Skip to content

Commit

Permalink
Show user permissions on current-user API endpoint
Browse files Browse the repository at this point in the history
  • Loading branch information
@rschumann
rschumann committed Apr 20, 2017
1 parent 052ffbc commit 29a6ddf
Show file tree
Hide file tree
Showing 14 changed files with 191 additions and 10 deletions.
2 changes: 1 addition & 1 deletion LICENSE
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
The MIT License (MIT)

Copyright (c) 2015 Vizzuality
Copyright (c) 2017 Vizzuality

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
Expand Down
4 changes: 2 additions & 2 deletions app/models/abilities/publisher.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,17 +8,17 @@ def initialize(user)

can [:activate, :deactivate], ::Comment
can [:activate, :deactivate], ::Project
can [:publish, :unpublish], ::Project
can [:activate, :deactivate], ::User
can [:activate, :deactivate], ::Photo
can [:activate, :deactivate], ::Document
can [:activate, :deactivate], ::ExternalSource
can [:activate, :deactivate], ::Country
can [:activate, :deactivate], ::Impact
can [:publish, :unpublish], ::Project

can :manage, ::Project, project_users: { user_id: user.id, is_owner: true }
can :create, ::Project
can :update, ::Project, project_users: { user_id: user.id }
can :create, ::Project
can [:read, :index_all, :show_project_and_bm], ::Project
can :update, ::User, id: user.id
can :create, ::Comment
Expand Down
2 changes: 1 addition & 1 deletion app/models/ability.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ class Ability
include CanCan::Ability

def initialize(user)
if user # devise session users
if user
if user.is_active_admin?
merge Abilities::Admin.new(user)
elsif user.is_active_publisher?
Expand Down
2 changes: 1 addition & 1 deletion app/models/category.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
#

class Category < ApplicationRecord
enum project_type: { Category: 0, Solution: 1, Bme: 2, Impact: 3, Enabling: 4, Timing: 5 }
enum project_type: { Category: 0, Solution: 1, Bme: 2, Impact: 3, Enabling: 4, Timing: 5 }.freeze

# Parent-Children-Relations
belongs_to :parent, class_name: 'Category', touch: true
Expand Down
2 changes: 1 addition & 1 deletion app/models/enabling.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
#

class Enabling < ApplicationRecord
enum assessment_value: { Success: 1, Barrier: 2 }
enum assessment_value: { Success: 1, Barrier: 2 }.freeze

belongs_to :category, inverse_of: :enablings, touch: true

Expand Down
28 changes: 28 additions & 0 deletions app/models/permissions/admin.rb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
# frozen_string_literal: true
module Permissions
class Admin
class << self
def abilities
{
'all': {
'StudyCase': ['create', 'update', 'destroy', 'read', 'activate', 'deactivate', 'publish', 'unpublish'],
'BusinessModel': ['create', 'update', 'destroy', 'read', 'activate', 'deactivate', 'publish', 'unpublish'],
'Bme': ['create', 'update', 'destroy', 'read'],
'Category': ['create', 'update', 'destroy', 'read'],
'City': ['create', 'update', 'destroy', 'read'],
'Comment': ['create', 'destroy', 'activate', 'deactivate'],
'Country': ['create', 'update', 'destroy', 'read', 'activate', 'deactivate'],
'Document': ['create', 'update', 'destroy', 'read', 'activate', 'deactivate'],
'Enabling': ['create', 'update', 'destroy', 'read'],
'ExternalSource': ['create', 'update', 'destroy', 'read', 'activate', 'deactivate'],
'Impact': ['create', 'update', 'destroy', 'read', 'activate', 'deactivate'],
'Photo': ['create', 'update', 'destroy', 'read', 'activate', 'deactivate'],
'User': ['create', 'update', 'destroy', 'read', 'activate', 'deactivate']
},
'owner': {},
'member': {}
}
end
end
end
end
35 changes: 35 additions & 0 deletions app/models/permissions/editor.rb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
# frozen_string_literal: true
module Permissions
class Editor
class << self
def abilities
{
'all': {
'StudyCase': ['create', 'read'],
'BusinessModel': ['create'],
'Bme': ['read'],
'Category': ['read'],
'City': ['read'],
'Comment': ['create'],
'Country': ['read'],
'Document': ['read'],
'Enabling': ['read'],
'ExternalSource': ['read'],
'Impact': ['read'],
'Photo': ['read'],
'User': ['read']
},
'owner': {
'User': ['update'],
'StudyCase': ['delete'],
'BusinessModel': ['delete']
},
'member': {
'StudyCase': ['update'],
'BusinessModel': ['read', 'update']
}
}
end
end
end
end
28 changes: 28 additions & 0 deletions app/models/permissions/guest.rb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
# frozen_string_literal: true
module Permissions
class Guest
class << self
def abilities
{
'all': {
'StudyCase': ['read'],
'BusinessModel': [],
'Bme': ['read'],
'Category': ['read'],
'City': ['read'],
'Comment': [],
'Country': ['read'],
'Document': ['read'],
'Enabling': ['read'],
'ExternalSource': ['read'],
'Impact': ['read'],
'Photo': ['read'],
'User': ['read']
},
'owner': {},
'member': {}
}
end
end
end
end
35 changes: 35 additions & 0 deletions app/models/permissions/publisher.rb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
# frozen_string_literal: true
module Permissions
class Publisher
class << self
def abilities
{
'all': {
'StudyCase': ['create', 'read', 'activate', 'deactivate', 'publish', 'unpublish'],
'BusinessModel': ['create', 'read', 'activate', 'deactivate', 'publish', 'unpublish'],
'Bme': ['read'],
'Category': ['read'],
'City': ['read'],
'Comment': ['create', 'activate', 'deactivate'],
'Country': ['read', 'activate', 'deactivate'],
'Document': ['read', 'activate', 'deactivate'],
'Enabling': ['read'],
'ExternalSource': ['read', 'activate', 'deactivate'],
'Impact': ['read', 'activate', 'deactivate'],
'Photo': ['read', 'activate', 'deactivate'],
'User': ['read', 'activate', 'deactivate']
},
'owner': {
'User': ['update'],
'StudyCase': ['delete'],
'BusinessModel': ['delete']
},
'member': {
'StudyCase': ['update'],
'BusinessModel': ['update']
}
}
end
end
end
end
33 changes: 33 additions & 0 deletions app/models/permissions/user.rb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
# frozen_string_literal: true
module Permissions
class User
class << self
def abilities
{
'all': {
'StudyCase': ['read'],
'BusinessModel': [],
'Bme': ['read'],
'Category': ['read'],
'City': ['read'],
'Comment': ['create'],
'Country': ['read'],
'Document': ['read'],
'Enabling': ['read'],
'ExternalSource': ['read'],
'Impact': ['read'],
'Photo': ['read'],
'User': ['read']
},
'owner': {
'User': ['update']
},
'member': {
'StudyCase': ['update'],
'BusinessModel': ['read', 'update']
}
}
end
end
end
end
2 changes: 1 addition & 1 deletion app/models/project.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@
#

class Project < ApplicationRecord
enum project_type: { BusinessModel: 0, StudyCase: 1 }
enum project_type: { BusinessModel: 0, StudyCase: 1 }.freeze

belongs_to :category, inverse_of: :projects, touch: true
belongs_to :country, inverse_of: :projects, optional: true, touch: true
Expand Down
13 changes: 12 additions & 1 deletion app/models/user.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@
class User < ApplicationRecord
has_secure_password

enum role: { user: 0, editor: 1, publisher: 2, admin: 3 }
enum role: { user: 0, editor: 1, publisher: 2, admin: 3 }.freeze

# Include default devise modules.
TEMP_EMAIL_REGEX = /\Achange@tmp/
Expand Down Expand Up @@ -75,6 +75,17 @@ def user_select
end
end

def permissions
if self.is_active?
role_class = '::Permissions'
role_class += "::#{self.role.classify}"

role_class.constantize.send('abilities')
else
::Permissions::Guest.abilities
end
end

def display_name
return "#{half_email}" if name.blank?
"#{name}"
Expand Down
6 changes: 5 additions & 1 deletion app/serializers/user_serializer.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,5 +28,9 @@ class UserSerializer < ActiveModel::Serializer
attributes :id, :name, :email, :role, :country_id,
:city_id, :nickname, :institution, :position,
:twitter_account, :linkedin_account, :is_active,
:deactivated_at, :image
:deactivated_at, :image, :permissions

def permissions
object.permissions
end
end
9 changes: 8 additions & 1 deletion spec/acceptance/v1/users_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -205,7 +205,14 @@ module V1
"nickname"=>"test", "institution"=>nil, "position"=>nil,
"twitter_account"=>nil, "linkedin_account"=>nil,
"is_active"=>true, "deactivated_at"=>nil,
"image"=>{"url"=>nil, "thumbnail"=>{"url"=>nil}, "square"=>{"url"=>nil}}}})
"image"=>{"url"=>nil, "thumbnail"=>{"url"=>nil}, "square"=>{"url"=>nil}},
"permissions"=>{"all"=>{"StudyCase"=>["read"], "BusinessModel"=>[],
"Bme"=>["read"], "Category"=>["read"], "City"=>["read"],
"Comment"=>["create"], "Country"=>["read"], "Document"=>["read"],
"Enabling"=>["read"], "ExternalSource"=>["read"], "Impact"=>["read"],
"Photo"=>["read"], "User"=>["read"]},
"owner"=>{"User"=>["update"]},
"member"=>{"StudyCase"=>["update"], "BusinessModel"=>["read", "update"]}}}})
end

let!(:error) {
Expand Down

0 comments on commit 29a6ddf

Please sign in to comment.