lib/scrivito/user.rb in scrivito_sdk-0.42.1 vs lib/scrivito/user.rb in scrivito_sdk-0.50.0.rc1
- old
+ new
@@ -1,53 +1,68 @@
module Scrivito
+ #
# @api public
+ #
class User
+ #
# Valid action verbs for the explicit rules.
# @api public
+ #
VERBS = [
:create,
:delete,
:invite_to,
:publish,
:read,
:write,
].freeze
class << self
+ #
# Defines a new user.
+ #
# @api public
+ #
# @param [String] id the unique, unalterable id of the user.
# The user id is used to associate the user with the corresponding CMS resources.
# It will be persisted in the CMS.
+ #
# @raise [Scrivito::ScrivitoError] if id is blank
# @raise [Scrivito::ScrivitoError] if id is more than 64 characters long
+ #
# @yieldparam [Scrivito::UserDefinition] user object to define rules on
+ #
# @see Scrivito::UserDefinition#can_always
# @see Scrivito::UserDefinition#can_never
# @see Scrivito::UserDefinition#description
# @see Scrivito::UserDefinition#restrict_obj_publish
# @see Scrivito::UserDefinition#suggest_users
+ #
# @example
# Scrivito::User.define('alice') do |user|
# user.description { 'Alice Almighty' }
+ #
# user.can_always(:read, :workspace)
# user.can_always(:write, :workspace)
# user.can_always(:publish, :workspace, 'You can always publish workspaces.')
# end
#
# Scrivito::User.define('bob') do |user|
- # user.description { 'Bob Doe' }
+ # user.description('Bob Doe')
+ #
# user.can_never(:create, :workspace, 'You are not allowed to create workspaces.')
# user.can_always(:read, :workspace)
+ #
# user.restrict_obj_publish(using: :_obj_class) do |obj_class|
# if obj_class.name == 'BlogPost'
# false
# else
# 'You are not allowed to publish blog posts.'
# end
# end
# end
+ #
def define(id, &block)
assert_valid_id(id)
define_user(id, &block)
end
@@ -106,13 +121,14 @@
@explicit_rules.each_key { |rule| assert_valid_verb(rule.second) }
end
def can?(verb, workspace)
assert_valid_verb(verb)
- verb == :read && workspace.published? ||
- can_always?(verb, :workspace) ||
- verb != :create && owner_of?(workspace) && !can_never?(verb, :workspace)
+ can_always?(verb, :workspace) ||
+ verb == :create && can_create? ||
+ verb == :read && can_read?(workspace) ||
+ can_as_owner?(verb, workspace)
end
def can_always?(verb, subject)
assert_valid_verb(verb)
@explicit_rules.has_key?([:can_always, verb, subject])
@@ -126,26 +142,30 @@
def owner_of?(workspace)
membership = workspace.memberships[self]
membership ? membership.role == 'owner' : false
end
- # Verfies if the User is able to publish changes to a certain {BasicObj Obj}
#
+ # Verifies if the User is able to publish changes to a certain {BasicObj Obj}
+ #
# @api public
# @param [BasicObj] obj the obj that should be published
# @return [Boolean] true if the user is allowed to publish otherwise false
+ #
def can_publish?(obj)
restriction_messages_for(obj).empty?
end
+ #
# Checks if the User is able to publish changes and returns the message
# specified in a {UserDefinition#restrict_obj_publish} callback if they are not
# If the user can publish the obj an empty array is returned
#
# @api public
# @param [BasicObj] obj the obj that should be published
# @return [Array<String>] Hints why the user can't publish
+ #
def restriction_messages_for(obj)
assert_restrictions_applicable(obj)
return [] if can_always?(:publish, :workspace)
@@ -177,9 +197,21 @@
def system_user?
id.nil?
end
private
+
+ def can_create?
+ !can_never?(:create, :workspace)
+ end
+
+ def can_read?(workspace)
+ workspace.published? || can_as_owner?(:read, workspace)
+ end
+
+ def can_as_owner?(verb, workspace)
+ workspace.is_a?(Workspace) && owner_of?(workspace) && !can_never?(verb, :workspace)
+ end
def calculate_description
description_proc ? description_proc.call : id
end