implemented a radical overhaul of permissions, so that it actually hides content that it's supposed to
This commit is contained in:
parent
402786a7c6
commit
6b8a99eb01
12 changed files with 312 additions and 97 deletions
|
@ -8,7 +8,8 @@ class ItemsController < ApplicationController
|
||||||
def index
|
def index
|
||||||
@user = User.find(params[:user_id])
|
@user = User.find(params[:user_id])
|
||||||
|
|
||||||
@items = @user.items
|
@current = current_user
|
||||||
|
@items = Item.visibleToUser(@current, @user)
|
||||||
|
|
||||||
respond_with(@user,@items)
|
respond_with(@user,@items)
|
||||||
end
|
end
|
||||||
|
@ -25,9 +26,14 @@ class ItemsController < ApplicationController
|
||||||
def show
|
def show
|
||||||
@user = User.find(params[:user_id])
|
@user = User.find(params[:user_id])
|
||||||
|
|
||||||
@item = @user.items.find(params[:id])
|
@current = current_user
|
||||||
|
@item = @user.items.find(params[:id]).authorize_to_show(@current)
|
||||||
|
|
||||||
@relatives = @item.network_as_json.html_safe
|
if @item
|
||||||
|
@relatives = @item.network_as_json(@current).html_safe
|
||||||
|
else
|
||||||
|
redirect_to root_url and return
|
||||||
|
end
|
||||||
|
|
||||||
respond_to do |format|
|
respond_to do |format|
|
||||||
format.html { respond_with(@item, @user) }
|
format.html { respond_with(@item, @user) }
|
||||||
|
@ -69,7 +75,12 @@ class ItemsController < ApplicationController
|
||||||
def edit
|
def edit
|
||||||
@user = User.find(params[:user_id])
|
@user = User.find(params[:user_id])
|
||||||
|
|
||||||
@item = @user.items.find(params[:id])
|
@current = current_user
|
||||||
|
@item = @user.items.find(params[:id]).authorize_to_edit(@current)
|
||||||
|
|
||||||
|
if not @item
|
||||||
|
redirect_to root_url and return
|
||||||
|
end
|
||||||
|
|
||||||
respond_with(@item)
|
respond_with(@item)
|
||||||
end
|
end
|
||||||
|
|
|
@ -4,13 +4,10 @@ class MainController < ApplicationController
|
||||||
respond_to :html, :js, :json
|
respond_to :html, :js, :json
|
||||||
|
|
||||||
def home
|
def home
|
||||||
@current_user = current_user
|
@current = current_user
|
||||||
|
|
||||||
@item = Item.all.first
|
@item = Item.visibleToUser(@current, nil).first
|
||||||
|
@alljson = all_as_json(@current).html_safe
|
||||||
if @item
|
|
||||||
@alljson = @item.all_as_json.html_safe
|
|
||||||
end
|
|
||||||
|
|
||||||
respond_to do |format|
|
respond_to do |format|
|
||||||
format.html { respond_with(@item) }
|
format.html { respond_with(@item) }
|
||||||
|
@ -19,9 +16,8 @@ class MainController < ApplicationController
|
||||||
end
|
end
|
||||||
|
|
||||||
def allmaps
|
def allmaps
|
||||||
@current_user = current_user
|
@current = current_user
|
||||||
|
@maps = Map.visibleToUser(@current, nil)
|
||||||
@maps = Map.all
|
|
||||||
|
|
||||||
respond_to do |format|
|
respond_to do |format|
|
||||||
format.html { respond_with(@maps) }
|
format.html { respond_with(@maps) }
|
||||||
|
|
|
@ -7,7 +7,9 @@ class MapsController < ApplicationController
|
||||||
# GET /users/:user_id/maps
|
# GET /users/:user_id/maps
|
||||||
def index
|
def index
|
||||||
@user = User.find(params[:user_id])
|
@user = User.find(params[:user_id])
|
||||||
@maps = @user.maps
|
|
||||||
|
@current = current_user
|
||||||
|
@maps = Map.visibleToUser(@current, @user)
|
||||||
|
|
||||||
respond_with(@maps,@user)
|
respond_with(@maps,@user)
|
||||||
end
|
end
|
||||||
|
@ -24,9 +26,14 @@ class MapsController < ApplicationController
|
||||||
def show
|
def show
|
||||||
@user = User.find(params[:user_id])
|
@user = User.find(params[:user_id])
|
||||||
|
|
||||||
@map = @user.maps.find(params[:id])
|
@current = current_user
|
||||||
|
@map = @user.maps.find(params[:id]).authorize_to_show(@current)
|
||||||
|
|
||||||
@mapjson = @map.self_as_json.html_safe
|
if not @map
|
||||||
|
redirect_to root_url and return
|
||||||
|
end
|
||||||
|
|
||||||
|
@mapjson = @map.self_as_json(@current).html_safe
|
||||||
|
|
||||||
respond_to do |format|
|
respond_to do |format|
|
||||||
format.html { respond_with(@map, @user) }
|
format.html { respond_with(@map, @user) }
|
||||||
|
@ -53,7 +60,12 @@ class MapsController < ApplicationController
|
||||||
def edit
|
def edit
|
||||||
@user = User.find(params[:user_id])
|
@user = User.find(params[:user_id])
|
||||||
|
|
||||||
@map = @user.maps.find(params[:id])
|
@current = current_user
|
||||||
|
@map = @user.maps.find(params[:id]).authorize_to_edit(@current)
|
||||||
|
|
||||||
|
if not @map
|
||||||
|
redirect_to root_url and return
|
||||||
|
end
|
||||||
|
|
||||||
respond_with(@user, @map)
|
respond_with(@user, @map)
|
||||||
end
|
end
|
||||||
|
|
|
@ -9,7 +9,9 @@ class SynapsesController < ApplicationController
|
||||||
def index
|
def index
|
||||||
@user = User.find(params[:user_id])
|
@user = User.find(params[:user_id])
|
||||||
|
|
||||||
@synapsesjson = usersynapses_as_json(@user).html_safe
|
@current = current_user
|
||||||
|
@synapses = Synapse.visibleToUser(@current, @user)
|
||||||
|
@synapsesjson = synapses_as_json(@current, @synapses).html_safe
|
||||||
|
|
||||||
respond_to do |format|
|
respond_to do |format|
|
||||||
format.html
|
format.html
|
||||||
|
@ -29,10 +31,15 @@ class SynapsesController < ApplicationController
|
||||||
def show
|
def show
|
||||||
@user = User.find(params[:user_id])
|
@user = User.find(params[:user_id])
|
||||||
|
|
||||||
@synapse = @user.synapses.find(params[:id])
|
@current = current_user
|
||||||
|
@synapse = @user.synapses.find(params[:id]).authorize_to_show(@current)
|
||||||
|
@item1 = @synapse.item1.authorize_to_show(@current)
|
||||||
|
@item2 = @synapse.item2.authorize_to_show(@current)
|
||||||
|
|
||||||
if @synapse
|
if @synapse && @item1 && @item2
|
||||||
@synapsejson = @synapse.selfplusnodes_as_json.html_safe
|
@synapsejson = @synapse.selfplusnodes_as_json.html_safe
|
||||||
|
else
|
||||||
|
redirect_to root_url and return
|
||||||
end
|
end
|
||||||
|
|
||||||
respond_to do |format|
|
respond_to do |format|
|
||||||
|
@ -91,12 +98,13 @@ class SynapsesController < ApplicationController
|
||||||
def edit
|
def edit
|
||||||
@user = User.find(params[:user_id])
|
@user = User.find(params[:user_id])
|
||||||
|
|
||||||
@synapse = @user.synapses.find(params[:id])
|
@current = current_user
|
||||||
|
@synapse = @user.synapses.find(params[:id]).authorize_to_edit(@current)
|
||||||
@items = nil
|
|
||||||
|
|
||||||
if @synapse
|
if @synapse
|
||||||
@items = Item.all
|
@items = Item.visibleToUser(@current)
|
||||||
|
elsif not @synapse
|
||||||
|
redirect_to root_url and return
|
||||||
end
|
end
|
||||||
|
|
||||||
respond_with(@synapse, @items)
|
respond_with(@synapse, @items)
|
||||||
|
|
|
@ -29,18 +29,17 @@ module ItemsHelper
|
||||||
end
|
end
|
||||||
|
|
||||||
#return a json object containing all of a users added synapses
|
#return a json object containing all of a users added synapses
|
||||||
def usersynapses_as_json(user)
|
def synapses_as_json(current, synapses)
|
||||||
Jbuilder.encode do |json|
|
Jbuilder.encode do |json|
|
||||||
@synapses = user.synapses
|
|
||||||
@items = Array.new
|
@items = Array.new
|
||||||
|
|
||||||
@synapses.each do |synapse|
|
synapses.each do |synapse|
|
||||||
@items.push(synapse.item1) if not @items.include?(synapse.item1)
|
@items.push(synapse.item1) if (not @items.include?(synapse.item1)) && synapse.item1.authorize_to_view(current)
|
||||||
@items.push(synapse.item2) if not @items.include?(synapse.item2)
|
@items.push(synapse.item2) if (not @items.include?(synapse.item2)) && synapse.item2.authorize_to_view(current)
|
||||||
end
|
end
|
||||||
|
|
||||||
json.array!(@items) do |item|
|
json.array!(@items) do |item|
|
||||||
json.adjacencies item.synapses2.delete_if{|synapse| not synapse.user == user} do |json, synapse|
|
json.adjacencies item.synapses2.delete_if{|synapse| not @items.include?(Item.find_by_id(synapse.node1_id))} do |json, synapse|
|
||||||
json.nodeTo synapse.node1_id
|
json.nodeTo synapse.node1_id
|
||||||
json.nodeFrom synapse.node2_id
|
json.nodeFrom synapse.node2_id
|
||||||
|
|
||||||
|
@ -63,5 +62,38 @@ module ItemsHelper
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def all_as_json(current)
|
||||||
|
Jbuilder.encode do |json|
|
||||||
|
|
||||||
|
@items = Item.visibleToUser(current, nil)
|
||||||
|
@synapses = Synapse.visibleToUser(current, nil)
|
||||||
|
|
||||||
|
json.array!(@items) do |item|
|
||||||
|
json.adjacencies item.synapses2.delete_if{|synapse| (not @items.include?(Item.find_by_id(synapse.node1_id))) || (not @synapses.include?(synapse))} do |json, synapse|
|
||||||
|
json.nodeTo synapse.node1_id
|
||||||
|
json.nodeFrom synapse.node2_id
|
||||||
|
|
||||||
|
@synapsedata = Hash.new
|
||||||
|
@synapsedata['$desc'] = synapse.desc
|
||||||
|
@synapsedata['$category'] = synapse.category
|
||||||
|
@synapsedata['$userid'] = synapse.user.id
|
||||||
|
@synapsedata['$username'] = synapse.user.name
|
||||||
|
json.data @synapsedata
|
||||||
|
end
|
||||||
|
|
||||||
|
@itemdata = Hash.new
|
||||||
|
@itemdata['$desc'] = item.desc
|
||||||
|
@itemdata['$link'] = item.link
|
||||||
|
@itemdata['$itemcatname'] = item.item_category.name
|
||||||
|
@itemdata['$userid'] = item.user.id
|
||||||
|
@itemdata['$username'] = item.user.name
|
||||||
|
|
||||||
|
json.data @itemdata
|
||||||
|
json.id item.id
|
||||||
|
json.name item.name
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -21,6 +21,18 @@ has_many :maps, :through => :mappings
|
||||||
|
|
||||||
belongs_to :item_category
|
belongs_to :item_category
|
||||||
|
|
||||||
|
# has no viewable synapses helper function
|
||||||
|
def has_viewable_synapses(current)
|
||||||
|
result = false
|
||||||
|
self.synapses.each do |synapse|
|
||||||
|
if synapse.authorize_to_view(current)
|
||||||
|
result = true
|
||||||
|
end
|
||||||
|
end
|
||||||
|
return result
|
||||||
|
end
|
||||||
|
|
||||||
|
###### JSON ######
|
||||||
def self_as_json
|
def self_as_json
|
||||||
Jbuilder.encode do |json|
|
Jbuilder.encode do |json|
|
||||||
|
|
||||||
|
@ -37,66 +49,101 @@ belongs_to :item_category
|
||||||
end
|
end
|
||||||
|
|
||||||
#build a json object of everything connected to a specified node
|
#build a json object of everything connected to a specified node
|
||||||
def network_as_json
|
def network_as_json(current)
|
||||||
Jbuilder.encode do |json|
|
Jbuilder.encode do |json|
|
||||||
@items = network(self,nil)
|
@items = network(self,nil)
|
||||||
|
|
||||||
json.array!(@items) do |item|
|
if @items.count > 1
|
||||||
json.adjacencies item.synapses2.delete_if{|synapse| not @items.include?(Item.find_by_id(synapse.node1_id))} do |json, synapse|
|
json.array!(@items.delete_if{|item| (not item.authorize_to_view(current)) || (not item.has_viewable_synapses(current))}) do |item|
|
||||||
json.nodeTo synapse.node1_id
|
|
||||||
json.nodeFrom synapse.node2_id
|
|
||||||
|
|
||||||
@synapsedata = Hash.new
|
json.adjacencies item.synapses2.delete_if{|synapse| (not @items.include?(synapse.item1)) || (not synapse.authorize_to_view(current)) || (not synapse.item1.authorize_to_view(current)) } do |json, synapse|
|
||||||
@synapsedata['$desc'] = synapse.desc
|
json.nodeTo synapse.node1_id
|
||||||
@synapsedata['$category'] = synapse.category
|
json.nodeFrom synapse.node2_id
|
||||||
@synapsedata['$userid'] = synapse.user.id
|
|
||||||
@synapsedata['$username'] = synapse.user.name
|
@synapsedata = Hash.new
|
||||||
json.data @synapsedata
|
@synapsedata['$desc'] = synapse.desc
|
||||||
|
@synapsedata['$category'] = synapse.category
|
||||||
|
@synapsedata['$userid'] = synapse.user.id
|
||||||
|
@synapsedata['$username'] = synapse.user.name
|
||||||
|
json.data @synapsedata
|
||||||
|
end
|
||||||
|
|
||||||
|
@itemdata = Hash.new
|
||||||
|
@itemdata['$desc'] = item.desc
|
||||||
|
@itemdata['$link'] = item.link
|
||||||
|
@itemdata['$itemcatname'] = item.item_category.name
|
||||||
|
@itemdata['$userid'] = item.user.id
|
||||||
|
@itemdata['$username'] = item.user.name
|
||||||
|
json.data @itemdata
|
||||||
|
json.id item.id
|
||||||
|
json.name item.name
|
||||||
end
|
end
|
||||||
|
elsif @items.count == 1
|
||||||
@itemdata = Hash.new
|
json.array!(@items) do |item|
|
||||||
@itemdata['$desc'] = item.desc
|
@itemdata = Hash.new
|
||||||
@itemdata['$link'] = item.link
|
@itemdata['$desc'] = item.desc
|
||||||
@itemdata['$itemcatname'] = item.item_category.name
|
@itemdata['$link'] = item.link
|
||||||
@itemdata['$userid'] = item.user.id
|
@itemdata['$itemcatname'] = item.item_category.name
|
||||||
@itemdata['$username'] = item.user.name
|
@itemdata['$userid'] = item.user.id
|
||||||
json.data @itemdata
|
@itemdata['$username'] = item.user.name
|
||||||
json.id item.id
|
json.data @itemdata
|
||||||
json.name item.name
|
json.id item.id
|
||||||
end
|
json.name item.name
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def all_as_json
|
##### PERMISSIONS ######
|
||||||
Jbuilder.encode do |json|
|
|
||||||
|
|
||||||
@items = Item.all
|
scope :visibleToUser, lambda { |current, user|
|
||||||
|
if user != nil
|
||||||
|
if user != current
|
||||||
|
Item.find_all_by_user_id_and_permission(user.id, "commons") | Item.find_all_by_user_id_and_permission(user.id, "public")
|
||||||
|
elsif user == current
|
||||||
|
Item.find_all_by_user_id_and_permission(user.id, "commons") | Item.find_all_by_user_id_and_permission(user.id, "public") | current.items.where(:permission => "private")
|
||||||
|
end
|
||||||
|
elsif (current != nil && user == nil)
|
||||||
|
Item.find_all_by_permission("commons") | Item.find_all_by_permission("public") | current.items.where(:permission => "private")
|
||||||
|
elsif (current == nil)
|
||||||
|
Item.find_all_by_permission("commons") | Item.find_all_by_permission("public")
|
||||||
|
end
|
||||||
|
}
|
||||||
|
|
||||||
json.array!(@items) do |item|
|
# returns false if user not allowed to 'show' Topic, Synapse, or Map
|
||||||
json.adjacencies item.synapses2.delete_if{|synapse| not @items.include?(Item.find_by_id(synapse.node1_id))} do |json, synapse|
|
def authorize_to_show(user)
|
||||||
json.nodeTo synapse.node1_id
|
if (self.permission == "private" && self.user != user)
|
||||||
json.nodeFrom synapse.node2_id
|
return false
|
||||||
|
end
|
||||||
|
return self
|
||||||
|
end
|
||||||
|
|
||||||
@synapsedata = Hash.new
|
# returns false if user not allowed to 'edit' Topic, Synapse, or Map
|
||||||
@synapsedata['$desc'] = synapse.desc
|
def authorize_to_edit(user)
|
||||||
@synapsedata['$category'] = synapse.category
|
if (self.permission == "private" && self.user != user)
|
||||||
@synapsedata['$userid'] = synapse.user.id
|
return false
|
||||||
@synapsedata['$username'] = synapse.user.name
|
elsif (self.permission == "public" && self.user != user)
|
||||||
json.data @synapsedata
|
return false
|
||||||
end
|
end
|
||||||
|
return self
|
||||||
|
end
|
||||||
|
|
||||||
@itemdata = Hash.new
|
# returns Boolean if user allowed to view Topic, Synapse, or Map
|
||||||
@itemdata['$desc'] = item.desc
|
def authorize_to_view(user)
|
||||||
@itemdata['$link'] = item.link
|
if (self.permission == "private" && self.user != user)
|
||||||
@itemdata['$itemcatname'] = item.item_category.name
|
return false
|
||||||
@itemdata['$userid'] = item.user.id
|
end
|
||||||
@itemdata['$username'] = item.user.name
|
return true
|
||||||
|
end
|
||||||
|
|
||||||
json.data @itemdata
|
# returns Boolean based on whether user has permissions to edit or not
|
||||||
json.id item.id
|
def authorize_linkto_edit(user)
|
||||||
json.name item.name
|
if (self.user == user)
|
||||||
end
|
return true
|
||||||
end
|
elsif (self.permission == "commons")
|
||||||
|
return true
|
||||||
|
end
|
||||||
|
return false
|
||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -12,14 +12,17 @@ def mappings
|
||||||
itemmappings + synapsemappings
|
itemmappings + synapsemappings
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
|
###### JSON ######
|
||||||
#build a json object of a map
|
#build a json object of a map
|
||||||
def self_as_json
|
def self_as_json(current)
|
||||||
Jbuilder.encode do |json|
|
Jbuilder.encode do |json|
|
||||||
@items = self.items
|
@items = self.items
|
||||||
@synapses = self.synapses
|
@synapses = self.synapses
|
||||||
|
|
||||||
json.array!(@items) do |item|
|
json.array!(@items.delete_if{|item| not item.authorize_to_view(current)}) do |item|
|
||||||
json.adjacencies item.synapses2.delete_if{|synapse| not @synapses.include?(synapse)} do |json, synapse|
|
|
||||||
|
json.adjacencies item.synapses2.delete_if{|synapse| (not @items.include?(synapse.item1)) || (not @synapses.include?(synapse)) || (not synapse.authorize_to_view(current)) || (not synapse.item1.authorize_to_view(current)) } do |json, synapse|
|
||||||
json.nodeTo synapse.node1_id
|
json.nodeTo synapse.node1_id
|
||||||
json.nodeFrom synapse.node2_id
|
json.nodeFrom synapse.node2_id
|
||||||
|
|
||||||
|
@ -44,4 +47,56 @@ end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
##### PERMISSIONS ######
|
||||||
|
|
||||||
|
scope :visibleToUser, lambda { |current, user|
|
||||||
|
if user != nil
|
||||||
|
if user != current
|
||||||
|
Map.find_all_by_user_id_and_permission(user.id, "commons") | Map.find_all_by_user_id_and_permission(user.id, "public")
|
||||||
|
elsif user == current
|
||||||
|
Map.find_all_by_user_id_and_permission(user.id, "commons") | Map.find_all_by_user_id_and_permission(user.id, "public") | current.maps.where(:permission => "private")
|
||||||
|
end
|
||||||
|
elsif (current != nil && user == nil)
|
||||||
|
Map.find_all_by_permission("commons") | Map.find_all_by_permission("public") | current.maps.where(:permission => "private")
|
||||||
|
elsif (current == nil)
|
||||||
|
Map.find_all_by_permission("commons") | Map.find_all_by_permission("public")
|
||||||
|
end
|
||||||
|
}
|
||||||
|
|
||||||
|
# returns false if user not allowed to 'show' Topic, Synapse, or Map
|
||||||
|
def authorize_to_show(user)
|
||||||
|
if (self.permission == "private" && self.user != user)
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
return self
|
||||||
|
end
|
||||||
|
|
||||||
|
# returns false if user not allowed to 'edit' Topic, Synapse, or Map
|
||||||
|
def authorize_to_edit(user)
|
||||||
|
if (self.permission == "private" && self.user != user)
|
||||||
|
return false
|
||||||
|
elsif (self.permission == "public" && self.user != user)
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
return self
|
||||||
|
end
|
||||||
|
|
||||||
|
# returns Boolean if user allowed to view Topic, Synapse, or Map
|
||||||
|
def authorize_to_view(user)
|
||||||
|
if (self.permission == "private" && self.user != user)
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
return true
|
||||||
|
end
|
||||||
|
|
||||||
|
# returns Boolean based on whether user has permissions to edit or not
|
||||||
|
def authorize_linkto_edit(user)
|
||||||
|
if (self.user == user)
|
||||||
|
return true
|
||||||
|
elsif (self.permission == "commons")
|
||||||
|
return true
|
||||||
|
end
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -8,6 +8,8 @@ belongs_to :item2, :class_name => "Item", :foreign_key => "node2_id"
|
||||||
has_many :mappings
|
has_many :mappings
|
||||||
has_many :maps, :through => :mappings
|
has_many :maps, :through => :mappings
|
||||||
|
|
||||||
|
##### JSON ######
|
||||||
|
|
||||||
def self_as_json
|
def self_as_json
|
||||||
Jbuilder.encode do |json|
|
Jbuilder.encode do |json|
|
||||||
@synapsedata = Hash.new
|
@synapsedata = Hash.new
|
||||||
|
@ -51,4 +53,56 @@ has_many :maps, :through => :mappings
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
##### PERMISSIONS ######
|
||||||
|
|
||||||
|
scope :visibleToUser, lambda { |current, user|
|
||||||
|
if user != nil
|
||||||
|
if user != current
|
||||||
|
Synapse.find_all_by_user_id_and_permission(user.id, "commons") | Synapse.find_all_by_user_id_and_permission(user.id, "public")
|
||||||
|
elsif user == current
|
||||||
|
Synapse.find_all_by_user_id_and_permission(user.id, "commons") | Synapse.find_all_by_user_id_and_permission(user.id, "public") | current.synapses.where(:permission => "private")
|
||||||
|
end
|
||||||
|
elsif (current != nil && user == nil)
|
||||||
|
Synapse.find_all_by_permission("commons") | Synapse.find_all_by_permission("public") | current.synapses.where(:permission => "private")
|
||||||
|
elsif (current == nil)
|
||||||
|
Synapse.find_all_by_permission("commons") | Synapse.find_all_by_permission("public")
|
||||||
|
end
|
||||||
|
}
|
||||||
|
|
||||||
|
# returns false if user not allowed to 'show' Topic, Synapse, or Map
|
||||||
|
def authorize_to_show(user)
|
||||||
|
if (self.permission == "private" && self.user != user)
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
return self
|
||||||
|
end
|
||||||
|
|
||||||
|
# returns false if user not allowed to 'edit' Topic, Synapse, or Map
|
||||||
|
def authorize_to_edit(user)
|
||||||
|
if (self.permission == "private" && self.user != user)
|
||||||
|
return false
|
||||||
|
elsif (self.permission == "public" && self.user != user)
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
return self
|
||||||
|
end
|
||||||
|
|
||||||
|
# returns Boolean if user allowed to view Topic, Synapse, or Map
|
||||||
|
def authorize_to_view(user)
|
||||||
|
if (self.permission == "private" && self.user != user)
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
return true
|
||||||
|
end
|
||||||
|
|
||||||
|
# returns Boolean based on whether user has permissions to edit or not
|
||||||
|
def authorize_linkto_edit(user)
|
||||||
|
if (self.user == user)
|
||||||
|
return true
|
||||||
|
elsif (self.permission == "commons")
|
||||||
|
return true
|
||||||
|
end
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -9,6 +9,6 @@
|
||||||
<label for="item_link">Link</label>
|
<label for="item_link">Link</label>
|
||||||
<%= form.text_field :link, class: "link" %>
|
<%= form.text_field :link, class: "link" %>
|
||||||
<label for="item_permission">Permission</label>
|
<label for="item_permission">Permission</label>
|
||||||
<%= form.select(:permission, options_for_select(['commons', 'public', 'private'])) %>
|
<%= form.select :permission, options_for_select(['commons', 'public', 'private'], @item.permission) %>
|
||||||
<%= form.submit "Update", class: "update" %>
|
<%= form.submit "Update", class: "update" %>
|
||||||
<% end %>
|
<% end %>
|
|
@ -5,6 +5,6 @@
|
||||||
<label for="map_desc">Description</label>
|
<label for="map_desc">Description</label>
|
||||||
<%= form.text_area :desc, class: "description", :rows => 5 %>
|
<%= form.text_area :desc, class: "description", :rows => 5 %>
|
||||||
<label for="map_perm">Permission</label>
|
<label for="map_perm">Permission</label>
|
||||||
<%= form.select(:permission, options_for_select(['commons', 'public', 'private']), { :selected => @map.permission }) %>
|
<%= form.select :permission, options_for_select(['commons', 'public', 'private'], @map.permission) %>
|
||||||
<%= form.submit "Update", class: "update" %>
|
<%= form.submit "Update", class: "update" %>
|
||||||
<% end %>
|
<% end %>
|
||||||
|
|
|
@ -11,6 +11,6 @@
|
||||||
<%= select "node2_id", "node2", @collection.order("name ASC").map {|p| [ p.name, p.id ] }, { :selected => @synapse.node2_id } %>
|
<%= select "node2_id", "node2", @collection.order("name ASC").map {|p| [ p.name, p.id ] }, { :selected => @synapse.node2_id } %>
|
||||||
<% end %>
|
<% end %>
|
||||||
<label for="synapse_permission">Permission</label>
|
<label for="synapse_permission">Permission</label>
|
||||||
<%= form.select(:permission, options_for_select(['commons', 'public', 'private'])) %>
|
<%= form.select :permission, options_for_select(['commons', 'public', 'private'], @synapse.permission) %>
|
||||||
<%= form.submit "Update", class: "update" %>
|
<%= form.submit "Update", class: "update" %>
|
||||||
<% end %>
|
<% end %>
|
Loading…
Reference in a new issue