Module: Authorizable

Defined Under Namespace

Modules: ClassMethods

Instance Method Summary collapse

Methods included from PermissionName

#permission_name

Instance Method Details

#authorized?(permission) ⇒ Boolean

Returns:

  • (Boolean)

31
32
33
34
# File 'app/models/concerns/authorizable.rb', line 31

def authorized?(permission)
  return false if User.current.nil?
  User.current.can?(permission, self)
end

#check_permissions_after_saveObject


5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
# File 'app/models/concerns/authorizable.rb', line 5

def check_permissions_after_save
  return true if Thread.current[:ignore_permission_check]

  authorizer = Authorizer.new(User.current)
  creation = saved_change_to_id?
  name = permission_name(creation ? :create : :edit)

  Foreman::Logging.logger('permissions').debug { "verifying the transaction by permission #{name} for class #{self.class}" }
  unless authorizer.can?(name, self, false)
    errors.add :base, _("You don't have permission %{name} with attributes that you have specified or you don't have access to specified organizations or locations") % { :name => name }

    # This is required in case the rollback happend, the instance must look like new record so that all url helpers work correctly. Rails don't rollback these attributes.
    if creation
      self.id = nil
      @new_record = true
    end

    # we need to rollback orchestration tasks if this object orchestrates something
    if self.class.included_modules.include?(Orchestration)
      send :fail_queue, queue
    end

    raise ActiveRecord::Rollback
  end
end