ontohub/lib/permissionable.rb

	permissionable.rb revision 8c1be7aa00ddeb367fac5d3e8574429a301dbeb7
325N/Amodule Permissionable
325N/A  extend ActiveSupport::Concern
325N/A
325N/A  included do
325N/A    has_many :permissions, :as => :permissionable
325N/A  end
325N/A
325N/A  def permission?(role, user)
325N/A    # Deny if role is unknown or user is wrong object.
325N/A    return false unless [:owner, :editor].include? role
325N/A    return false unless user.is_a? User
325N/A
325N/A    # Allow any admin user.
325N/A    return true if user.admin? rescue nil
325N/A
325N/A    # Retrieve direct user permissions.
325N/A    @perms = Permission.item(self).subject(user).all
325N/A
325N/A    # Retrieve permissions through team.
325N/A    user.teams.each do |team|
325N/A      @perms << Permission.item(self).subject(team).all
325N/A    end
325N/A
325N/A    # Deny if no permission is found.
325N/A    return false unless @perms
325N/A
325N/A    # Allow if role matches any permission.
325N/A    @perms.flatten.each do |perm|
325N/A      return true if perm.role == role.to_s
325N/A      return true if perm.role == 'owner' and role == :editor
325N/A    end
325N/A
325N/A    # Deny otherwise.
325N/A    false
325N/A  end
325N/Aend
325N/A