ontohub/lib/permissionable.rb

	permissionable.rb revision d62eba79f306957dd89ea9d3313600e98e2a8beb
module Permissionable
  extend ActiveSupport::Concern

  included do
    has_many :permissions, :as => :item
  end

  def permission?(role, user)
    # Deny if role is unknown or user is wrong object.
    return false unless [:owner, :editor].include? role
    return false unless user.is_a? User

    # Allow any admin user.
    return true if user.admin? rescue nil

    # Retrieve direct user permissions.
    @perms = Permission.item(self).subject(user).all

    # Retrieve permissions through team.
    user.teams.each do |team|
      @perms << Permission.item(self).subject(team).all
    end

    # Deny if no permission is found.
    return false unless @perms

    # Allow if role matches any permission.
    @perms.flatten.each do |perm|
      return true if perm.role == role.to_s
      return true if perm.role == 'owner' and role == :editor
    end

    # Deny otherwise.
    false
  end
end