ability.rb revision 1acf56de0af39e2398931dd5c510dd7a0d3eab3d
327N/Aclass Ability
327N/A include CanCan::Ability
327N/A
327N/A def initialize(user)
327N/A # Define abilities for the passed in user here.
327N/A
327N/A user ||= User.new # guest user (not logged in)
327N/A
327N/A if user.admin?
327N/A can { true }
327N/A elsif user.id
327N/A # Repositories
327N/A can [:create], Repository
327N/A can :show, Repository do |subject|
327N/A if subject.is_private
327N/A subject.permission?(:reader, user) ||
327N/A subject.permission?(:editor, user) ||
327N/A subject.permission?(:owner, user)
327N/A else
327N/A true
327N/A end
327N/A end
824N/A can [:write], Repository do |subject|
327N/A if subject.mirror?
327N/A false
327N/A elsif subject.private_r?
327N/A false
864N/A elsif subject.private_rw?
864N/A subject.permission?(:editor, user)
327N/A else
824N/A (subject.permission?(:editor, user) || subject.public_rw?)
327N/A end
618N/A end
327N/A can [:update, :destroy, :permissions], Repository do |subject|
844N/A subject.permission?(:owner, user)
844N/A end
327N/A
1273N/A # Ontology
327N/A can :manage, Ontology do |subject|
327N/A subject.permission?(:editor, user)
327N/A end
327N/A
327N/A # Logics
327N/A can [:update], Logic do |subject|
327N/A subject.permission?(:editor, user)
327N/A end
327N/A can [:destroy, :permissions], Logic do |subject|
327N/A subject.permission?(:owner, user)
327N/A end
327N/A can [:create], Logic
327N/A
327N/A # LogicMappings
327N/A can [:update], LogicMapping do |subject|
327N/A subject.permission?(:editor, user)
327N/A end
327N/A can [:destroy, :permissions], LogicMapping do |subject|
327N/A subject.permission?(:owner, user)
327N/A end
327N/A can [:create], LogicMapping
327N/A
327N/A # LanguageMappings
327N/A can [:update], LanguageMapping do |subject|
327N/A subject.permission?(:editor, user)
327N/A end
327N/A can [:destroy, :permissions], LanguageMapping do |subject|
824N/A subject.permission?(:owner, user)
327N/A end
327N/A can [:create], LanguageMapping
327N/A
327N/A # LogicAdjoints
327N/A can [:update], LogicAdjoint do |subject|
327N/A subject.permission?(:editor, user)
327N/A end
327N/A can [:destroy, :permissions], LogicAdjoint do |subject|
327N/A subject.permission?(:owner, user)
327N/A end
327N/A can [:create], LogicAdjoint
327N/A
327N/A # LanguageAdjoints
327N/A can [:update], LanguageAdjoint do |subject|
327N/A subject.permission?(:editor, user)
327N/A end
327N/A can [:destroy, :permissions], LanguageAdjoint do |subject|
327N/A subject.permission?(:owner, user)
327N/A end
327N/A can [:create], LanguageAdjoint
327N/A
# Languages
can [:update], Language do |subject|
subject.permission?(:editor, user)
end
can [:destroy, :permissions], Language do |subject|
subject.permission?(:owner, user)
end
can [:create], Language
# Serializations
can [:create, :destroy, :update], Serialization
# Team permissions
can [:create, :read], Team
can [:update, :destroy], Team do |subject|
subject.admin?(user)
end
# Comments
can [:create], Comment
can [:destroy], Comment do |subject|
subject.user == user || subject.commentable.permission?(:owner, user)
end
can [:create, :destroy], Metadatum do |subject|
# TODO tests written?
subject.user == user || subject.metadatable.permission?(:editor, user)
end
can [:create, :read], Project
can [:create, :read], Task
can [:create, :read], LicenseModel
can :read, FormalityLevel
can :read, Category
else
can :show, Repository do |subject|
!subject.is_private
end
can :read, Project
can :read, Task
can :read, LicenseModel
can :read, FormalityLevel
can :read, Category
end
# See the wiki for details: https://github.com/ryanb/cancan/wiki/Defining-Abilities
end
end