-
Notifications
You must be signed in to change notification settings - Fork 0
/
application_policy.rb
161 lines (131 loc) · 3.17 KB
/
application_policy.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
require 'pundit'
require 'pundit/not_authorized_error'
class ApplicationPolicy
attr_reader :user, :record
def initialize(user, record)
@user = user
@record = record
end
def index?
true
end
def show?
true
end
def create?
false
end
def update?
false
end
def destroy?
false
end
concerning :UserPredicates do
def logged_in?
!!user
end
def owner?
logged_in? && Array.wrap(record).all?{ |r| user.id == r.user_id }
end
# TO-DO: refactor to use an ALL query
def participant?
return false unless logged_in?
Array.wrap(record).each do |r|
return false unless r.users.exists?(id: user.id)
end
true
end
def moderator?
has_role? 'moderator'
end
def admin?
has_role? 'admin'
end
def scientist?
has_role? 'scientist'
end
def zooniverse_admin?
logged_in? && user.roles.where(section: 'zooniverse', name: 'admin').exists?
end
def team?
moderator? || admin? || scientist?
end
def has_role?(role)
return false unless logged_in?
return true if roles_in('zooniverse').include?(role)
record_sections.each do |section|
roles = roles_in section
return false if roles.empty? || !roles.include?(role)
end
true
end
def confirmed?
!!user.confirmed_at
end
def of_posting_age?
return true unless ENV['POSTING_AGE_REQUIREMENT']
user.created_at < (Time.now - age_requirement)
end
def age_requirement
quant = ENV.fetch('POSTING_AGE_REQUIREMENT', '24')
quant.to_i.hours
end
def roles_in(section)
user_roles.fetch section, []
end
def user_roles
return @_roles if @_roles
return { } unless logged_in?
@_roles = { }
sections = (record_sections + ['zooniverse']).uniq
user.roles.where(section: sections).each do |role|
@_roles[role.section] ||= []
@_roles[role.section] << role.name
end
@_roles
end
def record_sections
sections = Array.wrap(record).collect do |r|
r.section if r.respond_to?(:section)
end.compact.uniq
sections.empty? ? ['zooniverse'] : sections
end
def privileged_sections(*roles)
return [] unless user
@privileged_sections ||= { }
@privileged_sections[roles] ||= user.roles.where(name: roles).distinct(:section).pluck(:section)
end
def accessible_section?(roles = ['admin'])
return true if zooniverse_admin?
Array.wrap(record).each do |r|
return false unless privileged_sections(*roles).include?(r.section)
end
true
end
end
def scope
Pundit.policy_scope!(user, Array.wrap(record).first.class)
end
class Scope
include UserPredicates
attr_reader :user, :scope
def initialize(user, scope)
@user = user
@scope = scope
end
def resolve
scope
end
def user_roles
return @_roles if @_roles
return { } unless logged_in?
@_roles = { }
user.roles.each do |role|
@_roles[role.section] ||= []
@_roles[role.section] << role.name
end
@_roles
end
end
end