summaryrefslogtreecommitdiff
path: root/app/models/ability.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/models/ability.rb')
-rw-r--r--app/models/ability.rb170
1 files changed, 170 insertions, 0 deletions
diff --git a/app/models/ability.rb b/app/models/ability.rb
new file mode 100644
index 0000000..d9ec74a
--- /dev/null
+++ b/app/models/ability.rb
@@ -0,0 +1,170 @@
+class Ability
+ include CanCan::Ability
+
+ def initialize( user )
+ # See the wiki for details: https://github.com/ryanb/cancan/wiki/Defining-Abilities
+ if user && user.current_tenant != nil
+ if GemeinschaftSetup.count == 1 && Tenant.count == 1 && User.count == 1 && UserGroup.count == 1
+ # This is a new installation with a Master-Tenant and a Super-Admin.
+ #
+ can [:read, :create], Tenant
+ else
+ tenant = user.current_tenant
+
+ if user.current_tenant.user_groups.where(:name => 'Admins').first \
+ && user.current_tenant.user_groups.where(:name => 'Admins').first.users.include?(user)
+ # ADMIN ABILITIES
+ # With great power comes great responsibility!
+ #
+ can :manage, :all
+
+ # Manufacturers and PhoneModels can not be changed
+ #
+ cannot [:create, :destroy, :edit, :update], Manufacturer
+ cannot [:create, :destroy, :edit, :update], PhoneModel
+
+ # Super-Tenant can not be destroyed or edited
+ #
+ cannot [:create, :destroy, :edit, :update], Tenant, :id => 1
+
+ cannot :manage, PhoneBook
+
+ # Phonebooks and PhoneBookEntries
+ #
+ can :manage, PhoneBook, :phone_bookable_type => 'Tenant', :phone_bookable_id => tenant.id
+ can :manage, PhoneBookEntry, :phone_book => { :phone_bookable_type => 'Tenant', :phone_bookable_id => tenant.id }
+
+ can :manage, PhoneBook, :phone_bookable_type => 'UserGroup', :phone_bookable_id => tenant.user_group_ids
+ tenant.user_groups.each do |user_group|
+ can :manage, PhoneBookEntry, :phone_book => { :id => user_group.phone_book_ids }
+ end
+
+ # Personal Phonebooks and PhoneBookEntries
+ #
+ can :manage, PhoneBook, :phone_bookable_type => 'User', :phone_bookable_id => user.id
+ can :manage, PhoneBookEntry, :phone_book => { :phone_bookable_type => 'User', :phone_bookable_id => user.id }
+
+ can :read, PhoneBook, :phone_bookable_type => 'Tenant', :phone_bookable_id => tenant.id
+ can :read, PhoneBookEntry, :phone_book => { :phone_bookable_type => 'Tenant', :phone_bookable_id => tenant.id }
+
+ can :read, PhoneBook, :phone_bookable_type => 'UserGroup', :phone_bookable_id => user.user_group_ids
+ user.user_groups.each do |user_group|
+ can :read, PhoneBookEntry, :phone_book => { :id => user_group.phone_book_ids }
+ end
+
+ # SystemMessages
+ #
+ cannot [:destroy, :edit, :update], SystemMessage
+
+ # A FacDocument can't be changed
+ #
+ cannot [:edit, :update], FaxDocument
+
+ # Can manage GsNodes
+ #
+ can :manage, GsNode
+
+ # Can't phones/1/phone_sip_accounts/1/edit
+ #
+ cannot :edit, PhoneSipAccount
+
+ # Dirty hack to disable PhoneNumberRange in the GUI
+ #
+ if STRICT_INTERNAL_EXTENSION_HANDLING == false
+ cannot :manage, PhoneNumberRange
+ end
+ else
+ # Any user can do the following stuff.
+ #
+
+ # Own Tenant and own User
+ #
+ can :read, Tenant, :id => user.current_tenant.id
+ can [ :read, :edit, :update ], User, :id => user.id
+
+ # Destroy his own avatar
+ #
+ can :destroy_avatar, User, :id => user.id
+
+ # Phonebooks and PhoneBookEntries
+ #
+ cannot :manage, PhoneBook
+
+ can :manage, PhoneBook, :phone_bookable_type => 'User', :phone_bookable_id => user.id
+ can :manage, PhoneBookEntry, :phone_book => { :phone_bookable_type => 'User', :phone_bookable_id => user.id }
+ can :manage, PhoneNumber, :phone_numberable_type => 'PhoneBookEntry', :phone_numberable_id => user.phone_books.map{ |phone_book| phone_book.phone_book_entry_ids}.flatten
+
+ can :read, PhoneBook, :phone_bookable_type => 'Tenant', :phone_bookable_id => tenant.id
+ can :read, PhoneBookEntry, :phone_book => { :phone_bookable_type => 'Tenant', :phone_bookable_id => tenant.id }
+
+ can :read, PhoneBook, :phone_bookable_type => 'UserGroup', :phone_bookable_id => user.user_group_ids
+ user.user_groups.each do |user_group|
+ can :read, PhoneBookEntry, :phone_book => { :id => user_group.phone_book_ids }
+ end
+
+ # UserGroups
+ #
+ can :read, UserGroupMembership, :user_id => user.id
+ can :read, UserGroup, :users => { :user_group_memberships => { :user_id => user.id }}
+
+ # SipAccounts and Phones
+ #
+ can :read, SipAccount, :sip_accountable_type => 'User', :sip_accountable_id => user.id
+ user.sip_accounts.each do |sip_account|
+ can :read, PhoneNumber, :id => sip_account.phone_number_ids
+ can :manage, CallForward, :phone_number_id => sip_account.phone_number_ids
+ can :manage, Ringtone, :ringtoneable_type => 'PhoneNumber', :ringtoneable_id => sip_account.phone_number_ids
+ can [:read, :destroy, :call] , CallHistory, :id => sip_account.call_history_ids
+ end
+ can :read, Phone, :phoneable_type => 'User', :phoneable_id => user.id
+
+ # Softkeys
+ #
+ can :manage, Softkey, :sip_account => { :id => user.sip_account_ids }
+
+ # Fax
+ #
+ can :read, FaxAccount, :fax_accountable_type => 'User', :fax_accountable_id => user.id
+ user.fax_accounts.each do |fax_account|
+ can :read, PhoneNumber, :id => fax_account.phone_number_ids
+ can [:read, :create, :delete], FaxDocument, :fax_account_id => fax_account.id
+ end
+
+ # Conferences
+ #
+ can [ :read, :edit, :update, :destroy ], Conference, :id => user.conference_ids
+ user.conferences.each do |conference|
+ can :read, PhoneNumber, :id => conference.phone_number_ids
+ can :manage, ConferenceInvitee, :conference_id => conference.id
+ end
+
+ # User can manage CallForwards of the PhoneNumbers of his
+ # own SipAccounts:
+ #
+ can :manage, CallForward, :phone_number_id => user.phone_number_ids
+
+ # SystemMessages
+ #
+ can :read, SystemMessage, :user_id => user.id
+
+ # SoftkeyFunctions
+ #
+ can :read, SoftkeyFunction
+
+ # Voicemail
+ #
+ can :manage, VoicemailMessage
+ can :manage, VoicemailSetting
+ end
+ end
+ else
+ if GemeinschaftSetup.count == 0 && Tenant.count == 0 && User.count == 0
+ # This is a fresh system.
+ #
+ can :create, GemeinschaftSetup
+ can :manage, SipDomain
+ end
+ end
+
+ end
+end