Merge pull request #888 from biosistemika/lm-sci-1795

Setup main architecture for permissions refactoring [SCI-1795]
2025-12-09 05:37:36 +08:00 · 2017-11-23 12:32:49 +01:00 · 2017-11-23 12:32:49 +01:00 · c51a85a161
commit c51a85a161
parent 2f66c1df25 00fe267a2a
7 changed files with 126 additions and 2 deletions
--- a/3
+++ b/3
@ -86,6 +86,9 @@ gem 'devise_security_extension',
    git: 'https://github.com/phatworx/devise_security_extension.git',
    ref: 'b2ee978'
 # Permission helper Gem
 gem 'canaid', git: 'https://github.com/biosistemika/canaid', branch: 'master'
 group :development, :test do
  gem 'listen', '~> 3.0'
  gem 'byebug'
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -1,3 +1,12 @@
 GIT
  remote: https://github.com/biosistemika/canaid
  revision: 8014ee3f017fe2446b74121fdbd3253aec645932
  branch: master
  specs:
    canaid (0.0.1)
      devise (>= 3.4.1)
      rails (>= 4)
 GIT
  remote: https://github.com/biosistemika/jquery-scrollto-rails
  revision: d1d40d5334e0bccfc64208ba81b9a7792f6cb591
@ -511,6 +520,7 @@ DEPENDENCIES
  bootstrap_form
  bullet
  byebug
  canaid!
  capybara
  capybara-email
  commit_param_routing
--- a/app/models/concerns/user/project_roles.rb
+++ b/app/models/concerns/user/project_roles.rb
@ -0,0 +1,60 @@
 require 'aspector'
 module User::ProjectRoles
  extend ActiveSupport::Concern
  aspector do
    # Check if user is member of project
    around %i(
      is_member_of_project?
      is_owner_of_project?
      is_user_of_project?
      is_user_or_higher_of_project?
      is_technician_of_project?
      is_technician_or_higher_of_project?
      is_viewer_of_project?
    ) do |proxy, *args, &block|
      if args[0]
        @user_project = user_projects.where(project: args[0]).take
        @user_project ? proxy.call(*args, &block) : false
      else
        false
      end
    end
  end
  def is_member_of_project?(project)
    # This is already checked by aspector, so just return true
    true
  end
  def is_creator_of_project?(project)
    project.created_by == self
  end
  def is_owner_of_project?(project)
    @user_project.owner?
  end
  def is_user_of_project?(project)
    @user_project.normal_user?
  end
  def is_user_or_higher_of_project?(project)
    @user_project.normal_user? or @user_project.owner?
  end
  def is_technician_of_project?(project)
    @user_project.technician?
  end
  def is_technician_or_higher_of_project?(project)
    @user_project.technician? or
      @user_project.normal_user? or
      @user_project.owner?
  end
  def is_viewer_of_project?(project)
    @user_project.viewer?
  end
 end
--- a/app/models/concerns/user/team_roles.rb
+++ b/app/models/concerns/user/team_roles.rb
@ -0,0 +1,44 @@
 require 'aspector'
 module User::TeamRoles
  extend ActiveSupport::Concern
  aspector do
    # Check if user is member of team
    around %i(
      is_member_of_team?
      is_admin_of_team?
      is_normal_user_of_team?
      is_normal_user_or_admin_of_team?
      is_guest_of_team?
    ) do |proxy, *args, &block|
      if args[0]
        @user_team = user_teams.where(team: args[0]).take
        @user_team ? proxy.call(*args, &block) : false
      else
        false
      end
    end
  end
  def is_member_of_team?(team)
    # This is already checked by aspector, so just return true
    true
  end
  def is_admin_of_team?(team)
    @user_team.admin?
  end
  def is_normal_user_of_team?(team)
    @user_team.normal_user?
  end
  def is_normal_user_or_admin_of_team?(team)
    @user_team.normal_user? or @user_team.admin?
  end
  def is_guest_of_team?(team)
    @user_team.guest?
  end
 end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -1,6 +1,6 @@
 class User < ApplicationRecord
-  include SearchableModel
+  include SearchableModel, SettingsModel
-  include SettingsModel
+  include User::TeamRoles, User::ProjectRoles
  acts_as_token_authenticatable
  devise :invitable, :confirmable, :database_authenticatable, :registerable,
--- a/config/application.rb
+++ b/config/application.rb
@ -15,6 +15,9 @@ module Scinote
    # Application configuration should go into files in config/initializers
    # -- all .rb files in that directory are automatically loaded.
    # Load all model concerns, including subfolders
    config.autoload_paths += Dir["#{Rails.root}/app/models/concerns/**/*.rb"]
    config.encoding = 'utf-8'
    config.active_job.queue_adapter = :delayed_job
--- a/config/initializers/canaid.rb
+++ b/config/initializers/canaid.rb
@ -0,0 +1,4 @@
 Canaid.configure do |config|
  config.permissions_paths << 'app/permissions/**/*.rb'
  config.permissions_paths << 'addons/**/app/permissions/**/*.rb'
 end