/src/models/m_acl.erl

http://github.com/zotonic/zotonic · Erlang · 79 lines · 44 code · 10 blank · 25 comment · 7 complexity · 1c8269e5d263caf4ec10b7e1a9794706 MD5 · raw file

  1. %% @author Marc Worrell <marc@worrell.nl>
  2. %% @copyright 2009 Marc Worrell
  3. %% Date: 2009-04-27
  4. %%
  5. %% @doc Template access for access control functions and state
  6. %% Copyright 2009 Marc Worrell
  7. %%
  8. %% Licensed under the Apache License, Version 2.0 (the "License");
  9. %% you may not use this file except in compliance with the License.
  10. %% You may obtain a copy of the License at
  11. %%
  12. %% http://www.apache.org/licenses/LICENSE-2.0
  13. %%
  14. %% Unless required by applicable law or agreed to in writing, software
  15. %% distributed under the License is distributed on an "AS IS" BASIS,
  16. %% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  17. %% See the License for the specific language governing permissions and
  18. %% limitations under the License.
  19. -module(m_acl).
  20. -author("Marc Worrell <marc@worrell.nl").
  21. -behaviour(gen_model).
  22. %% interface functions
  23. -export([
  24. m_find_value/3,
  25. m_to_list/2,
  26. m_value/2
  27. ]).
  28. -include_lib("zotonic.hrl").
  29. %% @doc Fetch the value for the key from a model source
  30. %% @spec m_find_value(Key, Source, Context) -> term()
  31. m_find_value(user, #m{value=undefined}, Context) ->
  32. z_acl:user(Context);
  33. m_find_value(is_admin, #m{value=undefined}, Context) ->
  34. z_acl:is_admin(Context);
  35. m_find_value(authenticated, #m{value=undefined} = M, _Context) ->
  36. M#m{value=authenticated};
  37. m_find_value(Action, #m{value=Auth} = M, _Context)
  38. when (Action == use orelse Action == admin orelse Action == view
  39. orelse Action == delete orelse Action == update orelse Action == insert
  40. orelse Action == link), (Auth =:= undefined orelse Auth =:= authenticated) ->
  41. M#m{value={is_allowed, Action, Auth}};
  42. m_find_value(is_allowed, #m{value=Auth} = M, _Context) when Auth =:= undefined; Auth =:= authenticated ->
  43. M#m{value={is_allowed, Auth}};
  44. m_find_value(Action, #m{value={is_allowed, Auth}} = M, _Context) ->
  45. M#m{value={is_allowed, Action, Auth}};
  46. m_find_value(Object, #m{value={is_allowed, Action, authenticated}}, Context) when is_binary(Object) ->
  47. Context1 = case z_notifier:first(#acl_context_authenticated{}, Context) of
  48. undefined -> Context;
  49. Ctx -> Ctx
  50. end,
  51. z_acl:is_allowed(Action, z_convert:to_atom(Object), Context1);
  52. m_find_value(Object, #m{value={is_allowed, Action, undefined}}, Context) when is_binary(Object) ->
  53. z_acl:is_allowed(Action, z_convert:to_atom(Object), Context);
  54. m_find_value(Object, #m{value={is_allowed, Action, authenticated}}, Context) ->
  55. Context1 = case z_notifier:first(#acl_context_authenticated{}, Context) of
  56. undefined -> Context;
  57. Ctx -> Ctx
  58. end,
  59. z_acl:is_allowed(Action, Object, Context1);
  60. m_find_value(Object, #m{value={is_allowed, Action, undefined}}, Context) ->
  61. z_acl:is_allowed(Action, Object, Context).
  62. %% @doc Transform a m_config value to a list, used for template loops
  63. %% @spec m_to_list(Source, Context) -> List
  64. m_to_list(_, _Context) ->
  65. [].
  66. %% @doc Transform a model value so that it can be formatted or piped through filters
  67. %% @spec m_value(Source, Context) -> term()
  68. m_value(#m{value=undefined}, _Context) ->
  69. undefined.