Merge pull request #1238 from noesya/refactor-abililties

Amélioration de la maintenabilité des droits

Merge pull request #1238 from noesya/refactor-abililties
960b059f · Arnaud Levy · GitHub · 9c3eca02 · 7dd73500 · 960b059f
Unverified Commit 960b059f authored 1 year ago by Arnaud Levy Committed by GitHub 1 year ago
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -13,6 +13,10 @@ class ApplicationController < ActionController::Base

  private

+  def current_ability
+    @current_ability ||= Ability.for(current_user)
+  end
+
  def ensure_university
    render_forbidden unless current_university
  end

--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -3,173 +3,17 @@
 class Ability
  include CanCan::Ability

+  def self.for(user)
+    "Ability::#{user.role.classify}".constantize.new user
+  end
+
  def initialize(user)
    @user = user ||= User.new # guest user (not logged in)
-    send @user.role.to_sym
  end

  protected

-  def visitor
-  end
-
-  def contributor
-    author
-    cannot :publish, Communication::Website::Post
-  end
-  
-  def author
-    managed_websites_ids = @user.websites_to_manage.pluck(:communication_website_id)
-    can :manage, Communication::Block, university_id: @user.university_id, about_type: 'Communication::Website::Post', about_id: Communication::Website::Post.where(university_id: @user.university_id, author_id: @user.person&.id).pluck(:id)
-    can :create, Communication::Block
-    can :manage, Communication::Block::Heading, university_id: @user.university_id, about_type: 'Communication::Website::Post', about_id: Communication::Website::Post.where(university_id: @user.university_id, author_id: @user.person&.id).pluck(:id)
-    can :create, Communication::Block::Heading
-    can :read, Communication::Website, university_id: @user.university_id, id: managed_websites_ids
-    can :manage, Communication::Website::Post, university_id: @user.university_id, communication_website_id: managed_websites_ids, author_id: @user.person&.id
-  end
-
-  def teacher
-    can :manage, Communication::Block, university_id: @user.university_id, about_type: 'Education::Program', about_id: Education::Program.where(university_id: @user.university_id).pluck(:id)
-    can :manage, Communication::Block, university_id: @user.university_id, about_type: 'University::Person', about_id: University::Person.where(university_id: @user.university_id, user_id: @user.id).pluck(:id)
-    can :create, Communication::Block
-    can :manage, Communication::Block::Heading, university_id: @user.university_id, about_type: 'Education::Program', about_id: Education::Program.where(university_id: @user.university_id).pluck(:id)
-    can :manage, Communication::Block::Heading, university_id: @user.university_id, about_type: 'University::Person', about_id: University::Person.where(university_id: @user.university_id, user_id: @user.id).pluck(:id)
-    can :create, Communication::Block::Heading
-    can [:read, :children], Education::Program, university_id: @user.university_id
-    can :manage, University::Person, user_id: @user.id
-    cannot :create, University::Person
-    can :manage, University::Person::Involvement, person_id: @user.person&.id
-    can :read, University::Person::Involvement, university_id: @user.university_id
-    can :read, University::Role, university_id: @user.university_id
-  end
-  
-  def program_manager
-    managed_programs_ids = @user.programs_to_manage.pluck(:education_program_id)
-    can :manage, Communication::Block, university_id: @user.university_id, about_type: 'Communication::Website::Post', about_id: Communication::Website::Post.where(university_id: @user.university_id).pluck(:id)
-    can :manage, Communication::Block, university_id: @user.university_id, about_type: 'University::Person', about_id: University::Person.where(university_id: @user.university_id).pluck(:id)
-    can :manage, Communication::Block, university_id: @user.university_id, about_type: 'Education::Program', about_id: managed_programs_ids
-    can :create, Communication::Block
-    can :manage, Communication::Block::Heading, university_id: @user.university_id, about_type: 'Communication::Website::Post', about_id: Communication::Website::Post.where(university_id: @user.university_id).pluck(:id)
-    can :manage, Communication::Block::Heading, university_id: @user.university_id, about_type: 'Education::Program', about_id: managed_programs_ids
-    can :manage, Communication::Block::Heading, university_id: @user.university_id, about_type: 'University::Person', about_id: University::Person.where(university_id: @user.university_id).pluck(:id)
-    can :create, Communication::Block::Heading
-    can :read, Communication::Website, university_id: @user.university_id
-    can :manage, Communication::Website::Post, university_id: @user.university_id
-    can :manage, Education::Program, id: managed_programs_ids
-    can [:read, :children], Education::Program, university_id: @user.university_id
-    cannot :create, Education::Program
-    can :manage, University::Person, university_id: @user.university_id
-    can :manage, University::Person::Involvement, target_type: "Education::Program", target_id: managed_programs_ids
-    can :manage, University::Role, target_type: "Education::Program", target_id: managed_programs_ids
-  end
-
-  def website_manager
-    managed_websites_ids = @user.websites_to_manage.pluck(:communication_website_id)
-    managed_pages_ids = Communication::Website::Page.where(communication_website_id: managed_websites_ids).pluck(:id)
-    managed_posts_ids = Communication::Website::Post.where(communication_website_id: managed_websites_ids).pluck(:id)
-    can :manage, Communication::Block, university_id: @user.university_id, about_type: 'Communication::Website::Page', about_id: managed_pages_ids
-    can :manage, Communication::Block, university_id: @user.university_id, about_type: 'Communication::Website::Post', about_id: managed_posts_ids
-    can :manage, Communication::Block, university_id: @user.university_id, about_type: 'University::Organization', about_id: University::Organization.where(university_id: @user.university_id).pluck(:id)
-    can :manage, Communication::Block, university_id: @user.university_id, about_type: 'University::Person', about_id: University::Person.where(university_id: @user.university_id).pluck(:id)
-    can :create, Communication::Block
-    can :manage, Communication::Block::Heading, university_id: @user.university_id, about_type: 'Communication::Website::Page', about_id: managed_pages_ids
-    can :manage, Communication::Block::Heading, university_id: @user.university_id, about_type: 'Communication::Website::Post', about_id: managed_posts_ids
-    can :manage, Communication::Block::Heading, university_id: @user.university_id, about_type: 'University::Organization', about_id: University::Organization.where(university_id: @user.university_id).pluck(:id)
-    can :manage, Communication::Block::Heading, university_id: @user.university_id, about_type: 'University::Person', about_id: University::Person.where(university_id: @user.university_id).pluck(:id)
-    can :create, Communication::Block::Heading
-    can [:read, :analytics], Communication::Website, university_id: @user.university_id, id: managed_websites_ids
-    can :manage, Communication::Website::Category, university_id: @user.university_id, communication_website_id: managed_websites_ids
-    can [:read, :update, :reorder], Communication::Website::Menu, university_id: @user.university_id, communication_website_id: managed_websites_ids
-    can :manage, Communication::Website::Menu::Item, university_id: @user.university_id, website_id: managed_websites_ids
-    can :create, Communication::Website::Menu::Item, university_id: @user.university_id
-    can :manage, Communication::Website::Page, university_id: @user.university_id, communication_website_id: managed_websites_ids
-    can :manage, Communication::Website::Post, university_id: @user.university_id, communication_website_id: managed_websites_ids
-    can :manage, University::Organization, university_id: @user.university_id
-    can :manage, University::Person, university_id: @user.university_id
-    can :manage, University::Person::Category, university_id: @user.university_id
-    can :manage, University::Person::Experience, university_id: @user.university_id
-    can :manage, University::Person::Involvement, university_id: @user.university_id
-  end
-
-  def admin
-    admin_university
-    admin_education
-    admin_research
-    admin_communication
-    admin_communication_extranet
-    admin_administration
-    can :manage, Import, university_id: @user.university_id
-  end
-
-  def admin_university
-    can :manage, University::Organization, university_id: @user.university_id
-    can :manage, University::Organization::Category, university_id: @user.university_id
-    can :manage, University::Person, university_id: @user.university_id
-    can :manage, University::Person::Category, university_id: @user.university_id
-    can :manage, University::Person::Experience, university_id: @user.university_id
-    can :manage, University::Person::Involvement, university_id: @user.university_id
-    can :manage, University::Role, university_id: @user.university_id
-    can :read, User, university_id: @user.university_id
-    can :manage, User, university_id: @user.university_id, role: @user.managed_roles
-  end
-
-  def admin_education
-    can :manage, Education::AcademicYear, university_id: @user.university_id
-    can :manage, Education::Cohort, university_id: @user.university_id
-    can :manage, Education::Diploma, university_id: @user.university_id
-    can :manage, Education::Program, university_id: @user.university_id
-    can :manage, Education::School, university_id: @user.university_id
-    can :manage, :all_programs # needed to prevent program_manager to access specific global screens
-  end
-
-  def admin_research
-    can :manage, Research::Hal::Author
-    can :manage, Research::Hal::Publication
-    can :manage, Research::Journal, university_id: @user.university_id
-    can :manage, Research::Journal::Paper, university_id: @user.university_id
-    can :manage, Research::Journal::Paper::Kind, university_id: @user.university_id
-    can :manage, Research::Journal::Volume, university_id: @user.university_id
-    can :manage, Research::Laboratory, university_id: @user.university_id
-    can :manage, Research::Laboratory::Axis, university_id: @user.university_id
-    can :manage, Research::Thesis, university_id: @user.university_id
-  end
-
-  def admin_communication
-    can :manage, Communication::Block, university_id: @user.university_id
-    can :create, Communication::Block
-    can :manage, Communication::Block::Heading, university_id: @user.university_id
-    can :create, Communication::Block::Heading
-    can :manage, Communication::Website, university_id: @user.university_id
-    # Est-ce bien raisonnable de laisser supprimer un site ?
-    # Le risque de faussse manip est grand.
-    cannot :destroy, Communication::Website, university_id: @user.university_id
-    can :manage, Communication::Website::Category, university_id: @user.university_id
-    can :manage, Communication::Website::Imported::Website, university_id: @user.university_id
-    can :manage, Communication::Website::Imported::Page, university_id: @user.university_id
-    can :manage, Communication::Website::Imported::Post, university_id: @user.university_id
-    can :manage, Communication::Website::Menu, university_id: @user.university_id
-    can :manage, Communication::Website::Menu::Item, university_id: @user.university_id
-    can :manage, Communication::Website::Page, university_id: @user.university_id
-    can :manage, Communication::Website::Post, university_id: @user.university_id
-  end
-  
-  def admin_communication_extranet
-    can [:read, :update], Communication::Extranet, university_id: @user.university_id
-    can :manage, Communication::Extranet::Connection, university_id: @user.university_id
-    can :manage, Communication::Extranet::Document, university_id: @user.university_id
-    can :manage, Communication::Extranet::Document::Category, university_id: @user.university_id
-    can :manage, Communication::Extranet::Document::Kind, university_id: @user.university_id
-    can :manage, Communication::Extranet::Post, university_id: @user.university_id
-    can :manage, Communication::Extranet::Post::Category, university_id: @user.university_id
-  end
-
-  def admin_administration
-    can :read, Administration::Qualiopi
-    can :read, Administration::Qualiopi::Criterion
-    can :read, Administration::Qualiopi::Indicator
-  end
-
-  def server_admin
-    can :manage, :all
+  def managed_websites_ids
+    @managed_websites_ids ||= @user.websites_to_manage.pluck(:communication_website_id)
  end
 end
--- a/app/models/ability/admin.rb
+++ b/app/models/ability/admin.rb
+class Ability::Admin < Ability
+
+  def initialize(user)
+    super
+    admin_university
+    admin_education
+    admin_research
+    admin_communication
+    admin_communication_extranet
+    admin_administration
+    can :manage, Import, university_id: @user.university_id
+  end
+
+  protected
+
+  def admin_university
+    can :manage, University::Organization, university_id: @user.university_id
+    can :manage, University::Organization::Category, university_id: @user.university_id
+    can :manage, University::Person, university_id: @user.university_id
+    can :manage, University::Person::Category, university_id: @user.university_id
+    can :manage, University::Person::Experience, university_id: @user.university_id
+    can :manage, University::Person::Involvement, university_id: @user.university_id
+    can :manage, University::Role, university_id: @user.university_id
+    can :read, User, university_id: @user.university_id
+    can :manage, User, university_id: @user.university_id, role: @user.managed_roles
+  end
+
+  def admin_education
+    can :manage, Education::AcademicYear, university_id: @user.university_id
+    can :manage, Education::Cohort, university_id: @user.university_id
+    can :manage, Education::Diploma, university_id: @user.university_id
+    can :manage, Education::Program, university_id: @user.university_id
+    can :manage, Education::School, university_id: @user.university_id
+    can :manage, :all_programs # needed to prevent program_manager to access specific global screens
+  end
+
+  def admin_research
+    can :manage, Research::Hal::Author
+    can :manage, Research::Hal::Publication
+    can :manage, Research::Journal, university_id: @user.university_id
+    can :manage, Research::Journal::Paper, university_id: @user.university_id
+    can :manage, Research::Journal::Paper::Kind, university_id: @user.university_id
+    can :manage, Research::Journal::Volume, university_id: @user.university_id
+    can :manage, Research::Laboratory, university_id: @user.university_id
+    can :manage, Research::Laboratory::Axis, university_id: @user.university_id
+    can :manage, Research::Thesis, university_id: @user.university_id
+  end
+
+  def admin_communication
+    can :manage, Communication::Block, university_id: @user.university_id
+    can :create, Communication::Block
+    can :manage, Communication::Block::Heading, university_id: @user.university_id
+    can :create, Communication::Block::Heading
+    can :manage, Communication::Website, university_id: @user.university_id
+    # Est-ce bien raisonnable de laisser supprimer un site ?
+    # Le risque de faussse manip est grand.
+    cannot :destroy, Communication::Website, university_id: @user.university_id
+    can :manage, Communication::Website::Category, university_id: @user.university_id
+    can :manage, Communication::Website::Imported::Website, university_id: @user.university_id
+    can :manage, Communication::Website::Imported::Page, university_id: @user.university_id
+    can :manage, Communication::Website::Imported::Post, university_id: @user.university_id
+    can :manage, Communication::Website::Menu, university_id: @user.university_id
+    can :manage, Communication::Website::Menu::Item, university_id: @user.university_id
+    can :manage, Communication::Website::Page, university_id: @user.university_id
+    can :manage, Communication::Website::Post, university_id: @user.university_id
+  end
+  
+  def admin_communication_extranet
+    can [:read, :update], Communication::Extranet, university_id: @user.university_id
+    can :manage, Communication::Extranet::Connection, university_id: @user.university_id
+    can :manage, Communication::Extranet::Document, university_id: @user.university_id
+    can :manage, Communication::Extranet::Document::Category, university_id: @user.university_id
+    can :manage, Communication::Extranet::Document::Kind, university_id: @user.university_id
+    can :manage, Communication::Extranet::Post, university_id: @user.university_id
+    can :manage, Communication::Extranet::Post::Category, university_id: @user.university_id
+  end
+
+  def admin_administration
+    can :read, Administration::Qualiopi
+    can :read, Administration::Qualiopi::Criterion
+    can :read, Administration::Qualiopi::Indicator
+  end
+end
\ No newline at end of file
--- a/app/models/ability/contributor.rb
+++ b/app/models/ability/contributor.rb
+class Ability::Contributor < Ability
+
+  def initialize(user)
+    super
+    can :manage, Communication::Block, university_id: @user.university_id, about_type: 'Communication::Website::Post', about_id: Communication::Website::Post.where(university_id: @user.university_id, author_id: @user.person&.id).pluck(:id)
+    can :create, Communication::Block
+    can :manage, Communication::Block::Heading, university_id: @user.university_id, about_type: 'Communication::Website::Post', about_id: Communication::Website::Post.where(university_id: @user.university_id, author_id: @user.person&.id).pluck(:id)
+    can :create, Communication::Block::Heading
+    can :read, Communication::Website, university_id: @user.university_id, id: managed_websites_ids
+    can :manage, Communication::Website::Post, university_id: @user.university_id, communication_website_id: managed_websites_ids, author_id: @user.person&.id
+    cannot :publish, Communication::Website::Post
+  end
+end
\ No newline at end of file
--- a/app/models/ability/program_manager.rb
+++ b/app/models/ability/program_manager.rb
+class Ability::ProgramManager < Ability
+
+  def initialize(user)
+    super
+    can :manage, Communication::Block, university_id: @user.university_id, about_type: 'Communication::Website::Post', about_id: Communication::Website::Post.where(university_id: @user.university_id).pluck(:id)
+    can :manage, Communication::Block, university_id: @user.university_id, about_type: 'University::Person', about_id: University::Person.where(university_id: @user.university_id).pluck(:id)
+    can :manage, Communication::Block, university_id: @user.university_id, about_type: 'Education::Program', about_id: managed_programs_ids
+    can :create, Communication::Block
+    can :manage, Communication::Block::Heading, university_id: @user.university_id, about_type: 'Communication::Website::Post', about_id: Communication::Website::Post.where(university_id: @user.university_id).pluck(:id)
+    can :manage, Communication::Block::Heading, university_id: @user.university_id, about_type: 'Education::Program', about_id: managed_programs_ids
+    can :manage, Communication::Block::Heading, university_id: @user.university_id, about_type: 'University::Person', about_id: University::Person.where(university_id: @user.university_id).pluck(:id)
+    can :create, Communication::Block::Heading
+    can :read, Communication::Website, university_id: @user.university_id
+    can :manage, Communication::Website::Post, university_id: @user.university_id
+    can :manage, Education::Program, id: managed_programs_ids
+    can [:read, :children], Education::Program, university_id: @user.university_id
+    cannot :create, Education::Program
+    can :manage, University::Person, university_id: @user.university_id
+    can :manage, University::Person::Involvement, target_type: "Education::Program", target_id: managed_programs_ids
+    can :manage, University::Role, target_type: "Education::Program", target_id: managed_programs_ids
+  end
+
+  protected
+
+  def managed_programs_ids
+    @managed_programs_ids ||= @user.programs_to_manage.pluck(:education_program_id)
+  end
+end
\ No newline at end of file
--- a/app/models/ability/server_admin.rb
+++ b/app/models/ability/server_admin.rb
+class Ability::ServerAdmin < Ability
+
+  def initialize(user)
+    super
+    can :manage, :all
+  end
+end
\ No newline at end of file
--- a/app/models/ability/teacher.rb
+++ b/app/models/ability/teacher.rb
+class Ability::Teacher < Ability
+
+  def initialize(user)
+    super
+    can :manage, Communication::Block, university_id: @user.university_id, about_type: 'Education::Program', about_id: Education::Program.where(university_id: @user.university_id).pluck(:id)
+    can :manage, Communication::Block, university_id: @user.university_id, about_type: 'University::Person', about_id: University::Person.where(university_id: @user.university_id, user_id: @user.id).pluck(:id)
+    can :create, Communication::Block
+    can :manage, Communication::Block::Heading, university_id: @user.university_id, about_type: 'Education::Program', about_id: Education::Program.where(university_id: @user.university_id).pluck(:id)
+    can :manage, Communication::Block::Heading, university_id: @user.university_id, about_type: 'University::Person', about_id: University::Person.where(university_id: @user.university_id, user_id: @user.id).pluck(:id)
+    can :create, Communication::Block::Heading
+    can [:read, :children], Education::Program, university_id: @user.university_id
+    can :manage, University::Person, user_id: @user.id
+    cannot :create, University::Person
+    can :manage, University::Person::Involvement, person_id: @user.person&.id
+    can :read, University::Person::Involvement, university_id: @user.university_id
+    can :read, University::Role, university_id: @user.university_id
+  end
+end
\ No newline at end of file
--- a/app/models/ability/visitor.rb
+++ b/app/models/ability/visitor.rb
+class Ability::Visitor < Ability
+end
\ No newline at end of file
--- a/app/models/ability/website_manager.rb
+++ b/app/models/ability/website_manager.rb
+class Ability::WebsiteManager < Ability
+
+  def initialize(user)
+    super
+    can :manage, Communication::Block, university_id: @user.university_id, about_type: 'Communication::Website::Page', about_id: managed_pages_ids
+    can :manage, Communication::Block, university_id: @user.university_id, about_type: 'Communication::Website::Post', about_id: managed_posts_ids
+    can :manage, Communication::Block, university_id: @user.university_id, about_type: 'University::Organization', about_id: University::Organization.where(university_id: @user.university_id).pluck(:id)
+    can :manage, Communication::Block, university_id: @user.university_id, about_type: 'University::Person', about_id: University::Person.where(university_id: @user.university_id).pluck(:id)
+    can :create, Communication::Block
+    can :manage, Communication::Block::Heading, university_id: @user.university_id, about_type: 'Communication::Website::Page', about_id: managed_pages_ids
+    can :manage, Communication::Block::Heading, university_id: @user.university_id, about_type: 'Communication::Website::Post', about_id: managed_posts_ids
+    can :manage, Communication::Block::Heading, university_id: @user.university_id, about_type: 'University::Organization', about_id: University::Organization.where(university_id: @user.university_id).pluck(:id)
+    can :manage, Communication::Block::Heading, university_id: @user.university_id, about_type: 'University::Person', about_id: University::Person.where(university_id: @user.university_id).pluck(:id)
+    can :create, Communication::Block::Heading
+    can [:read, :analytics], Communication::Website, university_id: @user.university_id, id: managed_websites_ids
+    can :manage, Communication::Website::Category, university_id: @user.university_id, communication_website_id: managed_websites_ids
+    can [:read, :update, :reorder], Communication::Website::Menu, university_id: @user.university_id, communication_website_id: managed_websites_ids
+    can :manage, Communication::Website::Menu::Item, university_id: @user.university_id, website_id: managed_websites_ids
+    can :create, Communication::Website::Menu::Item, university_id: @user.university_id
+    can :manage, Communication::Website::Page, university_id: @user.university_id, communication_website_id: managed_websites_ids
+    can :manage, Communication::Website::Post, university_id: @user.university_id, communication_website_id: managed_websites_ids
+    can :manage, University::Organization, university_id: @user.university_id
+    can :manage, University::Person, university_id: @user.university_id
+    can :manage, University::Person::Category, university_id: @user.university_id
+    can :manage, University::Person::Experience, university_id: @user.university_id
+    can :manage, University::Person::Involvement, university_id: @user.university_id
+  end
+
+  protected
+
+  def managed_pages_ids
+    @managed_pages_ids ||= Communication::Website::Page.where(communication_website_id: managed_websites_ids).pluck(:id)
+  end
+
+  def managed_posts_ids
+    @managed_posts_ids ||= Communication::Website::Post.where(communication_website_id: managed_websites_ids).pluck(:id)
+  end
+end
\ No newline at end of file