Class: Hyrax::EditPermissionsService

Inherits:
Object
  • Object
show all
Defined in:
app/services/hyrax/edit_permissions_service.rb

Overview

Encapsulates the logic to determine which object permissions may be edited by a given user

- user is permitted to update any work permissions coming ONLY from collections they manage
- user is not permitted to update a work permission if it comes from a collection they do not manage, even if also from a managed collection
- user is permitted to update only non-manager permissions from any Collections
- user is permitted to update any non-collection permissions

Defined Under Namespace

Classes: BlockedPermissions, PermissionPresenter

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(object:, ability:) ⇒ EditPermissionsService

Returns a new instance of EditPermissionsService.

Parameters:

  • object (#depositor, #admin_set_id, #member_of_collection_ids)

    GenericWorkForm (if called for object) or GenericWork (if called for file set)

  • ability (Ability)

    user's current_ability


38
39
40
41
42
43
44
45
# File 'app/services/hyrax/edit_permissions_service.rb', line 38

def initialize(object:, ability:)
  @object = object
  @ability = ability
  @depositor = object.depositor
  unauthorized = manager_permissions_to_block
  @unauthorized_managers = unauthorized.unauthorized_managers
  @unauthorized_collection_managers = unauthorized.unauthorized_collection_managers
end

Instance Attribute Details

#depositorObject (readonly)

Returns the value of attribute depositor


34
35
36
# File 'app/services/hyrax/edit_permissions_service.rb', line 34

def depositor
  @depositor
end

#unauthorized_collection_managersObject (readonly)

Returns the value of attribute unauthorized_collection_managers


34
35
36
# File 'app/services/hyrax/edit_permissions_service.rb', line 34

def unauthorized_collection_managers
  @unauthorized_collection_managers
end

Class Method Details

.build_service_object_from(form:, ability:) ⇒ Hyrax::EditPermissionService

Note:

form object.class = SimpleForm::FormBuilder

For works (i.e. GenericWork):
- form object.object = Hyrax::GenericWorkForm
- form object.object.model = GenericWork
- use the work itself
For file_sets:
- form object.object.class = FileSet
- use work the file_set is in
No other object types are supported by this view. %>

Parameters:

  • form (SimpleForm::FormBuilder)
  • current_ability (Ability)

Returns:

  • (Hyrax::EditPermissionService)

Since:

  • v3.0.0


26
27
28
29
30
31
32
# File 'app/services/hyrax/edit_permissions_service.rb', line 26

def self.build_service_object_from(form:, ability:)
  if form.object.respond_to?(:model) && form.object.model.work?
    new(object: form.object, ability: ability)
  elsif form.object.file_set?
    new(object: form.object.in_works.first, ability: ability)
  end
end

Instance Method Details

#cannot_edit_permissions?(permission_hash) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

TODO:

refactor this code to use “can_edit?”; Thinking in negations can be challenging.

Returns true if user cannot edit the given permissions.

Parameters:

  • permission_hash (Hash)

    one set of permission fields for object :access

Returns:

  • (Boolean)

    true if user cannot edit the given permissions


52
53
54
# File 'app/services/hyrax/edit_permissions_service.rb', line 52

def cannot_edit_permissions?(permission_hash)
  permission_hash.fetch(:access) == "edit" && @unauthorized_managers.include?(permission_hash.fetch(:name))
end

#excluded_permission?(permission_hash) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns true if given permissions are one of fixed exclusions.

Parameters:

  • permission_hash (Hash)

    one set of permission fields for object :access

Returns:

  • (Boolean)

    true if given permissions are one of fixed exclusions


60
61
62
# File 'app/services/hyrax/edit_permissions_service.rb', line 60

def excluded_permission?(permission_hash)
  exclude_from_display.include? permission_hash.fetch(:name).downcase
end

#with_applicable_permission(permission_hash:) { ... } ⇒ Object

This method either:

  • returns false if the given permission_hash is part of the fixed exclusions.

  • yields a PermissionPresenter to provide additional logic and text for rendering

Parameters:

  • permission_hash (Hash<:name, :access>)

Yields:

  • PermissionPresenter

Returns:

  • false if the given permission_hash is a fixed exclusion

See Also:


76
77
78
79
# File 'app/services/hyrax/edit_permissions_service.rb', line 76

def with_applicable_permission(permission_hash:)
  return false if excluded_permission?(permission_hash)
  yield(PermissionPresenter.new(service: self, permission_hash: permission_hash))
end