collections::PermissionsService

Defined in:

app/services/hyrax/collections/permissions_service.rb

Overview

rubocop:disable Metrics/ClassLength

Class Method Summary

• .can_deposit_in_collection?(collection_id:, ability:) ⇒ Boolean

  Determine if the given user has permissions to deposit into the given collection.

• .can_manage_any_admin_set?(ability:) ⇒ Boolean

  Determine if the given user has permissions to manage at least one admin set.

• .can_manage_any_collection?(ability:) ⇒ Boolean

  Determine if the given user has permissions to manage at least one collection.

• .can_view_admin_show_for_any_admin_set?(ability:) ⇒ Boolean

  Determine if the given user has permissions to view the admin show page for at least one admin set.

• .can_view_admin_show_for_any_collection?(ability:) ⇒ Boolean

  Determine if the given user has permissions to view the admin show page for at least one collection.

• .can_view_admin_show_for_collection?(collection_id:, ability:) ⇒ Boolean

  Determine if the given user has permissions to view the admin show page for the collection.

• .collection_ids_for_deposit(ability:) ⇒ Array<String>

  IDs of collections into which a user can deposit.

• .collection_ids_for_user(access:, ability:) ⇒ Array<String>

  IDs of collections a user can access based on participant roles.

• .collection_ids_for_view(ability:) ⇒ Array<String>

  IDs of collections which the user can view.

• .manage_access_to_collection?(collection_id:, ability:, exclude_groups: []) ⇒ Boolean

  Determine if the given user has :manage access for the given collection.

• .source_ids_for_deposit(ability:, source_type: nil, exclude_groups: []) ⇒ Array<String>

  IDs of collections and/or admin_sets into which a user can deposit.

• .source_ids_for_manage(ability:, source_type: nil) ⇒ Array<String>

  IDs of collections and/or admin_sets that a user can manage.

Class Method Details

.can_deposit_in_collection?(collection_id:, ability:) ⇒ Boolean

Note:

Several checks get the user’s groups from the user’s ability. The same values can be retrieved directly from a passed in ability.

Determine if the given user has permissions to deposit into the given collection

Parameters:

• collection_id (String) —

  id of the collection we are checking permissions on

• ability (Ability) —

  the ability coming from cancan ability check

Returns:

• (Boolean) —

  true if the user has permission to deposit into the collection

# File 'app/services/hyrax/collections/permissions_service.rb', line 189

def self.can_deposit_in_collection?(collection_id:, ability:)
  deposit_access_to_collection?(collection_id: collection_id, ability: ability) ||
    manage_access_to_collection?(collection_id: collection_id, ability: ability)
end

.can_manage_any_admin_set?(ability:) ⇒ Boolean

Note:

Several checks get the user’s groups from the user’s ability. The same values can be retrieved directly from a passed in ability.

Determine if the given user has permissions to manage at least one admin set

TODO: MOVE TO ABILITY

Parameters:

• ability (Ability) —

  the ability coming from cancan ability check

Returns:

• (Boolean) —

  true if the user has permission to manage at least one admin_set

# File 'app/services/hyrax/collections/permissions_service.rb', line 177

def self.can_manage_any_admin_set?(ability:)
  admin_set_ids_for_user(ability: ability, access: [Hyrax::PermissionTemplateAccess::MANAGE]).present?
end

.can_manage_any_collection?(ability:) ⇒ Boolean

Note:

Several checks get the user’s groups from the user’s ability. The same values can be retrieved directly from a passed in ability.

Determine if the given user has permissions to manage at least one collection

Parameters:

• ability (Ability) —

  the ability coming from cancan ability check

Returns:

• (Boolean) —

  true if the user has permission to manage at least one collection

# File 'app/services/hyrax/collections/permissions_service.rb', line 164

def self.can_manage_any_collection?(ability:)
  collection_ids_for_user(ability: ability, access: [Hyrax::PermissionTemplateAccess::MANAGE]).present?
end

.can_view_admin_show_for_any_admin_set?(ability:) ⇒ Boolean

Note:

Several checks get the user’s groups from the user’s ability. The same values can be retrieved directly from a passed in ability.

Determine if the given user has permissions to view the admin show page for at least one admin set

TODO: MOVE TO ABILITY

Parameters:

• ability (Ability) —

  the ability coming from cancan ability check

Returns:

• (Boolean) —

  true if the user has permission to view the admin show page for at least one admin_set

# File 'app/services/hyrax/collections/permissions_service.rb', line 151

def self.can_view_admin_show_for_any_admin_set?(ability:)
  admin_set_ids_for_user(ability: ability, access: [Hyrax::PermissionTemplateAccess::MANAGE,
                                                    Hyrax::PermissionTemplateAccess::DEPOSIT,
                                                    Hyrax::PermissionTemplateAccess::VIEW]).present?
end

.can_view_admin_show_for_any_collection?(ability:) ⇒ Boolean

Note:

Several checks get the user’s groups from the user’s ability. The same values can be retrieved directly from a passed in ability.

Determine if the given user has permissions to view the admin show page for at least one collection

Parameters:

• ability (Ability) —

  the ability coming from cancan ability check

Returns:

• (Boolean) —

  true if the user has permission to view the admin show page for at least one collection

# File 'app/services/hyrax/collections/permissions_service.rb', line 137

def self.can_view_admin_show_for_any_collection?(ability:)
  collection_ids_for_user(ability: ability, access: [Hyrax::PermissionTemplateAccess::MANAGE,
                                                     Hyrax::PermissionTemplateAccess::DEPOSIT,
                                                     Hyrax::PermissionTemplateAccess::VIEW]).present?
end

.can_view_admin_show_for_collection?(collection_id:, ability:) ⇒ Boolean

Note:

Several checks get the user’s groups from the user’s ability. The same values can be retrieved directly from a passed in ability.

Determine if the given user has permissions to view the admin show page for the collection

Parameters:

• collection_id (String) —

  id of the collection we are checking permissions on

• ability (Ability) —

  the ability coming from cancan ability check

Returns:

• (Boolean) —

  true if the user has permission to view the admin show page for the collection

# File 'app/services/hyrax/collections/permissions_service.rb', line 202

def self.can_view_admin_show_for_collection?(collection_id:, ability:)
  exclude_groups = [::Ability.registered_group_name,
                    ::Ability.public_group_name]
  manage_access_to_collection?(collection_id: collection_id, ability: ability) ||
    deposit_access_to_collection?(collection_id: collection_id, ability: ability, exclude_groups: exclude_groups) ||
    view_access_to_collection?(collection_id: collection_id, ability: ability, exclude_groups: exclude_groups)
end

.collection_ids_for_deposit(ability:) ⇒ Array<String>

Note:

Several checks get the user’s groups from the user’s ability. The same values can be retrieved directly from a passed in ability.

IDs of collections into which a user can deposit.

Parameters:

• ability (Ability) —

  the ability coming from cancan ability check

Returns:

• (Array<String>) —

  IDs of collections into which the user can deposit

# File 'app/services/hyrax/collections/permissions_service.rb', line 113

def self.collection_ids_for_deposit(ability:)
  source_ids_for_deposit(ability: ability, source_type: 'collection')
end

.collection_ids_for_user(access:, ability:) ⇒ Array<String>

Note:

Several checks get the user’s groups from the user’s ability. The same values can be retrieved directly from a passed in ability.

IDs of collections a user can access based on participant roles.

Parameters:

• access (Array<String>) —

  one or more types of access (e.g. Hyrax::PermissionTemplateAccess::MANAGE, Hyrax::PermissionTemplateAccess::DEPOSIT, Hyrax::PermissionTemplateAccess::VIEW)

• ability (Ability) —

  the ability coming from cancan ability check

Returns:

• (Array<String>) —

  IDs of collections for which the user has specified roles

# File 'app/services/hyrax/collections/permissions_service.rb', line 75

def self.collection_ids_for_user(access:, ability:)
  source_ids_for_user(access: access, ability: ability, source_type: 'collection')
end

.collection_ids_for_view(ability:) ⇒ Array<String>

Note:

Several checks get the user’s groups from the user’s ability. The same values can be retrieved directly from a passed in ability.

IDs of collections which the user can view.

Parameters:

• ability (Ability) —

  the ability coming from cancan ability check

Returns:

• (Array<String>) —

  IDs of collections into which the user can view

# File 'app/services/hyrax/collections/permissions_service.rb', line 124

def self.collection_ids_for_view(ability:)
  collection_ids_for_user(ability: ability, access: [Hyrax::PermissionTemplateAccess::MANAGE,
                                                     Hyrax::PermissionTemplateAccess::DEPOSIT,
                                                     Hyrax::PermissionTemplateAccess::VIEW])
end

.manage_access_to_collection?(collection_id:, ability:, exclude_groups: []) ⇒ Boolean

Note:

Several checks get the user’s groups from the user’s ability. The same values can be retrieved directly from a passed in ability.

Determine if the given user has :manage access for the given collection

Parameters:

• collection_id (String) —

  id of the collection we are checking permissions on

• ability (Ability) —

  the ability coming from cancan ability check

• exclude_groups (Array<String>) (defaults to: []) —

  name of groups to exclude from the results

Returns:

• (Boolean) —

  true if the user has :manage access to the collection

# File 'app/services/hyrax/collections/permissions_service.rb', line 233

def self.manage_access_to_collection?(collection_id:, ability:, exclude_groups: [])
  access_to_collection?(collection_id: collection_id, access: 'manage', ability: ability, exclude_groups: exclude_groups)
end

.source_ids_for_deposit(ability:, source_type: nil, exclude_groups: []) ⇒ Array<String>

Note:

Several checks get the user’s groups from the user’s ability. The same values can be retrieved directly from a passed in ability.

IDs of collections and/or admin_sets into which a user can deposit.

Parameters:

• ability (Ability) —

  the ability coming from cancan ability check

• source_type (String) (defaults to: nil) —

  ‘collection’, ‘admin_set’, or nil to get all types

• exclude_groups (Array<String>) (defaults to: []) —

  name of groups to exclude from the results

Returns:

• (Array<String>) —

  IDs of collections and/or admin_sets into which the user can deposit

# File 'app/services/hyrax/collections/permissions_service.rb', line 88

def self.source_ids_for_deposit(ability:, source_type: nil, exclude_groups: [])
  access = [Hyrax::PermissionTemplateAccess::MANAGE, Hyrax::PermissionTemplateAccess::DEPOSIT]
  source_ids_for_user(access: access, ability: ability, source_type: source_type, exclude_groups: exclude_groups)
end

.source_ids_for_manage(ability:, source_type: nil) ⇒ Array<String>

Note:

Several checks get the user’s groups from the user’s ability. The same values can be retrieved directly from a passed in ability.

IDs of collections and/or admin_sets that a user can manage.

Parameters:

• ability (Ability) —

  the ability coming from cancan ability check

• source_type (String) (defaults to: nil) —

  ‘collection’, ‘admin_set’, or nil to get all types

Returns:

• (Array<String>) —

  IDs of collections and/or admin_sets that the user can manage

# File 'app/services/hyrax/collections/permissions_service.rb', line 101

def self.source_ids_for_manage(ability:, source_type: nil)
  access = [Hyrax::PermissionTemplateAccess::MANAGE, Hyrax::PermissionTemplateAccess::MANAGE]
  source_ids_for_user(access: access, ability: ability, source_type: source_type)
end