consul/nairobi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
398dbd0583e8ab57e5655ab1ef2b3ef1e63d144f
nairobi/app/models/abilities/administrator.rb
Javi Martín a71f4d87f8 Add an interface to manage tenants 
Note we aren't allowing to delete a tenant because it would delete all
its data, so this action is a very dangerous one. We might need to add a
warning when creating a tenant, indicating the tenant cannot be
destroyed. We can also add an action to delete a tenant which forces the
admin to write the name of the tenant before deleting it and with a big
warning about the danger of this operation.

For now, we're letting administrators of the "main" (default) tenant to
create other tenants. However, we're only allowing to manage tenants
when the multitenancy configuration option is enabled. This way the
interface won't get in the way on single-tenant applications.

We've thought about creating a new role to manage tenants or a new URL
out of the admin area. We aren't doing so for simplicity purposes and
because we want to keep CONSUL working the same way it has for
single-tenant installations, but we might change it in the future.
There's also the fact that by default we create one user with a known
password, and if by default we create a new role and a new user to
handle tenants, the chances of people forgetting to change the password
of one of these users increases dramatically, particularly if they
aren't using multitenancy.
2022-11-09 18:19:20 +01:00

144 lines
5.2 KiB
Ruby
Raw Blame History

module Abilities
class Administrator
include CanCan::Ability
def initialize(user)
merge Abilities::Moderation.new(user)
merge Abilities::SDG::Manager.new(user)
can :restore, Comment
cannot :restore, Comment, hidden_at: nil
can :restore, Debate
cannot :restore, Debate, hidden_at: nil
can :restore, Proposal
cannot :restore, Proposal, hidden_at: nil
can :create, Legislation::Proposal
can :show, Legislation::Proposal
can :proposals, ::Legislation::Process
can :restore, Legislation::Proposal
cannot :restore, Legislation::Proposal, hidden_at: nil
can :restore, Budget::Investment
cannot :restore, Budget::Investment, hidden_at: nil
can :restore, User
cannot :restore, User, hidden_at: nil
can :confirm_hide, Comment
cannot :confirm_hide, Comment, hidden_at: nil
can :confirm_hide, Debate
cannot :confirm_hide, Debate, hidden_at: nil
can :confirm_hide, Proposal
cannot :confirm_hide, Proposal, hidden_at: nil
can :confirm_hide, Legislation::Proposal
cannot :confirm_hide, Legislation::Proposal, hidden_at: nil
can :confirm_hide, Budget::Investment
cannot :confirm_hide, Budget::Investment, hidden_at: nil
can :confirm_hide, User
cannot :confirm_hide, User, hidden_at: nil
can :mark_featured, Debate
can :unmark_featured, Debate
can :comment_as_administrator, [Debate, Comment, Proposal, Poll, Poll::Question, Budget::Investment,
Legislation::Question, Legislation::Proposal, Legislation::Annotation, Topic]
can [:search, :create, :index, :destroy, :update], ::Administrator
can [:search, :create, :index, :destroy], ::Moderator
can [:search, :show, :update, :create, :index, :destroy, :summary], ::Valuator
can [:search, :create, :index, :destroy], ::Manager
can [:create, :read, :destroy], ::SDG::Manager
can [:search, :index], ::User
can :manage, Dashboard::Action
can [:index, :read, :create, :update, :destroy], Budget
can :publish, Budget, id: Budget.drafting.ids
can :calculate_winners, Budget, &:reviewing_ballots?
can :read_results, Budget do |budget|
budget.balloting_finished? && budget.has_winning_investments?
end
can [:read, :create, :update, :destroy], Budget::Group
can [:read, :create, :update, :destroy], Budget::Heading
can [:hide, :admin_update, :toggle_selection], Budget::Investment
can [:valuate, :comment_valuation], Budget::Investment
cannot [:admin_update, :toggle_selection, :valuate, :comment_valuation],
Budget::Investment, budget: { phase: "finished" }
can :create, Budget::ValuatorAssignment
can :read_admin_stats, Budget, &:balloting_or_later?
can [:search, :update, :create, :index, :destroy], Banner
can [:index, :create, :update, :destroy], Geozone
can [:read, :create, :update, :destroy, :booth_assignments], Poll
can [:read, :create, :update, :destroy, :available], Poll::Booth
can [:search, :create, :index, :destroy], ::Poll::Officer
can [:create, :destroy, :manage], ::Poll::BoothAssignment
can [:create, :destroy], ::Poll::OfficerAssignment
can :read, Poll::Question
can [:create], Poll::Question do |question|
question.poll.blank? || !question.poll.started?
end
can [:update, :destroy], Poll::Question do |question|
!question.poll.started?
end
can [:read, :order_answers], Poll::Question::Answer
can [:create, :update, :destroy], Poll::Question::Answer do |answer|
can?(:update, answer.question)
end
can :read, Poll::Question::Answer::Video
can [:create, :update, :destroy], Poll::Question::Answer::Video do |video|
can?(:update, video.answer)
end
can [:destroy], Image do |image|
image.imageable_type == "Poll::Question::Answer" && can?(:update, image.imageable)
end
can :manage, SiteCustomization::Page
can :manage, SiteCustomization::Image
can :manage, SiteCustomization::ContentBlock
can :manage, Widget::Card
can :access, :ckeditor
can :manage, Ckeditor::Picture
can [:read, :debate, :draft_publication, :allegations, :result_publication,
:milestones], Legislation::Process
can [:create, :update, :destroy], Legislation::Process
can [:manage], ::Legislation::DraftVersion
can [:manage], ::Legislation::Question
can [:manage], ::Legislation::Proposal
cannot :comment_as_moderator, [::Legislation::Question, Legislation::Annotation, ::Legislation::Proposal]
can [:create], Document
can [:destroy], Document do |document|
document.documentable_type == "Poll::Question::Answer" && can?(:update, document.documentable)
end
can [:create, :destroy], DirectUpload
can [:deliver], Newsletter, hidden_at: nil
can [:manage], Dashboard::AdministratorTask
can :manage, LocalCensusRecord
can [:create, :read], LocalCensusRecords::Import
if Rails.application.config.multitenancy && Tenant.default?
can [:create, :read, :update], Tenant
end
end
end
end
Reference in New Issue View Git Blame Copy Permalink