module OrbitCoreLib module ObjectAuthable def self.included(base) base.instance_eval("has_many :object_auths,as: :obj_authable,dependent: :delete") base.define_singleton_method :authed_for_user do |user,title = nil| sub_role_ids_ary=user.sub_roles.collect{|t| t.id} if title.nil? auth_object_space = ObjectAuth.where(obj_authable_type: self.to_s) else auth_object_space = ObjectAuth.where(obj_authable_type: self.to_s,title: title) end query1 = auth_object_space.any_in({sub_role_ids: sub_role_ids_ary}).excludes(blocked_user_ids: user.id) query2 = auth_object_space.any_of({all: true},{privilege_user_ids: user.id},{role_ids: user.role.id}).excludes(blocked_user_ids: user.id) result = (query1 + query2).uniq result.collect{|t| t.obj_authable} end end def pp_object "Object Auth method 'pp_object' need to be defined for class #{self.class}" end def get_object_auth_by_title(title) self.object_auths.where({title: title }).first end def authed_users(title=nil) users = [] users = case title when :all ary = self.object_auths.collect{|t| t.auth_users} ary.flatten! when nil if self.object_auths.count ==1 self.object_auths.first.auth_users_after_block_list rescue [] else logger.info "Warning calling a auth commend without specificed value( has multi-auths ), return empty" [] end else get_object_auth_by_title(title).auth_users rescue [] end users end end module ObjectTokenUnility def self.included(base) base.instance_eval("field :s_token") base.instance_eval("after_create :generate_token") end def token return self.s_token end protected def generate_token self.s_token = ActiveSupport::SecureRandom.hex(16) self.save! end end module PermissionUnility private def check_permission(type = :use) permission_grant = current_user.admin?? true : false module_app = @module_app.nil?? find_module_app_by_token(params[:token]) : @module_app unless permission_grant permission_grant = case type when :use users_ary = module_app.app_auth.auth_users rescue nil users_ary = [] if users_ary.nil? (users_ary.include?(current_user) || module_app.is_manager?(current_user) || module_app.is_sub_manager?(current_user)) when :manager module_app.is_manager?(current_user) when :sub_manager module_app.is_manager?(current_user) || module_app.is_sub_manager?(current_user) end end permission_grant end def find_module_app_by_token(token) ModuleApp.first(conditions: {s_token: token}) end end end