ActiveRecord::Base.logger = Logger.new('tmp/debug.log')
ActiveRecord::Base.configurations = YAML::load(IO.read('tmp/database.yml'))
ActiveRecord::Base.establish_connection('test')
ActiveRecord::Base.connection.create_table(:users) do |t|
t.boolean :admin
t.boolean :banned
t.belongs_to :dude
end
ActiveRecord::Base.connection.create_table(:dont_saves) do |t|
t.string :name
end
ActiveRecord::Base.connection.create_table(:articles) do |t|
t.belongs_to :owner
t.text :content
t.integer :secrecy_level
t.timestamps
end
class ActiveRecord::User < ActiveRecord::Base
include Heimdallr::Model
has_one :buddy, :class_name => self.name, :foreign_key => :dude_id
belongs_to :dude, :class_name => self.name
restrict do |user|
scope :fetch
end
end
class ActiveRecord::DontSave < ActiveRecord::Base; end
class ActiveRecord::Article < ActiveRecord::Base
include Heimdallr::Model
def self.by_id(id)
where(:id => id)
end
belongs_to :owner, :class_name => 'ActiveRecord::User'
def dont_save=(name)
ActiveRecord::DontSave.create :name => name
end
restrict do |user, record|
if user.banned?
# banned users cannot do anything
scope :fetch, -> { where('1=0') }
elsif user.admin?
# Administrator or owner can do everything
scope :fetch
scope :delete
can [:view, :create, :update]
else
# Other users can view only their own or non-classified articles...
scope :fetch, -> { where('owner_id = ? or secrecy_level < ?', user.id, 5) }
scope :delete, -> { where('owner_id = ?', user.id) }
# ... and see all fields except the actual security level
# (through owners can see everything)...
if record.try(:owner) == user
can :view
can :update, {
secrecy_level: { inclusion: { in: 0..4 } }
}
else
can :view
cannot :view, [:secrecy_level]
end
# ... and can create them with certain restrictions.
can :create, %w(content)
can :create, {
owner_id: user.id,
secrecy_level: { inclusion: { in: 0..4 } }
}
end
end
end
class ActiveRecord::SubArticle < ActiveRecord::Article; end