You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

57 lines
1.7 KiB

13 years ago
class UserAbility
CRUD = [:read, :create, :update, :destroy]
13 years ago
include CanCan::Ability
13 years ago
attr_accessor :user
attr_accessor :context
13 years ago
# See the wiki for details: https://github.com/ryanb/cancan/wiki/Defining-Abilities
13 years ago
def initialize(user, options = {})
@user = user || User.new
13 years ago
@context = options[:context] || :application
13 years ago
as_action_aliases
action_aliases
13 years ago
if @user.persisted?
owner_abilities
sharing_abilities
end
end
protected
def owner_abilities
# can manage his domains and records
can CRUD, Domain, :user_id => user.id
can CRUD, Record, :domain => {:user_id => user.id}
cannot :delete, SOA # it's deleted with the parent domain
13 years ago
# can manage his hosts
can CRUD, A, :user_id => user.id #, :domain => {:name => Settings.host_domains}
# can manage permissions for his domains
can CRUD, Permission, :domain => {:user_id => user.id}
can :crud_permissions, Domain, :user_id => user.id
# can manage his authentications
can CRUD, Authentication, :user_id => user.id
end
def sharing_abilities
# can manage shared domains and records
can CRUD, Domain, :permissions.outer => {:user_id => user.id}
can CRUD, Record, :domain => {:permissions.outer => {:user_id => user.id}}
13 years ago
# can manage shared domains and records descendants
for domain in user.permitted_domains
can CRUD, Domain, :name_reversed.matches => "#{domain.name_reversed}.%" # descendants
13 years ago
can CRUD, Record, :domain => {:name_reversed.matches => "#{domain.name_reversed}.%"} # descendants
13 years ago
end
end
def action_aliases
13 years ago
alias_action :new_token, :to => :update
end
13 years ago
end