1 class Link < OrvosModel
4 include CommonApiTemplate
5 serialize :properties, Hash
6 before_create :permission_to_attach_to_objects
7 before_update :permission_to_attach_to_objects
12 api_accessible :superuser, :extend => :common do |t|
19 t.add :head, :if => :head
20 t.add :tail, :if => :tail
25 @properties ||= Hash.new
31 def permission_to_attach_to_objects
32 # Anonymous users cannot write links
33 return false if !current_user
35 # All users can write links that don't affect permissions
36 return true if self.link_class != 'permission'
38 # Administrators can grant permissions
39 return true if current_user.is_admin
41 # All users can grant permissions on objects they own
42 head_obj = self.class.
43 kind_class(self.head_kind).
44 where('uuid=?',head_uuid).
47 return true if head_obj.owner == current_user.uuid
50 # Users with "can_grant" permission on an object can grant
51 # permissions on that object
52 has_grant_permission = self.class.
53 where('link_class=? AND name=? AND tail_uuid=? AND head_uuid=?',
54 'permission', 'can_grant', current_user.uuid, self.head_uuid).
56 return true if has_grant_permission