Merge pull request #888 from biosistemika/lm-sci-1795

Setup main architecture for permissions refactoring [SCI-1795]
2024-09-20 14:45:56 +08:00 · 2017-11-23 12:32:49 +01:00 · 2017-11-23 12:32:49 +01:00 · c51a85a161
parent 2f66c1df25 00fe267a2a
commit c51a85a161
7 changed files with 126 additions and 2 deletions
--- a/3
+++ b/3
@ -86,6 +86,9 @@ gem 'devise_security_extension',
    git: 'https://github.com/phatworx/devise_security_extension.git',
    ref: 'b2ee978'

+# Permission helper Gem
+gem 'canaid', git: 'https://github.com/biosistemika/canaid', branch: 'master'
+
 group :development, :test do
  gem 'listen', '~> 3.0'
  gem 'byebug'
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -1,3 +1,12 @@
+GIT
+  remote: https://github.com/biosistemika/canaid
+  revision: 8014ee3f017fe2446b74121fdbd3253aec645932
+  branch: master
+  specs:
+    canaid (0.0.1)
+      devise (>= 3.4.1)
+      rails (>= 4)
+
 GIT
  remote: https://github.com/biosistemika/jquery-scrollto-rails
  revision: d1d40d5334e0bccfc64208ba81b9a7792f6cb591
@ -511,6 +520,7 @@ DEPENDENCIES
  bootstrap_form
  bullet
  byebug
+  canaid!
  capybara
  capybara-email
  commit_param_routing
--- a/app/models/concerns/user/project_roles.rb
+++ b/app/models/concerns/user/project_roles.rb
@ -0,0 +1,60 @@
+require 'aspector'
+
+module User::ProjectRoles
+  extend ActiveSupport::Concern
+
+  aspector do
+    # Check if user is member of project
+    around %i(
+      is_member_of_project?
+      is_owner_of_project?
+      is_user_of_project?
+      is_user_or_higher_of_project?
+      is_technician_of_project?
+      is_technician_or_higher_of_project?
+      is_viewer_of_project?
+    ) do |proxy, *args, &block|
+      if args[0]
+        @user_project = user_projects.where(project: args[0]).take
+        @user_project ? proxy.call(*args, &block) : false
+      else
+        false
+      end
+    end
+  end
+
+  def is_member_of_project?(project)
+    # This is already checked by aspector, so just return true
+    true
+  end
+
+  def is_creator_of_project?(project)
+    project.created_by == self
+  end
+
+  def is_owner_of_project?(project)
+    @user_project.owner?
+  end
+
+  def is_user_of_project?(project)
+    @user_project.normal_user?
+  end
+
+  def is_user_or_higher_of_project?(project)
+    @user_project.normal_user? or @user_project.owner?
+  end
+
+  def is_technician_of_project?(project)
+    @user_project.technician?
+  end
+
+  def is_technician_or_higher_of_project?(project)
+    @user_project.technician? or
+      @user_project.normal_user? or
+      @user_project.owner?
+  end
+
+  def is_viewer_of_project?(project)
+    @user_project.viewer?
+  end
+end
--- a/app/models/concerns/user/team_roles.rb
+++ b/app/models/concerns/user/team_roles.rb
@ -0,0 +1,44 @@
+require 'aspector'
+
+module User::TeamRoles
+  extend ActiveSupport::Concern
+
+  aspector do
+    # Check if user is member of team
+    around %i(
+      is_member_of_team?
+      is_admin_of_team?
+      is_normal_user_of_team?
+      is_normal_user_or_admin_of_team?
+      is_guest_of_team?
+    ) do |proxy, *args, &block|
+      if args[0]
+        @user_team = user_teams.where(team: args[0]).take
+        @user_team ? proxy.call(*args, &block) : false
+      else
+        false
+      end
+    end
+  end
+
+  def is_member_of_team?(team)
+    # This is already checked by aspector, so just return true
+    true
+  end
+
+  def is_admin_of_team?(team)
+    @user_team.admin?
+  end
+
+  def is_normal_user_of_team?(team)
+    @user_team.normal_user?
+  end
+
+  def is_normal_user_or_admin_of_team?(team)
+    @user_team.normal_user? or @user_team.admin?
+  end
+
+  def is_guest_of_team?(team)
+    @user_team.guest?
+  end
+end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -1,6 +1,6 @@
 class User < ApplicationRecord
-  include SearchableModel
-  include SettingsModel
+  include SearchableModel, SettingsModel
+  include User::TeamRoles, User::ProjectRoles

  acts_as_token_authenticatable
  devise :invitable, :confirmable, :database_authenticatable, :registerable,
--- a/config/application.rb
+++ b/config/application.rb
@ -15,6 +15,9 @@ module Scinote
    # Application configuration should go into files in config/initializers
    # -- all .rb files in that directory are automatically loaded.

+    # Load all model concerns, including subfolders
+    config.autoload_paths += Dir["#{Rails.root}/app/models/concerns/**/*.rb"]
+
    config.encoding = 'utf-8'

    config.active_job.queue_adapter = :delayed_job
--- a/config/initializers/canaid.rb
+++ b/config/initializers/canaid.rb
@ -0,0 +1,4 @@
+Canaid.configure do |config|
+  config.permissions_paths << 'app/permissions/**/*.rb'
+  config.permissions_paths << 'addons/**/app/permissions/**/*.rb'
+end