Implement the new security mechanism

author: Luke Shumaker <shumakl@purdue.edu> 2014-04-04 20:35:16 -0400
committer: Luke Shumaker <shumakl@purdue.edu> 2014-04-04 20:35:16 -0400
commit: bcfa571b0328a4b3e94479a31c027621ceb86ad5 (patch)
tree: ac662a6e8e6be36b311652520b8bcc2a1511741d /app/models
parent: d6009eddd6f67a9414ff7d707ae82c053e6653ad (diff)
3 files changed, 37 insertions, 38 deletions
diff --git a/app/models/alert.rb b/app/models/alert.rb
index 0516355..9876711 100644
--- a/app/models/alert.rb
+++ b/app/models/alert.rb
@@ -1,3 +1,3 @@
 class Alert < ActiveRecord::Base
-	belongs_to :author
+	belongs_to :author, class_name: "User"
 end
diff --git a/app/models/tournament.rb b/app/models/tournament.rb
index 4483535..ecd551b 100644
--- a/app/models/tournament.rb
+++ b/app/models/tournament.rb
@@ -9,7 +9,7 @@ class Tournament < ActiveRecord::Base
 	end
 
 	def joinable_by?(user)
-		return ((not user.nil?) and user.in_group?(:player) and open? and !players.include?(user))
+		return (open? and user.can?(:join_tournament) and !players.include?(user))
 	end
 
 	def join(user)
diff --git a/app/models/user.rb b/app/models/user.rb
index 016c155..1d0879b 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -11,44 +11,36 @@ class User < ActiveRecord::Base
 		self.permissions = 0
 	end
 
-	def in_group?(group)
-		case group
-		when :admin
-			return ((groups & 2) != 0)
-		when :host
-			return true #((groups & 1) != 0)
-		when :player
-			return true
-		when :specator
-			return true
-		else
+	def can?(action)
+		case action
+		when :create_tournament
+		when :edit_tournament
+		when :join_tournament
+		when :delete_tournament
+
+		when :create_game
+		when :edit_game
+		when :delete_game
+
+		when :create_user
 			return false
-		end
-	end
+		when :edit_user
+		when :delete_user
 
-	def join_groups(join=[])
-		# FIXME: race condition
-		join.each do |group|
-			case group
-			when :admin
-				groups |= 2
-			when :host
-				groups |= 1
-			else
-			end
-		end
-	end
+		when :create_alert
+		when :edit_alert
+		when :delete_alert
 
-	def leave_groups(leave=[])
-		# FIXME: race condition
-		leave.each do |group|
-			case group
-			when :admin
-				groups &= ~ 2
-			when :host
-				groups &= ~ 1
-			else
-			end
+		when :create_pm
+		when :edit_pm
+		when :delete_pm
+
+		when :create_session
+			return false
+		when :delete_session
+
+		else
+			return false
 		end
 	end
 
@@ -96,7 +88,14 @@ class NilUser
 		return true
 	end
 	def can?(action)
-		return false
+		case action
+		when :create_user
+			return true
+		when :create_session
+			return true
+		else
+			return false
+		end
 	end
 	def method_missing(name, *args)
 		# Throw an error if User doesn't have this method
author	Luke Shumaker <shumakl@purdue.edu>	2014-04-04 20:35:16 -0400
committer	Luke Shumaker <shumakl@purdue.edu>	2014-04-04 20:35:16 -0400
commit	bcfa571b0328a4b3e94479a31c027621ceb86ad5 (patch)
tree	ac662a6e8e6be36b311652520b8bcc2a1511741d /app/models
parent	d6009eddd6f67a9414ff7d707ae82c053e6653ad (diff)