Class: Hyrax::EditPermissionsService

Inherits:

Object

• Object
• Hyrax::EditPermissionsService

Defined in:

app/services/hyrax/edit_permissions_service.rb

Overview

Encapsulates the logic to determine which object permissions may be edited by a given user

• user is permitted to update any work permissions coming ONLY from collections they manage

• user is not permitted to update a work permission if it comes from a collection they do not manage, even if also from a managed collection

• user is permitted to update only non-manager permissions from any Collections

• user is permitted to update any non-collection permissions

Defined Under Namespace

Classes: BlockedPermissions, PermissionPresenter

Instance Attribute Summary

• #depositor ⇒ Object readonly
• #unauthorized_collection_managers ⇒ Object readonly

Class Method Summary

• .build_service_object_from(form:, ability:) ⇒ Hyrax::EditPermissionService

Instance Method Summary

• #cannot_edit_permissions?(permission_hash) ⇒ Boolean private

  True if user cannot edit the given permissions.

• #excluded_permission?(permission_hash) ⇒ Boolean private

  True if given permissions are one of fixed exclusions.

• #initialize(object:, ability:) ⇒ EditPermissionsService constructor

  A new instance of EditPermissionsService.

• #with_applicable_permission(permission_hash:) {|PermissionPresenter| ... } ⇒ Boolean

  This method either:.

Constructor Details

#initialize(object:, ability:) ⇒ EditPermissionsService

Returns a new instance of EditPermissionsService.

# File 'app/services/hyrax/edit_permissions_service.rb', line 63

def initialize(object:, ability:)
  @object = object
  @ability = ability
  @depositor = object.depositor
  unauthorized = manager_permissions_to_block
  @unauthorized_managers = unauthorized.unauthorized_managers
  @unauthorized_collection_managers = unauthorized.unauthorized_collection_managers
end

Instance Attribute Details

#depositor ⇒ Object (readonly)

# File 'app/services/hyrax/edit_permissions_service.rb', line 57

def depositor
  @depositor
end

#unauthorized_collection_managers ⇒ Object (readonly)

# File 'app/services/hyrax/edit_permissions_service.rb', line 57

def unauthorized_collection_managers
  @unauthorized_collection_managers
end

Class Method Details

.build_service_object_from(form:, ability:) ⇒ Hyrax::EditPermissionService

Note:

form object.class = SimpleForm::FormBuilder

For works (i.e. GenericWork):
* form_object.object = Hyrax::GenericWorkForm
* form_object.object.model = GenericWork
* use the work itself
For file_sets:
* form_object.object.class = FileSet
* use work the file_set is in
For file set forms:
* form_object.object.class = Hyrax::Forms::FileSetForm OR
  Hyrax::Forms::FileSetEditForm
* form_object.object.model = FileSet
* use work the file_set is in
No other object types are supported by this view.

Since:

• v3.0.0

# File 'app/services/hyrax/edit_permissions_service.rb', line 35

def self.build_service_object_from(form:, ability:)
  obj = form.object
  if obj.respond_to?(:model) && obj.model.work?
    # The provided form object is a work form.
    new(object: obj, ability: ability)
  elsif obj.respond_to?(:model) && obj.model.file_set?
    # The provided form object is a FileSet form. For Valkyrie forms
    # (+Hyrax::Forms::FileSetForm+), +:in_works_ids+ is prepopulated onto
    # the form object itself. For +Hyrax::Forms::FileSetEditForm+, the
    # +:in_works+ method is present on the wrapped +:model+.
    if obj.is_a?(Hyrax.config.file_set_form)
      object_id = obj.in_works_ids.first
      new(object: Hyrax.query_service.find_by(id: object_id), ability: ability)
    else
      new(object: obj.model.in_works.first, ability: ability)
    end
  elsif obj.file_set?
    # The provided form object is a FileSet.
    new(object: obj.in_works.first, ability: ability)
  end
end

Instance Method Details

#cannot_edit_permissions?(permission_hash) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

TODO:

refactor this code to use “can_edit?”; Thinking in negations can be challenging.

Returns true if user cannot edit the given permissions.

# File 'app/services/hyrax/edit_permissions_service.rb', line 77

def cannot_edit_permissions?(permission_hash)
  permission_hash.fetch(:access) == "edit" && @unauthorized_managers.include?(permission_hash.fetch(:name))
end

#excluded_permission?(permission_hash) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns true if given permissions are one of fixed exclusions.

# File 'app/services/hyrax/edit_permissions_service.rb', line 85

def excluded_permission?(permission_hash)
  exclude_from_display.include? permission_hash.fetch(:name).downcase
end

#with_applicable_permission(permission_hash:) {|PermissionPresenter| ... } ⇒ Boolean

This method either:

• returns false if the given permission_hash is part of the fixed exclusions.

• yields a PermissionPresenter to provide additional logic and text for rendering

Yields:

• (PermissionPresenter)

See Also:

• #excluded_permission?

# File 'app/services/hyrax/edit_permissions_service.rb', line 102

def with_applicable_permission(permission_hash:)
  return false if excluded_permission?(permission_hash)
  yield(PermissionPresenter.new(service: self, permission_hash: permission_hash))
end