kevinpfromnm/unix permissions module.rb

## unix permissions module.rb
UnixPermissions = classy_module do
  belongs_to :owner, :creator => true, :class_name => "User"
  belongs_to :group

  fields do
    group_read :boolean
    group_write :boolean
    group_destroy :boolean
    everyone_read :boolean
    everyone_write :boolean
    everyone_destroy :boolean
  end

  READ_ONLY_FIELDS = [:group_read, :group_write, :group_destroy, :everyone_read, :everyone_write, :everyone_destroy, :owner, :group]

  # Early exit true when these are true
  def before_update_permitted?;          acting_user.administrator?;                end
  def before_destroy_permitted?;         acting_user.administrator?;                end
  def before_view_permitted?(attribute); acting_user.administrator? or new_record?; end

  # Early exit false when these are true
  # Note: these don't run if above method early exists
  def before_update_denied?;          false; end
  def before_destroy_denied?;         false; end
  def before_view_denied?(attribute); false; end

  def create_permitted?
    owner_is? acting_user
  end

  def update_permitted?
    return true if before_update_permitted?
    return false if before_update_denied?
    return true if owner_is? acting_user
    return false unless none_changed? *READ_ONLY_FIELDS
    return true if everyone_write?
    return true if group_write? and acting_user.groups.include? group
    false
  end

  def destroy_permitted?
    return true if before_destroy_permitted?
    return false if before_destroy_denied?
    return true if everyone_destroy?
    return true if owner_is? acting_user
    return true if group_destroy? and acting_user.groups.include? group
    false
  end

  def view_permitted?(attribute)
    return true if before_view_permitted?(attribute)
    return false if before_view_denied?(attribute)
    return true if everyone_read?
    return true if owner_is? acting_user
    return true if group_read? and acting_user.groups.include? group
    false
  end
end
	UnixPermissions = classy_module do
	belongs_to :owner, :creator => true, :class_name => "User"
	belongs_to :group

	fields do
	group_read :boolean
	group_write :boolean
	group_destroy :boolean
	everyone_read :boolean
	everyone_write :boolean
	everyone_destroy :boolean
	end

	READ_ONLY_FIELDS = [:group_read, :group_write, :group_destroy, :everyone_read, :everyone_write, :everyone_destroy, :owner, :group]

	# Early exit true when these are true
	def before_update_permitted?; acting_user.administrator?; end
	def before_destroy_permitted?; acting_user.administrator?; end
	def before_view_permitted?(attribute); acting_user.administrator? or new_record?; end

	# Early exit false when these are true
	# Note: these don't run if above method early exists
	def before_update_denied?; false; end
	def before_destroy_denied?; false; end
	def before_view_denied?(attribute); false; end

	def create_permitted?
	owner_is? acting_user
	end

	def update_permitted?
	return true if before_update_permitted?
	return false if before_update_denied?
	return true if owner_is? acting_user
	return false unless none_changed? *READ_ONLY_FIELDS
	return true if everyone_write?
	return true if group_write? and acting_user.groups.include? group
	false
	end

	def destroy_permitted?
	return true if before_destroy_permitted?
	return false if before_destroy_denied?
	return true if everyone_destroy?
	return true if owner_is? acting_user
	return true if group_destroy? and acting_user.groups.include? group
	false
	end

	def view_permitted?(attribute)
	return true if before_view_permitted?(attribute)
	return false if before_view_denied?(attribute)
	return true if everyone_read?
	return true if owner_is? acting_user
	return true if group_read? and acting_user.groups.include? group
	false
	end
	end