class Membership include Locomotive::Mongoid::Document ## fields ## field :role, :default => 'author' ## associations ## referenced_in :account, :validate => false embedded_in :site, :inverse_of => :memberships ## validations ## validates_presence_of :account validate :can_change_role, :if => :role_changed? ## callbacks ## before_save :define_role ## methods ## Ability::ROLES.each do |_role| define_method("#{_role}?") do self.role == _role end end def email; @email; end def email=(email) @email = email self.account = Account.where(:email => email).first end def process! if @email.blank? self.errors.add_on_blank(:email) :error elsif self.account.blank? :create_account elsif self.site.memberships.any? { |m| m.account_id == self.account_id && m._id != self._id } self.errors.add(:base, 'Already created') :already_created else self.save :save_it end end def ability @ability ||= Ability.new(self.account, self.site) end protected def define_role self.role = Ability::ROLES.include?(role.downcase) ? role.downcase : Ability::ROLES.first end # Users should not be able to set the role of another user to be higher than # their own. A designer for example should not be able to set another user to # be an administrator def can_change_role current_site = Thread.current[:site] current_membership = current_site.memberships.where(:account_id => Thread.current[:admin].id).first if current_site.present? if current_membership.present? # The role cannot be set higher than the current one (we use the index in # the roles array to check role presidence) errors.add(:role, :invalid) if Ability::ROLES.index(role) < Ability::ROLES.index(current_membership.role) end end end