diff options
author | Stefan Wintermeyer <stefan.wintermeyer@amooma.de> | 2012-12-17 12:01:45 +0100 |
---|---|---|
committer | Stefan Wintermeyer <stefan.wintermeyer@amooma.de> | 2012-12-17 12:01:45 +0100 |
commit | b80bd744ad873f6fc43018bc4bfb90677de167bd (patch) | |
tree | 072c4b0e33d442528555b82c415f5e7a1712b2b0 /app/models/ability.rb | |
parent | 3e706c2025ecc5523e81ad649639ef2ff75e7bac (diff) |
Start of GS5.
Diffstat (limited to 'app/models/ability.rb')
-rw-r--r-- | app/models/ability.rb | 170 |
1 files changed, 170 insertions, 0 deletions
diff --git a/app/models/ability.rb b/app/models/ability.rb new file mode 100644 index 0000000..d9ec74a --- /dev/null +++ b/app/models/ability.rb @@ -0,0 +1,170 @@ +class Ability + include CanCan::Ability + + def initialize( user ) + # See the wiki for details: https://github.com/ryanb/cancan/wiki/Defining-Abilities + if user && user.current_tenant != nil + if GemeinschaftSetup.count == 1 && Tenant.count == 1 && User.count == 1 && UserGroup.count == 1 + # This is a new installation with a Master-Tenant and a Super-Admin. + # + can [:read, :create], Tenant + else + tenant = user.current_tenant + + if user.current_tenant.user_groups.where(:name => 'Admins').first \ + && user.current_tenant.user_groups.where(:name => 'Admins').first.users.include?(user) + # ADMIN ABILITIES + # With great power comes great responsibility! + # + can :manage, :all + + # Manufacturers and PhoneModels can not be changed + # + cannot [:create, :destroy, :edit, :update], Manufacturer + cannot [:create, :destroy, :edit, :update], PhoneModel + + # Super-Tenant can not be destroyed or edited + # + cannot [:create, :destroy, :edit, :update], Tenant, :id => 1 + + cannot :manage, PhoneBook + + # Phonebooks and PhoneBookEntries + # + can :manage, PhoneBook, :phone_bookable_type => 'Tenant', :phone_bookable_id => tenant.id + can :manage, PhoneBookEntry, :phone_book => { :phone_bookable_type => 'Tenant', :phone_bookable_id => tenant.id } + + can :manage, PhoneBook, :phone_bookable_type => 'UserGroup', :phone_bookable_id => tenant.user_group_ids + tenant.user_groups.each do |user_group| + can :manage, PhoneBookEntry, :phone_book => { :id => user_group.phone_book_ids } + end + + # Personal Phonebooks and PhoneBookEntries + # + can :manage, PhoneBook, :phone_bookable_type => 'User', :phone_bookable_id => user.id + can :manage, PhoneBookEntry, :phone_book => { :phone_bookable_type => 'User', :phone_bookable_id => user.id } + + can :read, PhoneBook, :phone_bookable_type => 'Tenant', :phone_bookable_id => tenant.id + can :read, PhoneBookEntry, :phone_book => { :phone_bookable_type => 'Tenant', :phone_bookable_id => tenant.id } + + can :read, PhoneBook, :phone_bookable_type => 'UserGroup', :phone_bookable_id => user.user_group_ids + user.user_groups.each do |user_group| + can :read, PhoneBookEntry, :phone_book => { :id => user_group.phone_book_ids } + end + + # SystemMessages + # + cannot [:destroy, :edit, :update], SystemMessage + + # A FacDocument can't be changed + # + cannot [:edit, :update], FaxDocument + + # Can manage GsNodes + # + can :manage, GsNode + + # Can't phones/1/phone_sip_accounts/1/edit + # + cannot :edit, PhoneSipAccount + + # Dirty hack to disable PhoneNumberRange in the GUI + # + if STRICT_INTERNAL_EXTENSION_HANDLING == false + cannot :manage, PhoneNumberRange + end + else + # Any user can do the following stuff. + # + + # Own Tenant and own User + # + can :read, Tenant, :id => user.current_tenant.id + can [ :read, :edit, :update ], User, :id => user.id + + # Destroy his own avatar + # + can :destroy_avatar, User, :id => user.id + + # Phonebooks and PhoneBookEntries + # + cannot :manage, PhoneBook + + can :manage, PhoneBook, :phone_bookable_type => 'User', :phone_bookable_id => user.id + can :manage, PhoneBookEntry, :phone_book => { :phone_bookable_type => 'User', :phone_bookable_id => user.id } + can :manage, PhoneNumber, :phone_numberable_type => 'PhoneBookEntry', :phone_numberable_id => user.phone_books.map{ |phone_book| phone_book.phone_book_entry_ids}.flatten + + can :read, PhoneBook, :phone_bookable_type => 'Tenant', :phone_bookable_id => tenant.id + can :read, PhoneBookEntry, :phone_book => { :phone_bookable_type => 'Tenant', :phone_bookable_id => tenant.id } + + can :read, PhoneBook, :phone_bookable_type => 'UserGroup', :phone_bookable_id => user.user_group_ids + user.user_groups.each do |user_group| + can :read, PhoneBookEntry, :phone_book => { :id => user_group.phone_book_ids } + end + + # UserGroups + # + can :read, UserGroupMembership, :user_id => user.id + can :read, UserGroup, :users => { :user_group_memberships => { :user_id => user.id }} + + # SipAccounts and Phones + # + can :read, SipAccount, :sip_accountable_type => 'User', :sip_accountable_id => user.id + user.sip_accounts.each do |sip_account| + can :read, PhoneNumber, :id => sip_account.phone_number_ids + can :manage, CallForward, :phone_number_id => sip_account.phone_number_ids + can :manage, Ringtone, :ringtoneable_type => 'PhoneNumber', :ringtoneable_id => sip_account.phone_number_ids + can [:read, :destroy, :call] , CallHistory, :id => sip_account.call_history_ids + end + can :read, Phone, :phoneable_type => 'User', :phoneable_id => user.id + + # Softkeys + # + can :manage, Softkey, :sip_account => { :id => user.sip_account_ids } + + # Fax + # + can :read, FaxAccount, :fax_accountable_type => 'User', :fax_accountable_id => user.id + user.fax_accounts.each do |fax_account| + can :read, PhoneNumber, :id => fax_account.phone_number_ids + can [:read, :create, :delete], FaxDocument, :fax_account_id => fax_account.id + end + + # Conferences + # + can [ :read, :edit, :update, :destroy ], Conference, :id => user.conference_ids + user.conferences.each do |conference| + can :read, PhoneNumber, :id => conference.phone_number_ids + can :manage, ConferenceInvitee, :conference_id => conference.id + end + + # User can manage CallForwards of the PhoneNumbers of his + # own SipAccounts: + # + can :manage, CallForward, :phone_number_id => user.phone_number_ids + + # SystemMessages + # + can :read, SystemMessage, :user_id => user.id + + # SoftkeyFunctions + # + can :read, SoftkeyFunction + + # Voicemail + # + can :manage, VoicemailMessage + can :manage, VoicemailSetting + end + end + else + if GemeinschaftSetup.count == 0 && Tenant.count == 0 && User.count == 0 + # This is a fresh system. + # + can :create, GemeinschaftSetup + can :manage, SipDomain + end + end + + end +end |