Last active
April 11, 2017 16:13
-
-
Save walterdavis/cc32d6516c7de34e388bd9e1246dc295 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
class Ability | |
include CanCan::Ability | |
def initialize(user) | |
user ||= User.new # guest user (not logged in) | |
can :read, :search | |
can [:send_feedback, :feedback], :feedback | |
if user.admin? | |
can :manage, :all | |
cannot :destroy, User, id: user.id | |
cannot :change_role, User, id: user.id | |
elsif user.manager? | |
can :read, :all | |
can :manage, CartItem, user_id: user.id | |
can [:dashboard, :edit, :update], User, id: user.id | |
can :invite, User | |
can :manage, Lightbox, user_id: user.id | |
can [:edit, :update, :sort], Lightbox, visibility: 'global' | |
can :manage, Project, user_id: user.id | |
can :manage, Asset, user_id: user.id | |
can :manage, Campaign, user_id: user.id | |
can :archives, Campaign | |
can :manage, Note, user_id: user.id | |
can :manage, SharedItem, user_id: user.id | |
can :manage, Slide, lightbox_id: user.lightbox_ids | |
can :manage, Slide, lightbox: {visibility: 'global'} | |
can :create, Slide, lightbox_id: 0 | |
can :manage, User, id: user.id | |
can :new, User, admin_role: 'dedicated' # this is an invitation | |
cannot :change_role, User | |
can :update, Approval do |approval| | |
(approval.user_id == user.id) || approval.user.proxy_ids.include?( user.id ) | |
end | |
elsif user.member? | |
can :read, :all | |
can :manage, CartItem, user_id: user.id | |
can [:dashboard, :edit, :update], User, id: user.id | |
can :manage, Lightbox, user_id: user.id | |
can [:edit, :update, :sort], Lightbox, visibility: 'global' | |
can :manage, Project, user_id: user.id | |
can :manage, Asset, user_id: user.id | |
can :archives, Campaign | |
can :manage, Note, user_id: user.id | |
can :manage, SharedItem, user_id: user.id | |
can :manage, Slide, lightbox_id: user.lightbox_ids | |
can :manage, Slide, lightbox: {visibility: 'global'} | |
can :create, Slide, lightbox_id: 0 | |
can :manage, User, id: user.id | |
cannot :change_role, User | |
can :update, Approval do |approval| | |
(approval.user_id == user.id) || approval.user.proxy_ids.include?( user.id ) | |
end | |
elsif user.dedicated? | |
can :manage, Project, current_projects: { project_id: user.project_ids } | |
can :manage, CartItem, user_id: user.id | |
can :manage, User, id: user.id | |
cannot :change_role, User | |
can :read, Note, project_id: user.project_ids | |
can :create, Note, user_id: user.id | |
can :read, Asset, project_id: user.project_ids | |
can :manage, Asset, project_id: user.project_ids, user_id: user.id | |
can [:read, :archives], Campaign, projects: { id: user.project_ids } | |
can :read, User, projects: { id: user.project_ids } | |
can :manage, Lightbox, user_id: user.id | |
can [:edit, :update, :sort], Lightbox, visibility: 'global' | |
can :manage, Slide, lightbox_id: user.lightbox_ids | |
can :manage, Slide, lightbox: {visibility: 'global'} | |
can :create, Slide, lightbox_id: 0 | |
can :manage, SharedItem, user_id: user.id | |
can :update, Approval do |approval| | |
(approval.user_id == user.id) || approval.user.proxy_ids.include?( user.id ) | |
end | |
end | |
end | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
class AssetPolicy | |
attr_reader :user, :asset | |
def initialize(user, asset) | |
@user = user | |
@asset = asset | |
end | |
def edit? | |
return true if (user.admin? || user.manager?) | |
return (user.project_ids.include? asset.project_id && | |
asset.user_id == user.id) if user.dedicated? | |
asset.user_id == user.id | |
end | |
def update? | |
edit? | |
end | |
def destroy? | |
edit? | |
end | |
def show? | |
return (user.project_ids.include? asset.project_id) if user.dedicated? | |
end | |
class Scope | |
attr_reader :user, :scope | |
def initialize(user, scope) | |
@user = user | |
@scope = scope | |
end | |
def resolve | |
if user.admin? | |
scope.all | |
else | |
scope.where(visibility: :global).or(scope.where(user_id: user.id)) | |
end | |
end | |
end | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
class LightboxPolicy | |
attr_reader :user, :lightbox | |
def initialize(user, lightbox) | |
@user = user | |
@lightbox = lightbox | |
end | |
def edit? | |
return true if user.admin? | |
lightbox.user_id == user.id | |
end | |
def update? | |
edit? | |
end | |
def destroy? | |
edit? | |
end | |
def show? | |
true | |
end | |
class Scope | |
attr_reader :user, :scope | |
def initialize(user, scope) | |
@user = user | |
@scope = scope | |
end | |
def resolve | |
if user.admin? | |
scope.all | |
else | |
scope.where(visibility: :global).or(scope.where(user_id: user.id)) | |
end | |
end | |
end | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment