|
authorization do |
|
role :guest do |
|
has_permission_on :authorization_rules, :to => :read |
|
|
|
has_permission_on [:users, :favorites], :to => [:index] |
|
#USER |
|
has_permission_on :users, :to => :create |
|
has_permission_on :users, :to => [:show] do |
|
if_attribute :settings => {:show_profile => is {true}} |
|
end |
|
has_permission_on :users_posts, :to => :read do |
|
if_attribute :user => {:settings => {:show_blog => is {Accessible::PUBLIC}}} |
|
end |
|
has_permission_on [:questions, :posts, :galleries, :photos, :videos], :to => :read do |
|
if_attribute :public => is { true } # либо не в группе, либо группа открытая |
|
end |
|
#GROUPS |
|
has_permission_on :groups, :to => :get_invites |
|
|
|
has_permission_on :groups, :to => :read do |
|
if_attribute :membership_type => is_not {Group::SECRET} |
|
end |
|
has_permission_on [:groups_posts, :groups_questions, :groups_galleries, :groups_videos], :to => [:read] do |
|
if_attribute :group => {:membership_type => is{Group::PUBLIC}} |
|
end |
|
#CITIES |
|
has_permission_on [:cities, :feedbacks], :to => [:read] do |
|
if_attribute :published => true |
|
end |
|
has_permission_on [:hotels, :restaurants, :generics], :to => [:read] do |
|
if_attribute :published => true, :city_published => true |
|
end |
|
end |
|
|
|
role :user do |
|
includes :guest |
|
|
|
### User's objects |
|
has_permission_on :users, :to => :manage do |
|
if_attribute :id => is {user.id} |
|
end |
|
has_permission_on :users_blacklist, :to => [:index, :add_to_blacklist, :remove_from_blacklist] |
|
has_permission_on :users_messages, :users_posts, :to => :manage |
|
has_permission_on [:galleries, |
|
:photos, |
|
:questions, |
|
:groups, |
|
:videos, |
|
:favorites, |
|
:subscriptions, |
|
:feedbacks, |
|
:hotels, |
|
:restaurants, |
|
:generics, |
|
:complaint], :to => [:create] |
|
has_permission_on [:galleries, :questions, :videos,:posts, :favorites, :subscriptions], :to => :manage do |
|
if_attribute :user => is {user}#, :group => is { nil } |
|
end |
|
has_permission_on :groups, :to => :manage do |
|
if_attribute :owner => is {user} |
|
end |
|
has_permission_on :groups_moderators, :to => :manage do |
|
if_attribute :group => {:owner => is{user}} |
|
end |
|
has_permission_on :photos, :to => :manage do |
|
if_attribute :gallery => { :user => is { user }} |
|
end |
|
has_permission_on [:hotels, :restaurants, :generics, :feedbacks], :to => [:manage] do |
|
if_attribute :user => is {user}, :published => false |
|
end |
|
|
|
### Groups |
|
|
|
has_permission_on :groups, :to => [:read] do |
|
if_attribute :users => contains { user }, :membership_type => is { Group::SECRET } |
|
end |
|
has_permission_on :groups, :to => [:join] do |
|
if_attribute :users => does_not_contain { user }, :membership_type => is_not { Group::SECRET } |
|
if_attribute :id => is_in { user.groups.invite.map {|g| g.id} }#, :membership_type => is { Group::SECRET } |
|
end |
|
|
|
has_permission_on :groups, :to => [:leave] do |
|
if_attribute :users => contains { user }, :owner => is_not { user } |
|
end |
|
|
|
has_permission_on [:groups_posts, :groups_questions, :groups_galleries, :groups_videos], :to => [:create] do |
|
if_attribute :group => {:users => contains {user}} |
|
end |
|
has_permission_on [:groups_photos], :to => [:create] do |
|
if_attribute :gallery => {:group => {:users => contains {user}}} |
|
end |
|
has_permission_on [:groups_posts, :groups_questions, :groups_galleries, :groups_videos], :to => [:read] do |
|
if_attribute :group => {:membership_type => is_not { Group::SECRET }} |
|
if_attribute :group => {:users => contains { user }, :membership_type => is { Group::SECRET }} |
|
end |
|
has_permission_on [:groups_photos], :to => [:read] do |
|
if_attribute :gallery => {:group => {:users => contains {user}}} |
|
end |
|
has_permission_on [:questions, :galleries, :videos, :posts], :to => [:manage] do |
|
if_attribute :group => is_not {nil}, :group => {:moderator_users => contains {user}} |
|
end |
|
has_permission_on [:groups_posts, :groups_questions], :to => [:manage] do |
|
if_attribute :group => {:users => contains {user}}, :user => is {user} |
|
end |
|
|
|
### Other users stuff |
|
has_permission_on :users_posts, :to => :read do |
|
if_attribute :user => {:settings => {:show_blog => is {Accessible::PUBLIC}}} |
|
if_attribute :user => {:settings => {:show_blog => is {Accessible::FRIENDS}}}, :user => is_in {user.friends} |
|
end |
|
|
|
has_permission_on :posts, :to => :read_logged do |
|
if_attribute :access_level => Accessible::PUBLIC, :group_type => is_not {Group::PUBLIC}, :group => {:users => contains { user }} |
|
if_attribute :access_level => Accessible::FRIENDS, :user => is_in {user.friends} |
|
end |
|
|
|
has_permission_on :answers, :to => [:create] do |
|
if_attribute :question => {:status => is {Question::OPEN}} |
|
end |
|
has_permission_on :answers, :to => [:update, :delete] do |
|
if_attribute :user => is { user } |
|
end |
|
has_permission_on :answers, :to => :delete do |
|
if_attribute :question => { :user => is { user }} |
|
end |
|
|
|
has_permission_on [:videos, :galleries], :to => :read do |
|
if_attribute :access_level => Accessible::PUBLIC |
|
if_attribute :access_level => Accessible::FRIENDS, :user => is_in {user.friends} |
|
end |
|
|
|
has_permission_on :photos, :to => :read do |
|
if_attribute :access_level => Accessible::PUBLIC |
|
if_attribute :access_level => Accessible::FRIENDS, :gallery => { :user => is_in { user.friends }} |
|
end |
|
|
|
has_permission_on :comments, :to => [:create, :reply] do |
|
if_attribute :permission_comment => is { true } |
|
end |
|
has_permission_on :comments, :to => [:update, :delete] do |
|
if_attribute :user => is { user } |
|
end |
|
has_permission_on :comments, :to => :delete do |
|
if_attribute :commentable => { :user => is {user}} |
|
end |
|
has_permission_on :votes, :to => [:create] do |
|
if_attribute :permission_vote => is { true } |
|
end |
|
|
|
#TODO delete this |
|
has_permission_on :subjects, :to => [:read, :manage] |
|
end |
|
|
|
role :admin do |
|
includes :user |
|
has_permission_on :users, :to => [:change_password, :update_password, :block, :unblock] |
|
has_permission_on [:users, |
|
:user_posts, |
|
:questions, |
|
:answers, |
|
:comments, |
|
:complaint, |
|
:admin_regions, |
|
:admin_countries, |
|
:admin_cities, |
|
:admin_city_object_types, |
|
:hotels, |
|
:restaurants, |
|
:generics, |
|
:criteries, |
|
:rating_coefficients], :to => :manage |
|
end |
|
end |
|
|
|
privileges do |
|
privilege :read, :includes => [:index, :show] |
|
privilege :read_logged, :includes => :read |
|
privilege :create, :includes => :new |
|
privilege :update, :includes => :edit |
|
privilege :delete, :includes => :destroy |
|
privilege :manage, :includes => [:create, :read, :update, :delete, :read_logged] |
|
privilege :change_status, :includes => [:close, :open] |
|
end |