module Fiona7 class ScrivitoUser def self.define(rsession_user) Scrivito::User.define(rsession_user.user_name) do |user_definition| # # Define how this user should be presented in the UI. # user_definition.description { "#{rsession_user.user_name}" } # :-) user_definition.can_always(:read, :workspace) # workspaces can only be selected user_definition.can_never(:create, :workspace) # any write operation user_definition.can_always(:write, :workspace) # Below, we define the publishing restrictions related to 'Obj's for this user. # The restriction callbacks should either return nothing (the 'Obj' may be published), # or a string describing why the 'Obj' cannot be published by this user. # # Here, the '_path' attribute of a changed 'Obj' is used to determine # whether the user is trying to publish changes made to a particular website # section, here "investor relations", which requires a special permission. # user_definition.restrict_obj_publish(using: :_id) do |id| obj = Fiona7::WriteObj.find(id) path = obj.path if !obj || !obj.permission.release?(rsession_user.user_name) I18n.t(:"fiona7.publish_permission_resticted", path: path) elsif obj && !obj.valid?(:release) obj.errors.full_messages.join("\n") end end # only root can publish rtc #if rsession_user.superuser? # user_definition.can_always(:publish, :workspace) #else user_definition.can_never(:publish, :workspace) #end end end end end