module IdPlease module ModelExtensions module ForSubject def in_group!(group) raise "Groups must be enabled for this model" unless _auth_groups_enabled raise "Object passed in not a group" unless group.kind_of?(_auth_group_class) self.has_role!(_auth_group_role, group) end def in_group?(group) raise "Groups must be enabled for this model" unless _auth_groups_enabled raise "Object passed in not a group" unless group.kind_of?(_auth_group_class) self.has_role?(_auth_group_role, group) end def not_in_group!(group) raise "Groups must be enabled for this model" unless _auth_groups_enabled raise "Object passed in not a group" unless group.kind_of?(_auth_group_class) self.has_no_role!(_auth_group_role, group) end def not_in_any_group! raise "Groups must be enabled for this model" unless _auth_groups_enabled all_groups.each { |group| self.not_in_group!(group) } end def groups(*args) raise "Groups must be enabled for this model" unless _auth_groups_enabled options = {:result => :list}.merge(args.extract_options!) group_hash = {} all_groups = direct_parent_groups(self) all_groups.each { |g| group_hash[g] = [self]} if _auth_nested_groups && options[:nested] != false infinite_loop_counter = 25 to_find = all_groups.dup until to_find.empty? || (infinite_loop_counter -=1) <= 0 all_child_groups = [] to_find.each do |parent_group| child_groups = direct_parent_groups(parent_group) child_groups.each { |g| group_hash.has_key?(g) ? group_hash[g] << parent_group : group_hash[g] = [parent_group]} all_child_groups += child_groups end all_child_groups.uniq! all_groups += all_child_groups to_find = all_child_groups end end case options[:result] when :list all_groups.uniq when :hash group_hash end end def has_role?(role_name, object = nil, option_hash = {}) subjects_to_check = option_hash[:check_groups] == false ? [self] : self_and_groups !Role.authorizable_eq(object).name_eq(role_name.to_s).assignments_subject_eq(*subjects_to_check).empty? end def has_role!(role_name, object = nil) role = get_role(role_name, object) if role.nil? role_attrs = case object when Class { :authorizable_type => object.to_s } when nil {} else { :authorizable => object } end.merge(:name => role_name.to_s) role = self._auth_assigned_roles.create!(role_attrs) else unless assigned_to_role?(role) self._auth_assigned_roles << role end end role end def has_roles_for?(object) !get_assigned_roles_for(object).empty? end alias :has_role_for? :has_roles_for? def roles_for(object) get_assigned_roles_for(object) end def has_no_role!(role_name, object = nil) role = get_role(role_name, object) remove_from_role(role) end def has_no_roles_for!(object = nil) roles_for(object).each { |role| remove_from_role(role) } end ## # Unassign all roles from +self+. def has_no_roles! roles = self._auth_assigned_roles.clone roles.each do |role| remove_from_role(role) end end private def direct_parent_groups(*subjects) _auth_role_class.assignments_subject_eq(*subjects).name_eq(_auth_group_role).authorizable_type_eq(_auth_group_class_name).all(:include => :authorizable).collect(&:authorizable) end def self_and_groups if _auth_groups_enabled groups << self else [self] end end def remove_from_role(role) if role self._auth_assigned_roles.delete(role) role.destroy if self._auth_assign_class.role_id_eq(role).empty? end end def get_role(role_name, object) _auth_role_class.authorizable_eq(object).name_eq(role_name.to_s).first end def assigned_to_role?(role) !!_auth_assign_class.subject_eq(self).role_id_eq(role).first end def get_assigned_roles_for(object) _auth_role_class.authorizable_eq(object).assignments_subject_eq(self) end protected def _auth_role_class self.class._auth_role_class_name.constantize end def _auth_subject_class self.class._auth_subject_class_name.constantize end def _auth_group_class self.class._auth_group_class_name.constantize end def _auth_assign_class self.class._auth_assign_class_name.constantize end def _auth_role_assoc self.class._auth_role_assoc_name end def _auth_assigned_roles send(self._auth_role_assoc) end end end end