Class: Ability

Inherits:
Object
  • Object
show all
Includes:
CanCan::Ability
Defined in:
app/models/ability.rb

Overview

Define abilities for cancan

 if  role admin
   allow everything
 else
   if logged in
     cancan methods for a logged in user
     cancan methods for special roles
   else
     cancan for anyone (public)
   end
 end

Instance Method Summary (collapse)

Constructor Details

- (Ability) initialize(user)

Called by cancan with the current_user or nil if no user signed in. If so, we create a new user object which can be identified as an anonymous user by calling new_record? on it. if user.new_record? is true this means the session belongs to a not signed in user. 



26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
 
# File 'app/models/ability.rb', line 26

def initialize(user)
  user ||= User.new # guest user

  if user.role? :admin
    can :manage, :all  # Admin is god
  else
    
    # Not Admin?, let's see ...
    unless user.new_record? # Any signed in user
      can [:read, :manage, :update_avatar, :crop_avatar], User do |usr|
        user == usr
      end

      can [:manage], UserNotification do |notification|
        notification.user == user
      end


      # Users with role
      if user.role?(:guest)
        can :read, [Page, Blog] do |resource|
          rc = if resource.respond_to? :is_draft
            resource.is_draft != true
          else
            true
          end
          authority = resource.is_a?(Blog) ? resource : resource.blog
          rc = false if authority.user_role && authority.user_role > user.roles_mask
          rc
        end
        can :create, Comment
      end
      
      if user.role?(:confirmed_user)
        can :create, Invitation
      end
      
      if user.role?(:author)
        can :create, [Page, Blog, Posting]
      end
      
      if user.role?(:moderator)
        can :manage, [Posting, Comment]
      end
      
      if user.role?(:maintainer)
        can :manage, [Page, Blog, Posting, Comment, UserNotification]
        can :details, User
      end

    end # Any signed in user

    # Anybody
    can :read, Posting do |posting|
      access = (posting.is_draft != true) && posting.blog.public? && posting.recipient_ids.empty?
      unless (access == true || user.new_record?)
        access = posting.recipient_ids.include?(user.id)
      end
      access
    end
    
    can :read, [Page, Blog] do |resource|
      if resource.respond_to? :is_draft
        resource.is_draft != true
      else
        true
      end
    end
    can :create, Comment
    can :read, Comment do |comment|
      comment && !comment.new_record?
    end
    can :manage, Comment do |comment,session_comments|
      unless comment.new_record?
        # give 15mins to edit new comments
        expire = comment.updated_at+CONSTANTS['max_time_to_edit_new_comments'].to_i.minutes
        begin
          session_comments.detect { |c| c[0].eql?(comment.id.to_s) } &&  (Time.now < expire)
        rescue
          false
        end
      end
    end
  end # # not admin
end