Module: Permittable

Extended by:

ActiveSupport::Concern

Defined in:

lib/generators/ruby_cms/templates/models/permittable.rb

Instance Method Summary

• #admin? ⇒ Boolean

  Default admin check: before any Permission exists the first user bootstraps as admin; afterwards admin = holds the manage_admin permission.

• #bootstrap? ⇒ Boolean
• #bootstrap_allowed?(permission_key) ⇒ Boolean
• #can?(permission_key, record: nil) ⇒ Boolean

  Check if the user has a permission.

• #cms_permission_keys_cached ⇒ Object

  Per-request cache of this user's permission keys.

• #known_permission_keys ⇒ Object

  Set of all permission keys that exist in the DB.

• #ruby_cms_prevent_last_admin_deletion ⇒ Object

  Block deleting the last administrator (would lock everyone out).

Instance Method Details

#admin? ⇒ Boolean

Default admin check: before any Permission exists the first user bootstraps as admin; afterwards admin = holds the manage_admin permission. Host apps may override this method on their User model.

Returns:

• (Boolean)

# File 'lib/generators/ruby_cms/templates/models/permittable.rb', line 44

def admin?
  return true if bootstrap?

  cms_permission_keys_cached.include?("manage_admin")
end

#bootstrap? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/generators/ruby_cms/templates/models/permittable.rb', line 35

def bootstrap?
  return @bootstrap_mode unless @bootstrap_mode.nil?

  @bootstrap_mode = !Permission.exists?
end

#bootstrap_allowed?(permission_key) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/generators/ruby_cms/templates/models/permittable.rb', line 56

def bootstrap_allowed?(permission_key)
  return false unless Rails.application.config.ruby_cms.bootstrap_admin_with_role
  return false unless respond_to?(:admin?) && admin?

  permission_key.to_s == "manage_admin"
end

#can?(permission_key, record: nil) ⇒ Boolean

Check if the user has a permission. record: reserved for future record-scoped permissions. Default-deny: unknown permission key = forbidden. Permission lookups are cached per-request.

Returns:

• (Boolean)

# File 'lib/generators/ruby_cms/templates/models/permittable.rb', line 25

def can?(permission_key, record: nil)
  return bootstrap_allowed?(permission_key) if bootstrap?

  k = permission_key.to_s
  return false unless known_permission_keys.include?(k)

  cms_permission_keys_cached.include?(k) ||
    record&.can_edit?(self)
end

#cms_permission_keys_cached ⇒ Object

Per-request cache of this user's permission keys. Never rely on client-side checks.

# File 'lib/generators/ruby_cms/templates/models/permittable.rb', line 64

def cms_permission_keys_cached
  @cms_permission_keys_cached ||=
    UserPermission.where(user: self)
                  .joins(:permission).pluck("permissions.key")
end

#known_permission_keys ⇒ Object

Set of all permission keys that exist in the DB. Cached per-request so a page that calls can? 50 times only hits SQL once.

# File 'lib/generators/ruby_cms/templates/models/permittable.rb', line 52

def known_permission_keys
  @known_permission_keys ||= Permission.pluck(:key).to_set
end

#ruby_cms_prevent_last_admin_deletion ⇒ Object

Block deleting the last administrator (would lock everyone out). No-op during bootstrap (before any Permission exists) where every user counts as admin.

# File 'lib/generators/ruby_cms/templates/models/permittable.rb', line 12

def ruby_cms_prevent_last_admin_deletion
  return if bootstrap?
  return unless admin?
  return if UserPermission.joins(:permission)
                          .where(permissions: { key: "manage_admin" })
                          .where.not(user_id: id).exists?

  errors.add(:base, "Kan de laatste beheerder niet verwijderen.")
  throw :abort
end