2011-11-03 13:01:08 +00:00
|
|
|
module Locomotive
|
2011-10-30 23:02:41 +00:00
|
|
|
class Ability
|
|
|
|
include CanCan::Ability
|
|
|
|
|
|
|
|
ROLES = %w(admin designer author)
|
|
|
|
|
|
|
|
def initialize(account, site)
|
|
|
|
@account, @site = account, site
|
|
|
|
|
|
|
|
alias_action :index, :show, :edit, :update, :to => :touch
|
|
|
|
|
|
|
|
@membership = @site.memberships.where(:account_id => @account.id).first
|
|
|
|
|
|
|
|
return false if @membership.blank?
|
|
|
|
|
|
|
|
if @membership.admin?
|
|
|
|
setup_admin_permissions!
|
|
|
|
else
|
|
|
|
setup_default_permissions!
|
|
|
|
|
|
|
|
setup_designer_permissions! if @membership.designer?
|
|
|
|
|
|
|
|
setup_author_permissions! if @membership.author?
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def setup_default_permissions!
|
|
|
|
cannot :manage, :all
|
|
|
|
end
|
|
|
|
|
|
|
|
def setup_author_permissions!
|
|
|
|
can :touch, [Page, ThemeAsset]
|
|
|
|
can :sort, Page
|
|
|
|
|
|
|
|
can :manage, [ContentInstance, Asset]
|
|
|
|
|
|
|
|
can :touch, Site do |site|
|
|
|
|
site == @site
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def setup_designer_permissions!
|
|
|
|
can :manage, Page
|
|
|
|
|
|
|
|
can :manage, ContentInstance
|
|
|
|
|
|
|
|
can :manage, ContentType
|
|
|
|
|
|
|
|
can :manage, Snippet
|
|
|
|
|
|
|
|
can :manage, ThemeAsset
|
|
|
|
|
|
|
|
can :manage, Asset
|
|
|
|
|
|
|
|
can :manage, Site do |site|
|
|
|
|
site == @site
|
|
|
|
end
|
|
|
|
|
|
|
|
can :import, Site
|
|
|
|
|
|
|
|
can :export, Site
|
|
|
|
|
|
|
|
can :point, Site
|
|
|
|
|
|
|
|
cannot :create, Site
|
|
|
|
|
|
|
|
can :manage, Membership
|
|
|
|
|
|
|
|
cannot :grant_admin, Membership
|
|
|
|
|
|
|
|
cannot [:update, :destroy], Membership do |membership|
|
|
|
|
@membership.account_id == membership.account_id || # can not edit myself
|
|
|
|
membership.admin? # can not modify an administrator
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def setup_admin_permissions!
|
|
|
|
can :manage, :all
|
|
|
|
|
|
|
|
cannot [:update, :destroy], Membership do |membership|
|
|
|
|
@membership.account_id == membership.account_id # can not edit myself
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|