1 class Metadatum < OrvosModel
4 include CommonApiTemplate
6 before_create :permission_to_attach_to_objects
7 before_update :permission_to_attach_to_objects
9 api_accessible :superuser, :extend => :common do |t|
26 def permission_to_attach_to_objects
27 # Anonymous users cannot write metadata
28 return false if !current_user
30 # All users can write metadata that doesn't affect permissions
31 return true if self.metadata_class != 'permission'
33 # Administrators can grant permissions
34 return true if current_user.is_admin
36 # All users can grant permissions on objects they own
37 head_obj = self.class.
38 kind_class(self.head_kind).
39 where('uuid=?',head_uuid).
42 return true if head_obj.owner == current_user.uuid
45 # Users with "can_grant" permission on an object can grant
46 # permissions on that object
47 has_grant_permission = self.class.
48 where('metadata_class=? AND name=? AND tail=? AND head=?',
49 'permission', 'can_grant', current_user.uuid, self.head).
51 return true if has_grant_permission