34e099cc5492a3d9342cd06d9eff2dbc13f98f19Julian Kornberger after_create :add_permission, if: :create_permission?
cd95118c2f49896d18b3c85236742fef7b655960Tim Reddehase where_hash = {item_id: self.id, item_type: self.class.to_s}
cd95118c2f49896d18b3c85236742fef7b655960Tim Reddehase team_permissions = user.team_permissions.where(where_hash)
cd95118c2f49896d18b3c85236742fef7b655960Tim Reddehase user_permissions = user.permissions.where(where_hash)
7b025f9d9726413eb3f50ca2b39826e7eed816fbJulian Kornberger # Deny if user is nil
7b025f9d9726413eb3f50ca2b39826e7eed816fbJulian Kornberger # Deny if user is of wrong type
7b025f9d9726413eb3f50ca2b39826e7eed816fbJulian Kornberger raise ArgumentError, "no user given" unless user.is_a? User
418f6b8fb54a23686e8a384a65903df27e59c03bhenning mueller # Allow any admin user.
418f6b8fb54a23686e8a384a65903df27e59c03bhenning mueller # Retrieve direct user permissions.
7370e7c0b5ad73069c8c42f5b399d0285b5e4f48Julian Kornberger @perms = self.permissions.subject(user).all
418f6b8fb54a23686e8a384a65903df27e59c03bhenning mueller # Retrieve permissions through team.
8c1be7aa00ddeb367fac5d3e8574429a301dbeb7Julian Kornberger @perms << Permission.item(self).subject(team).all
418f6b8fb54a23686e8a384a65903df27e59c03bhenning mueller # Deny if no permission is found.
418f6b8fb54a23686e8a384a65903df27e59c03bhenning mueller return false unless @perms
418f6b8fb54a23686e8a384a65903df27e59c03bhenning mueller # Allow if role matches any permission.
418f6b8fb54a23686e8a384a65903df27e59c03bhenning mueller @perms.flatten.each do |perm|
431a54a039187e66ead399a3c4db5fa66e67866fhenning mueller # Requested role exists exactly as permission.
418f6b8fb54a23686e8a384a65903df27e59c03bhenning mueller return true if perm.role == role.to_s
431a54a039187e66ead399a3c4db5fa66e67866fhenning mueller # editors have reader permissions.
431a54a039187e66ead399a3c4db5fa66e67866fhenning mueller return true if perm.role == 'editor' and role == :reader
431a54a039187e66ead399a3c4db5fa66e67866fhenning mueller # owners have reader and editor permissions.
431a54a039187e66ead399a3c4db5fa66e67866fhenning mueller return true if perm.role == 'owner' and role == :reader
418f6b8fb54a23686e8a384a65903df27e59c03bhenning mueller return true if perm.role == 'owner' and role == :editor
418f6b8fb54a23686e8a384a65903df27e59c03bhenning mueller # Deny otherwise.
34e099cc5492a3d9342cd06d9eff2dbc13f98f19Julian Kornberger def create_permission?
34e099cc5492a3d9342cd06d9eff2dbc13f98f19Julian Kornberger respond_to?(:user) && user
34e099cc5492a3d9342cd06d9eff2dbc13f98f19Julian Kornberger def add_permission
5a102b3c56d4ac75632c7e9244ee0ce5bdbbf13aSascha Graef permissions.where(subject_id: user, subject_type: user.class.to_s).
7cebbca4a9b47c808a410ea86b5e8ba3926a8179Tim Reddehase first_or_create!(subject: user, role: 'owner')