-
Notifications
You must be signed in to change notification settings - Fork 8
Expand file tree
/
Copy pathability.rb
More file actions
211 lines (200 loc) · 7.95 KB
/
ability.rb
File metadata and controls
211 lines (200 loc) · 7.95 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
# frozen_string_literal: true
class Ability
include CanCan::Ability
attr_reader :user
def initialize(user)
alias_action :create, :read, :update, :destroy, to: :crud
user ||= User.new(nil) # Guest user
# @user = user
if user.role_id == "staff_admin"
can :manage, :all
cannot %i[new create], Doi do |doi|
doi.client.blank? ||
!(
doi.client.prefixes.where(uid: doi.prefix).first ||
doi.type == "OtherDoi"
)
end
can :export, :contacts
can :export, :organizations
can :export, :repositories
elsif user.role_id == "staff_user"
can %i[read read_billing_information read_contact_information read_analytics], :all
elsif user.role_id == "consortium_admin" && user.provider_id.present?
can %i[manage read_billing_information read_contact_information], Provider do |provider|
user.provider_id.casecmp(provider.consortium_id)
end
can %i[update read read_billing_information read_contact_information],
Provider,
symbol: user.provider_id.upcase
can %i[manage], ProviderPrefix do |provider_prefix|
provider_prefix.provider &&
user.provider_id.casecmp(provider_prefix.provider.consortium_id)
end
can %i[manage], Contact
# TODO limit contact management to consortium
# contact.provider &&
# (user.provider_id.casecmp(contact.provider.consortium_id) ||
# user.provider_id.casecmp(contact.provider_id))
# end
can %i[manage transfer read_contact_information], Client do |client|
client.provider &&
user.provider_id.casecmp(client.provider.consortium_id)
end
can %i[manage], ClientPrefix # , :client_id => user.provider_id
# if Flipper[:delete_doi].enabled?(user)
# can [:manage], Doi, :provider_id => user.provider_id
# else
# can [:read, :update], Doi, :provider_id => user.provider_id
# end
can %i[read get_url transfer read_landing_page_results], Doi do |doi|
user.provider_id.casecmp(doi.provider.consortium_id)
end
can %i[read], Doi
can %i[read], User
can %i[read], Activity do |activity|
activity.doi.findable? ||
activity.doi.provider &&
user.provider_id.casecmp(activity.doi.provider.consortium_id)
end
can %i[read], :access_datafile
elsif user.role_id == "provider_admin" && user.provider_id.present?
can %i[update read read_billing_information read_contact_information read_analytics],
Provider,
symbol: user.provider_id.upcase
can %i[manage], Contact, provider_id: user.provider_id
can %i[manage], ProviderPrefix, provider_id: user.provider_id
can %i[manage read_contact_information], Client, provider_id: user.provider_id
cannot %i[manage read_contact_information], Client do |client|
client.provider.role_name.in?(["ROLE_MEMBER"])
end
cannot %i[transfer], Client
can %i[manage], ClientPrefix # , :client_id => user.provider_id
# if Flipper[:delete_doi].enabled?(user)
# can [:manage], Doi, :provider_id => user.provider_id
# else
# can [:read, :update], Doi, :provider_id => user.provider_id
# end
can %i[read get_url transfer read_landing_page_results],
Doi,
provider_id: user.provider_id
can %i[read], Doi
can %i[read], User
can %i[read], Activity do |activity|
activity.doi.findable? || activity.doi.provider_id == user.provider_id
end
can %i[read], :access_datafile
elsif user.role_id == "provider_user" && user.provider_id.present?
can %i[read read_billing_information read_contact_information read_analytics],
Provider,
symbol: user.provider_id.upcase
can %i[read], Provider
can %i[read], ProviderPrefix, provider_id: user.provider_id
can %i[read read_contact_information read_analytics], Client, provider_id: user.provider_id
can %i[read], ClientPrefix # , :client_id => user.client_id
can %i[read], Contact, provider_id: user.provider_id
can %i[read get_url read_landing_page_results],
Doi,
provider_id: user.provider_id
can %i[read], Doi
can %i[read], User
can %i[read], Activity do |activity|
activity.doi.findable? || activity.doi.provider_id == user.provider_id
end
can %i[read], :access_datafile
elsif user.role_id == "client_admin" && user.client.present? && user.client.is_active == "\x01"
can %i[read], Provider
can %i[read update read_contact_information read_analytics], Client, symbol: user.client_id.upcase
can %i[read], ClientPrefix, client_id: user.client_id
# if Flipper[:delete_doi].enabled?(user)
# can [:manage], Doi, :client_id => user.client_id
# else
# can [:read, :update], Doi, :client_id => user.client_id
# end
can %i[
read
destroy
update
register_url
validate
undo
get_url
get_urls
read_landing_page_results
],
Doi,
client_id: user.client_id
can %i[new create], Doi do |doi|
doi.client.prefixes.where(uid: doi.prefix).present? ||
doi.type == "OtherDoi"
end
can %i[read], Doi
can %i[read], User
can %i[read], Activity do |activity|
activity.doi.findable? || activity.doi.client_id == user.client_id
end
can %i[read], :access_datafile
elsif user.role_id == "client_admin" && user.client.present?
can %i[read], Provider
can %i[read read_contact_information read_analytics], Client, symbol: user.client_id.upcase
can %i[read], ClientPrefix, client_id: user.client_id
can %i[read], Doi, client_id: user.client_id
can %i[read], Doi
can %i[read], User
can %i[read], Activity do |activity|
activity.doi.findable? || activity.doi.client_id == user.client_id
end
can %i[read], :access_datafile
elsif user.role_id == "client_user" && user.client.present?
can %i[read], Provider
can %i[read read_contact_information read_analytics], Client, symbol: user.client_id.upcase
can %i[read], ClientPrefix, client_id: user.client_id
can %i[read get_url read_landing_page_results],
Doi,
client_id: user.client_id
can %i[read], Doi
can %i[read], User
can %i[read], Activity do |activity|
activity.doi.findable? || activity.doi.client_id == user.client_id
end
can %i[read], :access_datafile
elsif user.role_id == "user"
can %i[read], Provider
if user.provider_id.present?
can %i[update], Provider, symbol: user.provider_id.upcase
can %i[read], :access_datafile
end
if user.client_id.present?
can %i[read update], Client, symbol: user.client_id.upcase
can %i[read], :access_datafile
end
can %i[read], Doi, client_id: user.client_id if user.client_id.present?
can %i[read get_url], Doi
can %i[read], User, id: user.id
can %i[read], Activity do |activity|
activity.doi.findable?
end
elsif user.role_id == "temporary"
can %i[read], Provider
can %i[update read_contact_information], Provider, symbol: "ADMIN" if user.uid == "admin"
if user.provider_id.present?
can %i[update read_contact_information], Provider, symbol: user.provider_id.upcase
end
if user.client_id.present?
can %i[read update read_contact_information], Client, symbol: user.client_id.upcase
end
can %i[read], Doi, client_id: user.client_id if user.client_id.present?
can %i[read get_url], Doi
can %i[read], User, id: user.id
can %i[read], Activity do |activity|
activity.doi.findable?
end
elsif user.role_id == "anonymous"
can %i[read get_url], Doi
can %i[read], Provider
can %i[read], Activity do |activity|
activity.doi.findable?
end
end
end
end