Created
August 10, 2010 19:44
-
-
Save kevinpfromnm/517863 to your computer and use it in GitHub Desktop.
Unix permissions example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
UnixPermissions = classy_module do | |
belongs_to :owner, :creator => true, :class_name => "User" | |
belongs_to :group | |
fields do | |
group_read :boolean | |
group_write :boolean | |
group_destroy :boolean | |
everyone_read :boolean | |
everyone_write :boolean | |
everyone_destroy :boolean | |
end | |
READ_ONLY_FIELDS = [:group_read, :group_write, :group_destroy, :everyone_read, :everyone_write, :everyone_destroy, :owner, :group] | |
# Early exit true when these are true | |
def before_update_permitted?; acting_user.administrator?; end | |
def before_destroy_permitted?; acting_user.administrator?; end | |
def before_view_permitted?(attribute); acting_user.administrator? or new_record?; end | |
# Early exit false when these are true | |
# Note: these don't run if above method early exists | |
def before_update_denied?; false; end | |
def before_destroy_denied?; false; end | |
def before_view_denied?(attribute); false; end | |
def create_permitted? | |
owner_is? acting_user | |
end | |
def update_permitted? | |
return true if before_update_permitted? | |
return false if before_update_denied? | |
return true if owner_is? acting_user | |
return false unless none_changed? *READ_ONLY_FIELDS | |
return true if everyone_write? | |
return true if group_write? and acting_user.groups.include? group | |
false | |
end | |
def destroy_permitted? | |
return true if before_destroy_permitted? | |
return false if before_destroy_denied? | |
return true if everyone_destroy? | |
return true if owner_is? acting_user | |
return true if group_destroy? and acting_user.groups.include? group | |
false | |
end | |
def view_permitted?(attribute) | |
return true if before_view_permitted?(attribute) | |
return false if before_view_denied?(attribute) | |
return true if everyone_read? | |
return true if owner_is? acting_user | |
return true if group_read? and acting_user.groups.include? group | |
false | |
end | |
end | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment