-
Notifications
You must be signed in to change notification settings - Fork 0
/
board_policy.rb
94 lines (76 loc) · 2.19 KB
/
board_policy.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
class BoardPolicy < ApplicationPolicy
def index?
true
end
def show?
readable?
end
def create?
moderator? || admin?
end
def update?
(moderator? || admin?) && writable?
end
def destroy?
(moderator? || admin?) && writable?
end
def readable?
return false unless board_ids.compact.present?
ReadableScope.new(user, Board.where(id: board_ids)).resolve.pluck(:id).sort == board_ids.sort
end
def writable?
return false unless board_ids.compact.present? && logged_in?
WritableScope.new(user, Board.where(id: board_ids)).resolve.pluck(:id).sort == board_ids.sort
end
def board_ids
Array.wrap(record).compact.collect &:id
end
class PermissionsScope < Scope
def resolve
return scope.all if zooniverse_admin?
scope.where permissions.join(' or ')
end
def permissions
[for_all] + for_roles
end
def for_all
"(boards.permissions ->> '#{ @permission }' = 'all')"
end
def for_roles
user_roles.collect do |section, roles|
roles << 'translator' if translator_for?(roles)
roles << 'team' if team_for?(section)
roles << 'moderator' if 'admin'.in?(roles) # admin is the owner role for the section
quoted_roles = roles.uniq.collect{ |role| quote role }.join ', '
"(boards.permissions ->> '#{ @permission }' in (#{ quoted_roles }) and boards.section = #{ quote section })"
end
end
def translator_for?(roles)
'admin'.in?(roles) || 'moderator'.in?(roles) || 'scientist'.in?(roles) || 'translator'.in?(roles)
end
def team_for?(section)
roles = user_roles[section] + user_roles.fetch('zooniverse', [])
'admin'.in?(roles) || 'moderator'.in?(roles) || 'scientist'.in?(roles)
end
def zooniverse_admin?
'admin'.in? user_roles.fetch('zooniverse', [])
end
def quote(string)
ActiveRecord::Base.connection.quote string
end
end
class ReadableScope < PermissionsScope
def initialize(user, scope)
@permission = :read
super
end
end
class WritableScope < PermissionsScope
def initialize(user, scope)
@permission = :write
super
end
end
class Scope < ReadableScope
end
end