diff options
| author |   Joachim Filip Ignacy Bartosik <jbartosik@gmail.com> | 2010-05-19 17:48:42 +0200 |
|---|---|---|
| committer | Joachim Filip Ignacy Bartosik <jbartosik@gmail.com> | 2010-05-21 22:34:36 +0200 |
| commit | 9f617e5093d928c99b9e87a1574195d8a8c8612c (patch) | |
| tree | 1918f8815e91e705494b03b2491a341d46971cef /lib | |
| parent | User has and belongs to many categories (diff) | |
| download | recruiting-webapp-9f617e5093d928c99b9e87a1574195d8a8c8612c.tar.gz recruiting-webapp-9f617e5093d928c99b9e87a1574195d8a8c8612c.tar.bz2 recruiting-webapp-9f617e5093d928c99b9e87a1574195d8a8c8612c.zip | |
Permissions for answers
And tests for permissions them. Any logged in user can create, update,
view, delete answers [s]he owns. No one can change answers someone else
owns. Recruiters can view all answers.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/permissions/owned_model.rb | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/lib/permissions/owned_model.rb b/lib/permissions/owned_model.rb new file mode 100644 index 0000000..e12706d --- /dev/null +++ b/lib/permissions/owned_model.rb @@ -0,0 +1,47 @@ +module Permissions + module OwnedModel + def create_permitted? + acting_user.signed_up? + end + + def update_permitted? + owned? + end + + def edit_permitted?(field) + owned_soft? + end + + def destroy_permitted? + owned? + end + + def view_permitted?(field) + owned_soft? + end + + protected + def owned? + owner_is?(acting_user) and !owner_changed? + end + + def owned_soft? + owner_is?(acting_user) + end + + def must_be_owned + errors.add(:owner, "must be current_user") unless owned? + end + + def included + validate_presence_of :owner + end + end +end + +def owned_model(owner_class) + belongs_to :owner, :class_name => owner_class, :creator => true + never_show :owner + attr_readonly :owner + include Permissions::OwnedModel +end |