Class: Hyrax::EditPermissionsService

Inherits:
Object
  • Object
show all
Defined in:
app/services/hyrax/edit_permissions_service.rb

Overview

Encapsulates the logic to determine which object permissions may be edited by a given user

  • user is permitted to update any work permissions coming ONLY from collections they manage

  • user is not permitted to update a work permission if it comes from a collection they do not manage, even if also from a managed collection

  • user is permitted to update only non-manager permissions from any Collections

  • user is permitted to update any non-collection permissions

Defined Under Namespace

Classes: BlockedPermissions, PermissionPresenter

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(object:, ability:) ⇒ EditPermissionsService

Returns a new instance of EditPermissionsService.

Parameters:

  • object (#depositor, #admin_set_id, #member_of_collection_ids)

    GenericWorkForm (if called for object) or GenericWork (if called for file set)

  • ability (Ability)

    user's current_ability


44
45
46
47
48
49
50
51
# File 'app/services/hyrax/edit_permissions_service.rb', line 44

def initialize(object:, ability:)
  @object = object
  @ability = ability
  @depositor = object.depositor
  unauthorized = manager_permissions_to_block
  @unauthorized_managers = unauthorized.unauthorized_managers
  @unauthorized_collection_managers = unauthorized.unauthorized_collection_managers
end

Instance Attribute Details

#depositorObject (readonly)


38
39
40
# File 'app/services/hyrax/edit_permissions_service.rb', line 38

def depositor
  @depositor
end

#unauthorized_collection_managersObject (readonly)


38
39
40
# File 'app/services/hyrax/edit_permissions_service.rb', line 38

def unauthorized_collection_managers
  @unauthorized_collection_managers
end

Class Method Details

.build_service_object_from(form:, ability:) ⇒ Hyrax::EditPermissionService

Note:

form object.class = SimpleForm::FormBuilder

For works (i.e. GenericWork):
* form object.object = Hyrax::GenericWorkForm
* form object.object.model = GenericWork
* use the work itself
For file_sets:
* form object.object.class = FileSet
* use work the file_set is in
No other object types are supported by this view.

Parameters:

  • form (SimpleForm::FormBuilder)
  • current_ability (Ability)

Returns:

  • (Hyrax::EditPermissionService)

Since:

  • v3.0.0


30
31
32
33
34
35
36
# File 'app/services/hyrax/edit_permissions_service.rb', line 30

def self.build_service_object_from(form:, ability:)
  if form.object.respond_to?(:model) && form.object.model.work?
    new(object: form.object, ability: ability)
  elsif form.object.file_set?
    new(object: form.object.in_works.first, ability: ability)
  end
end

Instance Method Details

#cannot_edit_permissions?(permission_hash) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

TODO:

refactor this code to use “can_edit?”; Thinking in negations can be challenging.

Returns true if user cannot edit the given permissions.

Parameters:

  • permission_hash (Hash)

    one set of permission fields for object :name, :access}

Returns:

  • (Boolean)

    true if user cannot edit the given permissions


58
59
60
# File 'app/services/hyrax/edit_permissions_service.rb', line 58

def cannot_edit_permissions?(permission_hash)
  permission_hash.fetch(:access) == "edit" && @unauthorized_managers.include?(permission_hash.fetch(:name))
end

#excluded_permission?(permission_hash) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns true if given permissions are one of fixed exclusions.

Parameters:

  • permission_hash (Hash)

    one set of permission fields for object :name, :access

Returns:

  • (Boolean)

    true if given permissions are one of fixed exclusions


66
67
68
# File 'app/services/hyrax/edit_permissions_service.rb', line 66

def excluded_permission?(permission_hash)
  exclude_from_display.include? permission_hash.fetch(:name).downcase
end

#with_applicable_permission(permission_hash:) {|PermissionPresenter| ... } ⇒ Boolean

This method either:

  • returns false if the given permission_hash is part of the fixed exclusions.

  • yields a PermissionPresenter to provide additional logic and text for rendering

Parameters:

  • permission_hash (Hash{Symbol => Object})

Yields:

Returns:

  • (Boolean)

    false if the given permission_hash is a fixed exclusion

See Also:


83
84
85
86
# File 'app/services/hyrax/edit_permissions_service.rb', line 83

def with_applicable_permission(permission_hash:)
  return false if excluded_permission?(permission_hash)
  yield(PermissionPresenter.new(service: self, permission_hash: permission_hash))
end