[myexperiment-hackers] [2200] trunk/lib/authorization.rb: added bookmarks to auth module

[noreply]

Revision

2200

Author

dgc

Date

2009-05-27 10:16:42 -0400 (Wed, 27 May 2009)

Log Message

added bookmarks to auth module

Modified Paths

• trunk/lib/authorization.rb

Diff

Modified: trunk/lib/authorization.rb (2199 => 2200)

--- trunk/lib/authorization.rb	2009-05-27 13:58:01 UTC (rev 2199)
+++ trunk/lib/authorization.rb	2009-05-27 14:16:42 UTC (rev 2200)
@@ -141,7 +141,7 @@
       # OR
       # -- Network instance
       # -- Experiment / Job / Runner / TavernaEnactor instance
-      # -- Comment
+      # -- Comment / Bookmark
       # -- or any other object instance, for which we'll use the object itself to run .authorized?() on it
       thing_instance = thing
       thing_type = thing.class.name
@@ -172,7 +172,7 @@
     # this is required to get "policy_id" for policy-based aurhorized objects (like workflows / blobs / packs / contributions)
     # and to get objects themself for other object types (networks, experiments, jobs, tavernaenactors, runners)
     if (thing_contribution.nil? && ["Workflow", "Blog", "Blob", "Pack", "Contribution"].include?(thing_type)) || 
-       (thing_instance.nil? && ["Network", "Comment", "Experiment", "Job", "TavernaEnactor", "Runner"].include?(thing_type))
+       (thing_instance.nil? && ["Network", "Comment", "Bookmark", "Experiment", "Job", "TavernaEnactor", "Runner"].include?(thing_type))
       
       found_thing = find_thing(thing_type, thing_id)
       
@@ -304,6 +304,20 @@
             is_authorized = false
         end
       
+      when "Bookmark"
+        case action
+          when "destroy"
+            # only the user who created the bookmark can delete it
+            is_authorized = Authorization.is_owner?(user_id, thing_instance)
+          when "view"
+            # everyone can view bookmarks
+            is_authorized = true
+
+          else
+            # 'edit' or any other actions are not allowed on comments
+            is_authorized = false
+        end
+      
       when "Experiment"
 
         user_instance = get_user(user_id) unless user_instance
@@ -379,6 +393,8 @@
           found_instance = Network.find(thing_id)
         when "Comment"
           found_instance = Comment.find(thing_id)
+        when "Bookmark"
+          found_instance = Bookmark.find(thing_id)
         when "Experiment"
           found_instance = Experiment.find(thing_id)
         when "Job"
@@ -412,6 +428,8 @@
         end
       when "Comment"
         is_authorized = (thing.user_id == user_id)
+      when "Bookmark"
+        is_authorized = (thing.user_id == user_id)
       #else
         # do nothing -- unknown "thing" types are not authorized by default 
     end