Module: SocialStream::Base::Ability

Includes:
CanCan::Ability
Included in:
Ability
Defined in:
lib/social_stream/base/ability.rb

Instance Method Summary collapse

Instance Method Details

#initialize(subject) ⇒ Object

Create a new ability for this user, who is currently representing subject



7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
 
# File 'lib/social_stream/base/ability.rb', line 7

def initialize(subject)
  
  #Download alias action
  alias_action :download, :to => :read
  
  # Activity Objects
  (SocialStream.objects - [ :actor, :comment ]).map{ |obj|
    obj.to_s.classify.constantize
  }.each do |klass|
    can :create, klass do |object| # can :create, Post do |post|
      object.author.present? &&
        object.owner.present? &&
        object.author == Actor.normalize(subject) &&
        ( object.author == object.owner ||
          object.owner.allow?(subject, 'create', 'activity') )
    end

    can :read, klass do |object| # can :read, Post do |post|
      object.authored_or_owned_by?(subject) ||
        object.relation_ids.include?(Relation::Public.instance.id) ||
        subject.present? && (object.relation_ids & subject.received_relation_ids).any?
    end

    can :update, klass do |object| # can :update, Post do |post|
      object.authored_or_owned_by?(subject)
    end

    can :destroy, klass do |object| # can :destroy, Post do |post|
      object.authored_or_owned_by?(subject)
    end
  end

  can :create, Comment do |c|
    can? :read, c.parent_post
  end

  can :read, Comment do |c|
    can? :read, c.parent_post
  end

  can :update, Comment do |c|
    can? :update, c.parent_post
  end

  can :destroy, Comment do |c|
    can? :destroy, c.parent_post
  end

  # Activities
  can :read, Activity do |a|
    a.public? ||
      subject.present? &&
      a.audience.include?(subject.actor) 
  end

  can :read, Contact

  can :manage, Contact do |c|
    c.sender == subject.actor ||
      c.sender.allow?(subject, 'manage', 'contact')
  end

  # Users
  can :read, User

  can :update, User do |u|
    u.represented_by?(subject)
  end

  # Groups
  can :read, Group

  can :create, Group do |g|
    subject.present? &&
      g.author_id == Actor.normalize_id(subject)
  end

  can [ :update, :destroy, :represent ], Group do |g|
    g.represented_by?(subject)
  end

  can :read, Profile

  # Profile
  can :update, Profile do |p|
    p.subject.represented_by?(subject)
  end

  # Privacy
  can :read, Relation::Owner

  can :manage, ::Relation::Custom do |r|
    subject.present? && (
      r.actor_id == subject.actor_id ||
      r.actor.allow?(subject, 'manage', 'relation/custom')
    )
  end
end