attr_protected :modified_at
before_create :ensure_permission_to_create
before_update :ensure_permission_to_update
+ before_destroy :ensure_permission_to_destroy
before_create :update_modified_by_fields
before_update :maybe_update_modified_by_fields
validate :ensure_serialized_attribute_type
has_many :permissions, :foreign_key => :head_uuid, :class_name => 'Link', :primary_key => :uuid, :conditions => "link_class = 'permission'"
class PermissionDeniedError < StandardError
+ def http_status
+ 403
+ end
+ end
+
+ class UnauthorizedError < StandardError
+ def http_status
+ 401
+ end
end
def self.kind_class(kind)
"#{current_api_base}/#{self.class.to_s.pluralize.underscore}/#{self.uuid}"
end
+ def self.searchable_columns
+ self.columns.collect do |col|
+ if [:string, :text].index(col.type) && col.name != 'owner_uuid'
+ col.name
+ end
+ end.compact
+ end
+
def eager_load_associations
self.class.columns.each do |col|
re = col.name.match /^(.*)_kind$/
end
end
+ def ensure_permission_to_destroy
+ raise PermissionDeniedError unless permission_to_destroy
+ end
+
+ def permission_to_destroy
+ permission_to_update
+ end
+
def maybe_update_modified_by_fields
update_modified_by_fields if self.changed?
end