class Workspace include Mongoid::Document include Mongoid::Timestamps inc

1. class Workspace
2.  
3. include Mongoid::Document
4. include Mongoid::Timestamps
5. include WorkspaceAuthorization
6.  
7. referenced_in :parent, class_name: 'Account', inverse_of: :workspaces
8. references_many :meetings, inverse_of: :parent, foreign_key: 'parent_id', class_name: 'Meeting'
9. references_and_referenced_in_many :admins, inverse_of: :workspace_adminships, class_name: 'User'
10. references_and_referenced_in_many :attendees, inverse_of: :workspace_attendeeships, class_name: 'User'
11.  
12. ...
13.  
14. end
15.  
16. class Meeting
17.  
18. include Mongoid::Document
19. include Mongoid::Timestamps
20. include MeetingAuthorization
21.  
22. referenced_in :parent, class_name: 'Workspace', inverse_of: :meetings
23. references_and_referenced_in_many :owners, inverse_of: :meeting_ownerships, class_name: 'User'
24. references_and_referenced_in_many :attendees, inverse_of: :meeting_attendeeships, class_name: 'User'
25.  
26. ...
27.  
28. end
29.  
30. module MeetingAuthorization
31.  
32. extend ActiveSupport::Concern
33.  
34. included do
35. attr_reader :principal
36. before_update :check_authorization
37. before_create :check_parent_authorization, :check_uniqueness
38. end
39.  
40. ...
41.  
42. def check_authorization
43. if attendees_changed?
44. raise AuthorizationFailure,
45. 'unauthorized to update meeting' unless self.is_readable_by?(principal) ||
46. self.is_updatable_by?(principal)
47. else
48. raise AuthorizationFailure,
49. 'unauthorized to update meeting' unless self.is_updatable_by?(principal)
50. end
51. end
52.  
53. def check_parent_authorization
54. raise AuthorizationFailure,
55. 'unauthorized to update parent' unless parent.is_updatable_by?(parent.principal)
56. end
57.  
58. def check_uniqueness
59. raise AuthorizationFailure,
60. 'meeting is duplicate' if parent.meetings.include?(self)
61. end
62.  
63. end
64.  
65. class User
66.  
67. include Mongoid::Document
68. include UserAuthorization
69. extend ActiveSupport::Memoizable
70.  
71. create_references_for [
72. %w{ account_ownerships owners Account },
73. %w{ account_adminships admins Account },
74. %w{ workspace_adminships admins Workspace },
75. %w{ workspace_attendeeships attendees Workspace },
76. %w{ meeting_ownerships owners Meeting },
77. %w{ meeting_attendeeships attendees Meeting }
78. ]
79.  
80. ...
81.  
82. def create_references_for(relationships)
83. relationships.each do |row|
84. a, b, c = *row
85. self.instance_eval <<-EOL
86. references_and_referenced_in_many :#{a}, inverse_of: :#{b}, class_name: '#{c}'
87. EOL
88. end
89. end
90.  
91. ...
92.  
93. end
94.  
95. >> Testcase
96. >> When I create a 'user', with a workspace and a meeting within I get this:
97.  
98. ruby-1.9.2-p136 :007 > User.criteria.id(user._id).first.class
99. => User
100.  
101. but also this:
102.  
103. ruby-1.9.2-p136 :006 > User.criteria.id(user._id).first.workspace_attendeeships
104. Hirb Error: unauthorized to update meeting
105. /opt/livesein_ng/app/models/meetings/meeting_authorization.rb:85:in `check_authorization'
106. /Users/fw/.rvm/gems/ruby-1.9.2-p136@livesein_ng/gems/activesupport-3.0.3/lib/active_support/callbacks.rb:414:in `_run_update_callbacks'
107. /Users/fw/.rvm/gems/ruby-1.9.2-p136@livesein_ng/gems/activesupport-3.0.3/lib/active_support/callbacks.rb:93:in `run_callbacks'
108. ...