Class: Hyrax::EditPermissionsService

Inherits:
Object
  • Object
show all
Defined in:
app/services/hyrax/edit_permissions_service.rb

Overview

Encapsulates the logic to determine which object permissions may be edited by a given user

  • user is permitted to update any work permissions coming ONLY from collections they manage

  • user is not permitted to update a work permission if it comes from a collection they do not manage, even if also from a managed collection

  • user is permitted to update only non-manager permissions from any Collections

  • user is permitted to update any non-collection permissions

Defined Under Namespace

Classes: BlockedPermissions, PermissionPresenter

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(object:, ability:) ⇒ EditPermissionsService

Returns a new instance of EditPermissionsService.

Parameters:

  • object (#depositor, #admin_set_id, #member_of_collection_ids)

    GenericWorkForm (if called for object) or GenericWork (if called for file set)

  • ability (Ability)

    user’s current_ability



62
63
64
65
66
67
68
69
 
# File 'app/services/hyrax/edit_permissions_service.rb', line 62

def initialize(object:, ability:)
  @object = object
  @ability = ability
  @depositor = object.depositor
  unauthorized = manager_permissions_to_block
  @unauthorized_managers = unauthorized.unauthorized_managers
  @unauthorized_collection_managers = unauthorized.unauthorized_collection_managers
end

Instance Attribute Details

#depositorObject (readonly) 



56
57
58
 
# File 'app/services/hyrax/edit_permissions_service.rb', line 56

def depositor
  @depositor
end

#unauthorized_collection_managersObject (readonly) 



56
57
58
 
# File 'app/services/hyrax/edit_permissions_service.rb', line 56

def unauthorized_collection_managers
  @unauthorized_collection_managers
end

Class Method Details

.build_service_object_from(form:, ability:) ⇒ Hyrax::EditPermissionService

Note:

form object.class = SimpleForm::FormBuilder

For works (i.e. GenericWork):
* form_object.object = Hyrax::GenericWorkForm
* form_object.object.model = GenericWork
* use the work itself
For file_sets:
* form_object.object.class = FileSet
* use work the file_set is in
For file set forms:
* form_object.object.class = Hyrax::Forms::FileSetForm OR
  Hyrax::Forms::FileSetEditForm
* form_object.object.model = FileSet
* use work the file_set is in
No other object types are supported by this view.

Parameters:

  • form (SimpleForm::FormBuilder)
  • current_ability (Ability)

Returns:

  • (Hyrax::EditPermissionService)

Since:

  • v3.0.0



35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
 
# File 'app/services/hyrax/edit_permissions_service.rb', line 35

def self.build_service_object_from(form:, ability:)
  if form.object.respond_to?(:model) && form.object.model.work?
    # The provided form object is a work form.
    new(object: form.object, ability: ability)
  elsif form.object.respond_to?(:model) && form.object.model.file_set?
    # The provided form object is a FileSet form. For Valkyrie forms
    # (+Hyrax::Forms::FileSetForm+), +:in_works_ids+ is prepopulated onto
    # the form object itself. For +Hyrax::Forms::FileSetEditForm+, the
    # +:in_works+ method is present on the wrapped +:model+.
    if form.object.is_a?(Hyrax::Forms::FileSetForm)
      object_id = form.object.in_works_ids.first
      new(object: Hyrax.query_service.find_by(id: object_id), ability: ability)
    else
      new(object: form.object.model.in_works.first, ability: ability)
    end
  elsif form.object.file_set?
    # The provided form object is a FileSet.
    new(object: form.object.in_works.first, ability: ability)
  end
end

Instance Method Details

#cannot_edit_permissions?(permission_hash) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

TODO:

refactor this code to use “can_edit?”; Thinking in negations can be challenging.

Returns true if user cannot edit the given permissions.

Parameters:

  • permission_hash (Hash)

    one set of permission fields for object :name, :access}

Returns:

  • (Boolean)

    true if user cannot edit the given permissions



76
77
78
 
# File 'app/services/hyrax/edit_permissions_service.rb', line 76

def cannot_edit_permissions?(permission_hash)
  permission_hash.fetch(:access) == "edit" && @unauthorized_managers.include?(permission_hash.fetch(:name))
end

#excluded_permission?(permission_hash) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns true if given permissions are one of fixed exclusions.

Parameters:

  • permission_hash (Hash)

    one set of permission fields for object :name, :access

Returns:

  • (Boolean)

    true if given permissions are one of fixed exclusions



84
85
86
 
# File 'app/services/hyrax/edit_permissions_service.rb', line 84

def excluded_permission?(permission_hash)
  exclude_from_display.include? permission_hash.fetch(:name).downcase
end

#with_applicable_permission(permission_hash:) {|PermissionPresenter| ... } ⇒ Boolean

This method either:

  • returns false if the given permission_hash is part of the fixed exclusions.

  • yields a PermissionPresenter to provide additional logic and text for rendering

Parameters:

  • permission_hash (Hash{Symbol => Object})

Yields:

Returns:

  • (Boolean)

    false if the given permission_hash is a fixed exclusion

See Also:



101
102
103
104
 
# File 'app/services/hyrax/edit_permissions_service.rb', line 101

def with_applicable_permission(permission_hash:)
  return false if excluded_permission?(permission_hash)
  yield(PermissionPresenter.new(service: self, permission_hash: permission_hash))
end