Authorization for data on dashboard and index pages
[gitorious:mainline.git] / lib / gitorious / authorization.rb
1 # encoding: utf-8
2 #--
3 #   Copyright (C) 2012 Gitorious AS
4 #
5 #   This program is free software: you can redistribute it and/or modify
6 #   it under the terms of the GNU Affero General Public License as published by
7 #   the Free Software Foundation, either version 3 of the License, or
8 #   (at your option) any later version.
9 #
10 #   This program is distributed in the hope that it will be useful,
11 #   but WITHOUT ANY WARRANTY; without even the implied warranty of
12 #   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13 #   GNU Affero General Public License for more details.
14 #
15 #   You should have received a copy of the GNU Affero General Public License
16 #   along with this program.  If not, see <http://www.gnu.org/licenses/>.
17 #++
18 require "gitorious/authorization/configuration"
19
20 module Gitorious
21   module Authorization
22     class UnauthorizedError < StandardError; end
23
24     def self.delegate_ability(action)
25       self.send(:define_method, action) do |agent, subject|
26         delegate(action, agent, subject)
27       end
28     end
29
30     ### Abilities
31     delegate_ability :can_read?
32     delegate_ability :can_push?
33     delegate_ability :can_delete?
34     delegate_ability :can_edit?
35     delegate_ability :can_request_merge?
36     delegate_ability :can_resolve_merge_request?
37     delegate_ability :can_reopen_merge_request?
38     delegate_ability :can_grant_access?
39
40     ### Roles
41     def committer?(candidate, thing)
42       if thing.is_a?(User)
43         is_self = candidate == thing
44         return delegate_with_default(:user_committer?, is_self, candidate, thing)
45       end
46       return delegate(:group_committer?, candidate, thing) if thing.is_a?(Group)
47       delegate(:committer?, candidate, thing)
48     end
49
50     def reviewer?(user, repository)
51       delegate(:reviewer?, user, repository)
52     end
53
54     def admin?(candidate, thing)
55       delegate(:admin?, candidate, thing)
56     end
57
58     def site_admin?(user)
59       delegate(:site_admin?, user)
60     end
61
62     def is_member?(agent, subject)
63       delegate(:is_member?, agent, subject)
64     end
65
66     ### Data access
67     def committers(repository)
68       delegate_with_default(:committers, [], repository)
69     end
70
71     def reviewers(repository)
72       delegate_with_default(:reviewers, [], repository)
73     end
74
75     def administrators(repository)
76       delegate_with_default(:administrators, [], repository)
77     end
78
79     def review_repositories(user)
80       delegate_with_default(:review_repositories, [], user)
81     end
82
83     def filter_authorized(actor, collection)
84       delegate_with_default(:filter_authorized, [], actor, collection)
85     end
86
87     private
88     def delegate(method, *args)
89       Configuration.strategies.each do |authorizer|
90         if authorizer.respond_to?(method)
91           result = authorizer.send(method, *args)
92           return result if result
93         end
94       end
95       nil
96     end
97
98     def delegate_with_default(method, default, *args)
99       Configuration.strategies.each do |authorizer|
100         if authorizer.respond_to?(method)
101           return authorizer.send(method, *args)
102         end
103       end
104       default
105     end
106   end
107 end