Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- class Workspace
- include Mongoid::Document
- include Mongoid::Timestamps
- include WorkspaceAuthorization
- referenced_in :parent, class_name: 'Account', inverse_of: :workspaces
- references_many :meetings, inverse_of: :parent, foreign_key: 'parent_id', class_name: 'Meeting'
- references_and_referenced_in_many :admins, inverse_of: :workspace_adminships, class_name: 'User'
- references_and_referenced_in_many :attendees, inverse_of: :workspace_attendeeships, class_name: 'User'
- ...
- end
- class Meeting
- include Mongoid::Document
- include Mongoid::Timestamps
- include MeetingAuthorization
- referenced_in :parent, class_name: 'Workspace', inverse_of: :meetings
- references_and_referenced_in_many :owners, inverse_of: :meeting_ownerships, class_name: 'User'
- references_and_referenced_in_many :attendees, inverse_of: :meeting_attendeeships, class_name: 'User'
- ...
- end
- module MeetingAuthorization
- extend ActiveSupport::Concern
- included do
- attr_reader :principal
- before_update :check_authorization
- before_create :check_parent_authorization, :check_uniqueness
- end
- ...
- def check_authorization
- if attendees_changed?
- raise AuthorizationFailure,
- 'unauthorized to update meeting' unless self.is_readable_by?(principal) ||
- self.is_updatable_by?(principal)
- else
- raise AuthorizationFailure,
- 'unauthorized to update meeting' unless self.is_updatable_by?(principal)
- end
- end
- def check_parent_authorization
- raise AuthorizationFailure,
- 'unauthorized to update parent' unless parent.is_updatable_by?(parent.principal)
- end
- def check_uniqueness
- raise AuthorizationFailure,
- 'meeting is duplicate' if parent.meetings.include?(self)
- end
- end
- class User
- include Mongoid::Document
- include UserAuthorization
- extend ActiveSupport::Memoizable
- create_references_for [
- %w{ account_ownerships owners Account },
- %w{ account_adminships admins Account },
- %w{ workspace_adminships admins Workspace },
- %w{ workspace_attendeeships attendees Workspace },
- %w{ meeting_ownerships owners Meeting },
- %w{ meeting_attendeeships attendees Meeting }
- ]
- ...
- def create_references_for(relationships)
- relationships.each do |row|
- a, b, c = *row
- self.instance_eval <<-EOL
- references_and_referenced_in_many :#{a}, inverse_of: :#{b}, class_name: '#{c}'
- EOL
- end
- end
- ...
- end
- >> Testcase
- >> When I create a 'user', with a workspace and a meeting within I get this:
- ruby-1.9.2-p136 :007 > User.criteria.id(user._id).first.class
- => User
- but also this:
- ruby-1.9.2-p136 :006 > User.criteria.id(user._id).first.workspace_attendeeships
- Hirb Error: unauthorized to update meeting
- /opt/livesein_ng/app/models/meetings/meeting_authorization.rb:85:in `check_authorization'
- /Users/fw/.rvm/gems/ruby-1.9.2-p136@livesein_ng/gems/activesupport-3.0.3/lib/active_support/callbacks.rb:414:in `_run_update_callbacks'
- /Users/fw/.rvm/gems/ruby-1.9.2-p136@livesein_ng/gems/activesupport-3.0.3/lib/active_support/callbacks.rb:93:in `run_callbacks'
- ...
Add Comment
Please, Sign In to add comment