-
Notifications
You must be signed in to change notification settings - Fork 357
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Inline methods inherited from BaseAccess
This should allow us to be more explicit about what access methods models actually have, so that we don't need to convert methods to use Perm if they aren't actually used anywhere. [#158126525] Signed-off-by: Isobel Redelmeier <iredelmeier@pivotal.io>
- Loading branch information
Showing
29 changed files
with
1,727 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,72 @@ | ||
module VCAP::CloudController | ||
class AppEventAccess < BaseAccess | ||
def create?(object, params=nil) | ||
admin_user? | ||
end | ||
|
||
def read?(object) | ||
return @ok_read if instance_variable_defined?(:@ok_read) | ||
@ok_read = (admin_user? || admin_read_only_user? || global_auditor? || object_is_visible_to_user?(object, context.user)) | ||
end | ||
|
||
def read_for_update?(object, params=nil) | ||
admin_user? | ||
end | ||
|
||
def can_remove_related_object?(object, params=nil) | ||
read_for_update?(object, params) | ||
end | ||
|
||
def read_related_object_for_update?(object, params=nil) | ||
read_for_update?(object, params) | ||
end | ||
|
||
def update?(object, params=nil) | ||
admin_user? | ||
end | ||
|
||
def delete?(object) | ||
admin_user? | ||
end | ||
|
||
def index?(object_class, params=nil) | ||
# This can return true because the index endpoints filter objects based on user visibilities | ||
true | ||
end | ||
|
||
# These methods should be called first to determine if the user's token has the appropriate scope for the operation | ||
|
||
def read_with_token?(_) | ||
admin_user? || admin_read_only_user? || has_read_scope? || global_auditor? | ||
end | ||
|
||
def create_with_token?(_) | ||
admin_user? || has_write_scope? | ||
end | ||
|
||
def read_for_update_with_token?(_) | ||
admin_user? || has_write_scope? | ||
end | ||
|
||
def can_remove_related_object_with_token?(*args) | ||
read_for_update_with_token?(*args) | ||
end | ||
|
||
def read_related_object_for_update_with_token?(*args) | ||
read_for_update_with_token?(*args) | ||
end | ||
|
||
def update_with_token?(_) | ||
admin_user? || has_write_scope? | ||
end | ||
|
||
def delete_with_token?(_) | ||
admin_user? || has_write_scope? | ||
end | ||
|
||
def index_with_token?(_) | ||
# This can return true because the index endpoints filter objects based on user visibilities | ||
true | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.