app/models/ability.rb in gb_mapfish_appserver-0.8.7 vs app/models/ability.rb in gb_mapfish_appserver-0.9.0
- old
+ new
@@ -118,14 +118,16 @@
private
def layer_topics_lookup
#Build a lookup hash for all layer -> topic relations
@layer_topics ||= begin
- layer_topics = resources.all.inject({}) {|hsh,l| hsh[l.id] = []; hsh }
- # layer_topics = resources.inject({}) {|hsh,l| hsh[l.id] = []; hsh }
- all_topics = Topic.select("topics.id,topics.name,layers.id,layers.name").includes(:layers)
- all_topics.each {|t| t.layers.each {|l| layer_topics[l.id] << t.name} }
+ layer_topics = resources.all.inject({}) {|hsh,l| hsh[l.id] = []; hsh }
+
+ # NOTE: query without includes(:layers) is about 5 times faster
+ all_topics = Topic.select("id,name")
+ all_topics.each {|t| t.layers.select("layers.id,layers.name").each {|l| layer_topics[l.id] << t.name} }
+
layer_topics
end
end
end
@@ -265,10 +267,12 @@
#Custom aliases:
alias_action :index, :to => :show #Show implies index permissions
alias_action :index, :show, :legend, :query, :to => :edit #Edit implies index and show permissions
alias_action :legend, :query, :to => :show #Show implies legend and query permissions
+ @access_filters = {}
+
@ability_roles = ability_roles
if @ability_roles.has_role?(:admin)
can :manage, :all
#https://github.com/sferik/rails_admin/wiki/CanCan
can :access, :rails_admin
@@ -294,20 +298,27 @@
#Group permissions
GroupResourceType.new.add_ability(self, roles)
#Attribute permissions
ToolResourceType.new.add_ability(self, roles)
- end
- #Access filters: { resource_type => { resource => filter } }
- #@access_filters = {}
- #AccessFilter.for_roles(roles).each do |access_filter|
- # @access_filters[access_filter.resource_type] ||= {}
- # rtaf = @access_filters[access_filter.resource_type]
- # res = access_filter.resource.split('/').last
- # rtaf[res] = access_filter.condition
- #end
+ #Access filters:
+ # {
+ # resource_type => {
+ # topic => {
+ # layer => condition
+ # }
+ # }
+ # }
+ AccessFilter.for_roles(roles).each do |access_filter|
+ @access_filters[access_filter.resource_type] ||= {}
+
+ topic, layer = access_filter.resource.split('/')
+ @access_filters[access_filter.resource_type][topic] ||= {}
+ @access_filters[access_filter.resource_type][topic][layer] = access_filter.parse_condition
+ end
+ end
end
def roles
@ability_roles.roles
end
@@ -315,11 +326,24 @@
def user_permissions(action, resource)
resource_type = Permission::ResourceType.for_class(resource.class)
resource_type.roles_permissions(roles, action, resource)
end
- #def resource_access_filter(resource)
- # rtaf = @access_filters[resource.class.to_s]
- # return nil if rtaf.nil?
- # rtaf[resource.table]
- #end
+ # specific topic/layer takes precedence over "*" wildcard
+ # priorities: topic/layer > topic/* > */layer > */*
+ def access_filter(resource_type, topic, layer)
+ filter = nil
+ unless @access_filters[resource_type].nil?
+ unless @access_filters[resource_type][topic].nil?
+ # topic/layer or topic/*
+ filter = @access_filters[resource_type][topic][layer] || @access_filters[resource_type][topic]["*"]
+ end
+
+ if filter.nil? && !@access_filters[resource_type]["*"].nil?
+ # */layer or */*
+ filter = @access_filters[resource_type]["*"][layer] || @access_filters[resource_type]["*"]["*"]
+ end
+ end
+ filter
+ end
+
end