RubyGems - pageflow - Versions diffs - 0.11.4 → 12.0.0.rc1 - Mend

pageflow 0.11.4 → 12.0.0.rc1

Potentially problematic release.

This version of pageflow might be problematic. Click here for more details.

Files changed (416) hide show

data/app/policies/pageflow/admin/entry_tab_policy.rb ADDED Viewed

@@ -0,0 +1,25 @@
+module Pageflow
+  module Admin
+    class EntryTabPolicy
+      attr_reader :user, :tab, :query
+      def initialize(user, tab)
+        @user = user
+        @tab = tab
+        @query = EntryRoleQuery.new(user, tab.resource)
+      end
+      def see?
+        if user.admin?
+          true
+        elsif tab.required_account_role
+          query.has_at_least_account_role?(tab.required_account_role)
+        elsif tab.required_role
+          query.has_at_least_role?(tab.required_role)
+        else
+          !tab.admin_only?
+        end
+      end
+    end
+  end
+end

data/app/policies/pageflow/application_policy.rb ADDED Viewed

@@ -0,0 +1,11 @@
+module Pageflow
+  class ApplicationPolicy
+    class Scope
+      protected
+      def sanitize_sql_array(array)
+        ActiveRecord::Base.send(:sanitize_sql_array, array)
+      end
+    end
+  end
+end

data/app/policies/pageflow/entry_policy.rb ADDED Viewed

@@ -0,0 +1,138 @@
+module Pageflow
+  class EntryPolicy < ApplicationPolicy
+    class Scope < Scope
+      attr_reader :user, :scope, :query
+      def initialize(user, scope)
+        @user = user
+        @scope = scope
+        @query = EntryRoleQuery::Scope.new(user, scope)
+      end
+      def resolve
+        if user.admin?
+          scope.all
+        else
+          query.with_role_at_least(:previewer)
+        end
+      end
+      def editor_or_above
+        query.with_role_at_least(:editor)
+      end
+      def publisher_or_above
+        query.with_role_at_least(:publisher)
+      end
+      def member_addable
+        publisher_or_above
+      end
+      def manager_or_above
+        query.with_role_at_least(:manager)
+      end
+    end
+    attr_reader :user, :query
+    def initialize(user, entry)
+      @user = user
+      @entry = entry
+      @query = EntryRoleQuery.new(user, entry)
+    end
+    def record
+      @entry
+    end
+    def preview?
+      query.has_at_least_role?(:previewer)
+    end
+    def read?
+      preview?
+    end
+    def use_files?
+      preview?
+    end
+    def edit?
+      query.has_at_least_role?(:editor)
+    end
+    def confirm_encoding?
+      edit?
+    end
+    def edit_outline?
+      edit?
+    end
+    def index_widgets_for?
+      edit?
+    end
+    def restore?
+      edit?
+    end
+    def snapshot?
+      edit?
+    end
+    def publish?
+      query.has_at_least_role?(:publisher)
+    end
+    def create?
+      publish? && AccountPolicy::Scope.new(user, Account).entry_creatable.any?
+    end
+    def duplicate?
+      publish?
+    end
+    def manage?
+      user.admin? ||
+        query.has_at_least_role?(:manager)
+    end
+    def add_member_to?
+      manage?
+    end
+    def edit_role_on?
+      manage?
+    end
+    def destroy_membership_on?
+      manage?
+    end
+    def publish_on_account_of?
+      query.has_at_least_account_role?(:publisher)
+    end
+    def update_account_on?
+      publish_on_account_of?
+    end
+    def update_theming_on?
+      publish_on_account_of?
+    end
+    def manage_account_of?
+      query.has_at_least_account_role?(:manager)
+    end
+    def update_feature_configuration_on?
+      manage_account_of?
+    end
+    def destroy?
+      manage_account_of?
+    end
+  end
+end

data/app/policies/pageflow/file_policy.rb ADDED Viewed

@@ -0,0 +1,42 @@
+module Pageflow
+  class FilePolicy < ApplicationPolicy
+    def initialize(user, file)
+      @user = user
+      @file = file
+    end
+    def manage?
+      if @file.parent_file
+        can_edit_any_entry_using_file?(@file.parent_file)
+      else
+        can_edit_any_entry_using_file?(@file)
+      end
+    end
+    def use?
+      can_preview_any_entry_using_file?
+    end
+    private
+    def can_preview_any_entry_using_file?
+      previewer_of_any_entry_using_file_or_its_account?(@user, @file)
+    end
+    def previewer_of_any_entry_using_file_or_its_account?(user, file)
+      entries_user_is_previewer_or_above_on = EntryPolicy::Scope
+                                              .new(user, Entry).resolve
+      (entries_user_is_previewer_or_above_on.map(&:id) & file.using_entry_ids).any?
+    end
+    def can_edit_any_entry_using_file?(file)
+      editor_of_any_entry_using_file_or_its_account?(@user, file)
+    end
+    def editor_of_any_entry_using_file_or_its_account?(user, file)
+      entries_user_is_editor_or_above_on = EntryPolicy::Scope
+                                           .new(user, Entry).editor_or_above
+      (entries_user_is_editor_or_above_on.map(&:id) & file.using_entry_ids).any?
+    end
+  end
+end

data/app/policies/pageflow/folder_policy.rb ADDED Viewed

@@ -0,0 +1,54 @@
+module Pageflow
+  class FolderPolicy < ApplicationPolicy
+    class Scope < Scope
+      attr_reader :user, :scope
+      def initialize(user, scope)
+        @user = user
+        @scope = scope
+      end
+      def resolve
+        if user.admin?
+          scope.all
+        else
+          scope.where('account_id IN (?) OR id IN (?)',
+                      accounts_where_user_is_at_least_previewer(user).map(&:id),
+                      user.entries.map(&:folder_id))
+        end
+      end
+      private
+      def accounts_where_user_is_at_least_previewer(user)
+        user.accounts.joins(sanitize_sql_array([
+          'LEFT OUTER JOIN pageflow_memberships as pageflow_memberships_2 ON ' \
+          'pageflow_memberships_2.user_id = :user_id AND ' \
+          'pageflow_memberships_2.entity_type = "Pageflow::Account" AND ' \
+          'pageflow_memberships_2.entity_id = pageflow_accounts.id AND ' \
+          'pageflow_memberships_2.role IN ("previewer", "editor", "publisher", "manager")',
+          user_id: user.id])).where('pageflow_memberships_2.entity_id IS NOT NULL')
+      end
+    end
+    def initialize(user, folder)
+      @user = user
+      @folder = folder
+    end
+    def manage?
+      allows?(%w(publisher manager))
+    end
+    def show_account_selection_on?
+      (@user.admin? && Account.all.size > 1) ||
+        @user.memberships.as_publisher_or_above.on_accounts.size > 1
+    end
+    private
+    def allows?(roles)
+      @user.memberships.where(role: roles, entity: @folder.account).any?
+    end
+  end
+end

data/app/policies/pageflow/membership_policy.rb ADDED Viewed

@@ -0,0 +1,105 @@
+module Pageflow
+  class MembershipPolicy < ApplicationPolicy
+    class Scope < Scope
+      attr_reader :user, :scope
+      def initialize(user, scope)
+        @user = user
+        @scope = scope
+      end
+      def indexable
+        if user.admin?
+          scope.all
+        else
+          scope.where(permissions_appropriate).where(membership_is_present)
+        end
+      end
+      private
+      def permissions_appropriate
+        sanitize_sql_array(['pageflow_memberships.entity_type = "Pageflow::Account" AND ' \
+                            'pageflow_memberships.entity_id IN (:managed_account_ids) OR ' \
+                            'pageflow_memberships.entity_type = "Pageflow::Entry" AND ' \
+                            'pageflow_memberships.entity_id IN (:common_entry_ids) OR '\
+                            'pageflow_memberships.user_id = :user_id',
+                            managed_account_ids: managed_account_ids,
+                            common_entry_ids: common_entry_ids,
+                            user_id: @user.id])
+      end
+      def managed_account_ids
+        user.memberships.on_accounts.where(role: 'manager').map(&:entity_id)
+      end
+      def common_entry_ids
+        EntryPolicy::Scope.new(user, Entry).resolve.map(&:id)
+      end
+      def membership_is_present
+        'pageflow_memberships.entity_id IS NOT NULL'
+      end
+    end
+    def initialize(user, membership)
+      @user = user
+      @membership = membership
+    end
+    def create?
+      if @membership.entity_type == 'Pageflow::Account'
+        create_for_account?
+      else
+        create_for_entry?
+      end
+    end
+    def edit_role?
+      if @membership.entity_type == 'Pageflow::Account'
+        edit_role_on_account?
+      else
+        edit_role_on_entry?
+      end
+    end
+    def destroy?
+      if @membership.entity_type == 'Pageflow::Account'
+        destroy_for_account?
+      else
+        destroy_for_entry?
+      end
+    end
+    private
+    def create_for_entry?
+      EntryPolicy.new(@user, @membership.entity).add_member_to? &&
+        @membership.user.accounts.include?(@membership.entity.account)
+    end
+    def create_for_account?
+      AccountPolicy.new(@user, @membership.entity).add_member_to?
+    end
+    def edit_role_on_entry?
+      @user.admin? ||
+        EntryPolicy.new(@user, @membership.entity).edit_role_on?
+    end
+    def edit_role_on_account?
+      @user.admin? ||
+        AccountPolicy.new(@user, @membership.entity).edit_role_on?
+    end
+    def destroy_for_entry?
+      @user.admin? ||
+        EntryPolicy.new(@user, @membership.entity).destroy_membership_on?
+    end
+    def destroy_for_account?
+      @user.admin? ||
+        AccountPolicy.new(@user, @membership.entity).destroy_membership_on?
+    end
+  end
+end

data/app/policies/pageflow/theming_policy.rb ADDED Viewed

@@ -0,0 +1,57 @@
+module Pageflow
+  class ThemingPolicy < ApplicationPolicy
+    class Scope < Scope
+      attr_reader :user, :scope
+      def initialize(user, scope)
+        @user = user
+        @scope = scope
+      end
+      def themings_allowed_for(accounts)
+        if user.admin?
+          scope.all
+        else
+          accounts_ids = accounts.try(:id) || accounts.try(:length) && accounts.map(&:id)
+          scope.joins(publisher_memberships_for_accounts(user, accounts_ids))
+            .where(membership_is_present)
+        end
+      end
+      private
+      def publisher_memberships_for_accounts(user, accounts_ids)
+        sanitize_sql_array(['LEFT OUTER JOIN pageflow_memberships ON ' \
+                            'pageflow_memberships.user_id = :user_id AND ' \
+                            'pageflow_themings.account_id IN (:accounts_ids) AND ' \
+                            'pageflow_memberships.entity_id IN (:accounts_ids) AND ' \
+                            'pageflow_memberships.entity_type = "Pageflow::Account" AND ' \
+                            'pageflow_memberships.role IN ("publisher", "manager")',
+                            user_id: user.id, accounts_ids: accounts_ids])
+      end
+      def membership_is_present
+        'pageflow_memberships.entity_id IS NOT NULL'
+      end
+    end
+    def initialize(user, theming)
+      @user = user
+      @theming = theming
+    end
+    def edit?
+      allows?(%w(publisher manager))
+    end
+    def index_widgets_for?
+      @user.admin?
+    end
+    private
+    def allows?(roles)
+      @user.memberships.where(role: roles, entity: @theming.account).any?
+    end
+  end
+end

data/app/policies/pageflow/user_policy.rb ADDED Viewed

@@ -0,0 +1,69 @@
+module Pageflow
+  class UserPolicy < ApplicationPolicy
+    class Scope < Scope
+      attr_reader :user, :scope
+      def initialize(user, scope)
+        @user = user
+        @scope = scope
+      end
+      def resolve
+        if user.admin?
+          scope.all
+        else
+          manager_accounts_ids = AccountPolicy::Scope
+                                 .new(@user, Account).member_addable.map(&:id)
+          scope.joins(:memberships)
+            .where('pageflow_memberships.entity_type = "Pageflow::Account"')
+            .where(membership_in_managed_account(manager_accounts_ids)).distinct
+        end
+      end
+      private
+      def membership_in_managed_account(accounts_ids)
+        sanitize_sql_array(['pageflow_memberships.entity_id IN (:accounts_ids)',
+                            accounts_ids: accounts_ids])
+      end
+    end
+    def initialize(user, managed_user)
+      @user = user
+      @managed_user = managed_user
+    end
+    def create?
+      index?
+    end
+    def index?
+      @user.memberships.on_accounts.where(role: 'manager').any?
+    end
+    def read?
+      manager_accounts = AccountPolicy::Scope
+                         .new(@user, Account).member_addable
+      managed_user_accounts = AccountPolicy::Scope
+                              .new(@managed_user, Account).resolve
+      (manager_accounts & managed_user_accounts).any?
+    end
+    def redirect_to_user?
+      read?
+    end
+    def admin?
+      @user.admin?
+    end
+    def set_admin?
+      admin?
+    end
+    def delete_own_user?
+      Pageflow.config.authorize_user_deletion.call(@managed_user) == true
+    end
+  end
+end