app/models/ability.rb in hydra-head-4.0.0.rc5 vs app/models/ability.rb in hydra-head-4.0.0.rc6
- old
+ new
@@ -1,101 +1,4 @@
class Ability
include CanCan::Ability
- include Hydra::AccessControlsEnforcement
-
- attr_reader :user, :user_groups
-
- def initialize(user, session=nil)
- user ||= User.new # guest user (not logged in)
- @user = user
- @user_groups = RoleMapper.roles(@user.email)
- # everyone is automatically a member of the group 'public'
- @user_groups.push 'public' unless @user_groups.include?('public')
- # logged-in users are automatically members of the group "registered"
- @user_groups.push 'registered' unless (@user.email == '' || @user == "public" || @user_groups.include?('registered') )
-
- logger.debug("Usergroups is " + @user_groups.inspect)
-
- if @user.is_being_superuser?(session)
- can :manage, :all
- else
- hydra_default_permissions
- end
- end
-
- def hydra_default_permissions
- can :edit, String do |pid|
- @response, @permissions_solr_document = get_permissions_solr_response_for_doc_id(pid)
- test_edit
- end
-
- can :edit, ActiveFedora::Base do |obj|
- @response, @permissions_solr_document = get_permissions_solr_response_for_doc_id(obj.pid)
- test_edit
- end
-
- can :edit, SolrDocument do |obj|
- test_edit
- end
-
- can :read, String do |pid|
- @response, @permissions_solr_document = get_permissions_solr_response_for_doc_id(pid)
- test_read
- end
-
- can :read, ActiveFedora::Base do |obj|
- @response, @permissions_solr_document = get_permissions_solr_response_for_doc_id(obj.pid)
- test_read
- end
-
- can :read, SolrDocument do |obj|
- test_read
- end
- end
-
- private
- def test_edit
- logger.debug("CANCAN Checking edit permissions for user: #{@user}")
- group_intersection = @user_groups & edit_groups
- result = !group_intersection.empty? || edit_persons.include?(@user.email)
- logger.debug("CANCAN decision: #{result}")
- result
- end
-
- def test_read
- logger.debug("CANCAN Checking edit permissions for user: #{@user}")
- group_intersection = @user_groups & read_groups
- result = !group_intersection.empty? || read_persons.include?(@user.email)
- logger.debug("CANCAN decision: #{result}")
- result
- end
-
- def edit_groups
- edit_group_field = Hydra.config[:permissions][:edit][:group]
- eg = ((@permissions_solr_document == nil || @permissions_solr_document.fetch(edit_group_field,nil) == nil) ? [] : @permissions_solr_document.fetch(edit_group_field,nil))
- logger.debug("edit_groups: #{eg.inspect}")
- return eg
- end
-
- # edit implies read, so read_groups is the union of edit and read groups
- def read_groups
- read_group_field = Hydra.config[:permissions][:read][:group]
- rg = edit_groups | ((@permissions_solr_document == nil || @permissions_solr_document.fetch(read_group_field,nil) == nil) ? [] : @permissions_solr_document.fetch(read_group_field,nil))
- logger.debug("read_groups: #{rg.inspect}")
- return rg
- end
-
- def edit_persons
- edit_person_field = Hydra.config[:permissions][:edit][:individual]
- ep = ((@permissions_solr_document == nil || @permissions_solr_document.fetch(edit_person_field,nil) == nil) ? [] : @permissions_solr_document.fetch(edit_person_field,nil))
- logger.debug("edit_persons: #{ep.inspect}")
- return ep
- end
-
- # edit implies read, so read_persons is the union of edit and read persons
- def read_persons
- read_individual_field = Hydra.config[:permissions][:read][:individual]
- rp = edit_persons | ((@permissions_solr_document == nil || @permissions_solr_document.fetch(read_individual_field,nil) == nil) ? [] : @permissions_solr_document.fetch(read_individual_field,nil))
- logger.debug("read_persons: #{rp.inspect}")
- return rp
- end
+ include Hydra::Ability
end