scinote-web/app/controllers/client_api/permissions_controller.rb

module ClientApi
  class PermissionsController < ApplicationController
    before_action :generate_permissions_object, only: :status

    def status
      respond_to do |format|
        format.json do
          render json: @permissions, status: :ok
        end
      end
    end

    private

    def generate_permissions_object
      sanitize_permissions!
      @permissions = {}
      obj = @resource.fetch(:type)
                     .constantize
                     .public_send(:find_by_id, @resource.fetch(:id) {
                       raise ArgumentError, 'ID must be present'
                     }) if @resource
      @required_permissions.each do |permission|
        trim_permission = permission.gsub('can_', '')
        if @resource
          # return false if object does not exist
          result = obj ? @holder.eval(trim_permission, current_user, obj) : false
          @permissions.merge!(permission => result)
        else
          @permissions.merge!(
            permission => @holder.eval_generic(
              trim_permission, current_user
            )
          )
        end
      end
    end

    def sanitize_permissions!
      @required_permissions = params.fetch(:requiredPermissions) do
        :permissions_array_missing
      end
      @holder = Canaid::PermissionsHolder.instance
      @required_permissions.each do |permission|
        next if @holder.has_permission?(permission.gsub('can_', ''))
        # this error should happen only in development
        raise ArgumentError, "Method #{permission} has no related " \
                             "permission registered."
      end
      # sanitize resource, this error should happen only in development
      raise ArgumentError,
            "Resource #{@resource} does not exists" unless resource_valid?
    end

    def resource_valid?
      @resource = params[:resource]
      return true unless @resource
      return true if Object.const_get(@resource.fetch(:type).classify)
    rescue NameError
      return false
    end
  end
end
adds premissions service to FE 2017-12-02 00:15:15 +08:00			`module ClientApi`
			`class PermissionsController < ApplicationController`
fixes flow, and before_action in permissions_controller 2018-01-04 00:23:50 +08:00			`before_action :generate_permissions_object, only: :status`
add permissions endpoint on the API 2017-12-04 20:25:48 +08:00
fixes per @duco 's request 2017-12-13 15:57:50 +08:00			`def status`
adds premissions service to FE 2017-12-02 00:15:15 +08:00			`respond_to do \|format\|`
			`format.json do`
add permissions endpoint on the API 2017-12-04 20:25:48 +08:00			`render json: @permissions, status: :ok`
adds premissions service to FE 2017-12-02 00:15:15 +08:00			`end`
			`end`
			`end`
add permissions endpoint on the API 2017-12-04 20:25:48 +08:00
			`private`

			`def generate_permissions_object`
			`sanitize_permissions!`
			`@permissions = {}`
fix HOC to recive objects 2018-01-08 23:28:20 +08:00			`obj = @resource.fetch(:type)`
			`.constantize`
			`.public_send(:find_by_id, @resource.fetch(:id) {`
			`raise ArgumentError, 'ID must be present'`
			`}) if @resource`
refactor 2018-01-12 18:38:52 +08:00			`@required_permissions.each do \|permission\|`
			`trim_permission = permission.gsub('can_', '')`
fix HOC to recive objects 2018-01-08 23:28:20 +08:00			`if @resource`
			`# return false if object does not exist`
refactor 2018-01-12 18:38:52 +08:00			`result = obj ? @holder.eval(trim_permission, current_user, obj) : false`
fix HOC to recive objects 2018-01-08 23:28:20 +08:00			`@permissions.merge!(permission => result)`
			`else`
add permissions endpoint on the API 2017-12-04 20:25:48 +08:00			`@permissions.merge!(`
fix HOC to recive objects 2018-01-08 23:28:20 +08:00			`permission => @holder.eval_generic(`
refactor 2018-01-12 18:38:52 +08:00			`trim_permission, current_user`
fix HOC to recive objects 2018-01-08 23:28:20 +08:00			`)`
add permissions endpoint on the API 2017-12-04 20:25:48 +08:00			`)`
			`end`
			`end`
			`end`

			`def sanitize_permissions!`
fix HOC to recive objects 2018-01-08 23:28:20 +08:00			`@required_permissions = params.fetch(:requiredPermissions) do`
add permissions endpoint on the API 2017-12-04 20:25:48 +08:00			`:permissions_array_missing`
			`end`
			`@holder = Canaid::PermissionsHolder.instance`
			`@required_permissions.each do \|permission\|`
fix HOC to recive objects 2018-01-08 23:28:20 +08:00			`next if @holder.has_permission?(permission.gsub('can_', ''))`
add permissions endpoint on the API 2017-12-04 20:25:48 +08:00			`# this error should happen only in development`
			`raise ArgumentError, "Method #{permission} has no related " \`
			`"permission registered."`
			`end`
			`# sanitize resource, this error should happen only in development`
			`raise ArgumentError,`
			`"Resource #{@resource} does not exists" unless resource_valid?`
			`end`

			`def resource_valid?`
			`@resource = params[:resource]`
			`return true unless @resource`
fix HOC to recive objects 2018-01-08 23:28:20 +08:00			`return true if Object.const_get(@resource.fetch(:type).classify)`
add permissions endpoint on the API 2017-12-04 20:25:48 +08:00			`rescue NameError`
			`return false`
			`end`
adds premissions service to FE 2017-12-02 00:15:15 +08:00			`end`
			`end`