+ def self.selectable_attributes(template=:user)
+ # Return an array of attribute name strings that can be selected
+ # in the given template.
+ api_accessible_attributes(template).map { |attr_spec| attr_spec.first.to_s }
+ end
+
+ def self.searchable_columns operator
+ textonly_operator = !operator.match(/[<=>]/)
+ self.columns.select do |col|
+ case col.type
+ when :string, :text
+ true
+ when :datetime, :integer, :boolean
+ !textonly_operator
+ else
+ false
+ end
+ end.map(&:name)
+ end
+
+ def self.attribute_column attr
+ self.columns.select { |col| col.name == attr.to_s }.first
+ end
+
+ def self.attributes_required_columns
+ # This method returns a hash. Each key is the name of an API attribute,
+ # and it's mapped to a list of database columns that must be fetched
+ # to generate that attribute.
+ # This implementation generates a simple map of attributes to
+ # matching column names. Subclasses can override this method
+ # to specify that method-backed API attributes need to fetch
+ # specific columns from the database.
+ all_columns = columns.map(&:name)
+ api_column_map = Hash.new { |hash, key| hash[key] = [] }
+ methods.grep(/^api_accessible_\w+$/).each do |method_name|
+ next if method_name == :api_accessible_attributes
+ send(method_name).each_pair do |api_attr_name, col_name|
+ col_name = col_name.to_s
+ if all_columns.include?(col_name)
+ api_column_map[api_attr_name.to_s] |= [col_name]
+ end
+ end
+ end
+ api_column_map
+ end
+
+ def self.columns_for_attributes(select_attributes)
+ # Given an array of attribute names to select, return an array of column
+ # names that must be fetched from the database to satisfy the request.
+ api_column_map = attributes_required_columns
+ select_attributes.flat_map { |attr| api_column_map[attr] }.uniq
+ end
+
+ def self.default_orders
+ ["#{table_name}.modified_at desc", "#{table_name}.uuid"]
+ end
+
+ # If current user can manage the object, return an array of uuids of
+ # users and groups that have permission to write the object. The
+ # first two elements are always [self.owner_uuid, current user's
+ # uuid].
+ #
+ # If current user can write but not manage the object, return
+ # [self.owner_uuid, current user's uuid].
+ #
+ # If current user cannot write this object, just return
+ # [self.owner_uuid].
+ def writable_by
+ return [owner_uuid] if not current_user
+ unless (owner_uuid == current_user.uuid or
+ current_user.is_admin or
+ (current_user.groups_i_can(:manage) & [uuid, owner_uuid]).any?)
+ if ((current_user.groups_i_can(:write) + [current_user.uuid]) &
+ [uuid, owner_uuid]).any?
+ return [owner_uuid, current_user.uuid]
+ else
+ return [owner_uuid]