From 9f617e5093d928c99b9e87a1574195d8a8c8612c Mon Sep 17 00:00:00 2001
From: Joachim Filip Ignacy Bartosik <jbartosik@gmail.com>
Date: Wed, 19 May 2010 17:48:42 +0200
Subject: Permissions for answers

And tests for permissions them. Any logged in user can create, update,
view, delete answers [s]he owns. No one can change answers someone else
owns. Recruiters can view all answers.
---
 lib/permissions/owned_model.rb | 47 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)
 create mode 100644 lib/permissions/owned_model.rb

(limited to 'lib')

diff --git a/lib/permissions/owned_model.rb b/lib/permissions/owned_model.rb
new file mode 100644
index 0000000..e12706d
--- /dev/null
+++ b/lib/permissions/owned_model.rb
@@ -0,0 +1,47 @@
+module Permissions
+  module OwnedModel
+    def create_permitted?
+      acting_user.signed_up?
+    end
+
+    def update_permitted?
+      owned?
+    end
+  
+    def edit_permitted?(field)
+     owned_soft?
+    end
+
+    def destroy_permitted?
+      owned?
+    end
+
+    def view_permitted?(field)
+      owned_soft?
+    end
+
+    protected
+      def owned?
+        owner_is?(acting_user) and !owner_changed?
+      end
+    
+      def owned_soft?
+        owner_is?(acting_user)
+      end
+    
+      def must_be_owned
+        errors.add(:owner, "must be current_user") unless owned?
+      end
+
+      def included
+        validate_presence_of :owner
+      end
+  end
+end
+  
+def owned_model(owner_class)
+  belongs_to    :owner, :class_name => owner_class, :creator => true
+  never_show    :owner
+  attr_readonly :owner
+  include Permissions::OwnedModel
+end
-- 
cgit v1.2.3-65-gdbad