iansheridan · November 20, 2010 22:53
diff --git a/role.rb b/role.rb
 class Role
 	include DataMapper::Resource
 	has n, :users, :through => Resource
 	property :id, Serial
 	property :name, String
 	property :short_name, String
 	property :description, Text
 	property :created_at, DateTime
 	property :updated_at, DateTime
 	default_scope(:default).update(:order => [:id]) # set default order
 end
diff --git a/user.rb b/user.rb
 class User
 	include DataMapper::Resource
 	has n, :roles, :through => Resource
 	has 1, :userinfo
 	property :id,     Serial
 	property :login,  String
 	property :full_time, Boolean, :default => true
 	property :rate_mod, Integer, :default => 0
 	property :created_at, DateTime
 	property :updated_at, DateTime
 	validates_is_unique :login

 	# create on the fly the method to handle all the
 	# is_a_superuser?
 	def method_missing(method_id, *args)
 		if match = matches_dynamic_role_check?(method_id)
 			tokenize_roles(match.captures.first).each do |check|
 				return true if roles.collect{|r| r.short_name }.include?(check)
 			end
 			return false
 		else
 			super
 		end
 	end

 	private

 	def matches_dynamic_role_check?(method_id)
 		/^is_an?_([a-zA-Z]\w*)\?$/.match(method_id.to_s)
 	end

 	# might at some point add the _and_ token
 	def tokenize_roles(string_to_split)
 		string_to_split.split(/_or_/)
 	end
 end
diff --git a/user_controller.rb b/user_controller.rb
 class Users < Application
 	# The basic authentication method
 	before :ensure_authenticated
 	# This used to make sure that the user is authorized to do anything in this controller
 	# So take a look at the bottom for the authorization code it's very simple
 	# because of the dynamic user method
 	before :ensure_authorization

 	def index
 		#
 	end

 	def show(id)
 		#
 	end

 	def new
 		#
 	end

 	def edit(id)
 		#
 	end

 	def create(user)
 		#
 	end

 	def update(id, user, userinfo)
 		#
 	end

 	def destroy(id)
 		#
 	end

 	# only allow "user admins" or "super" users to use this controller
 	def ensure_authorization
 		throw(:halt, redirect("/race/home", :message => {:error => "You are not authorized to access that page." })) unless session.user.is_a_user_manager_or_super?
 	end

 end # Users
	class Role
	include DataMapper::Resource
	has n, :users, :through => Resource
	property :id, Serial
	property :name, String
	property :short_name, String
	property :description, Text
	property :created_at, DateTime
	property :updated_at, DateTime
	default_scope(:default).update(:order => [:id]) # set default order
	end
	class User
	include DataMapper::Resource
	has n, :roles, :through => Resource
	has 1, :userinfo
	property :id, Serial
	property :login, String
	property :full_time, Boolean, :default => true
	property :rate_mod, Integer, :default => 0
	property :created_at, DateTime
	property :updated_at, DateTime
	validates_is_unique :login

	# create on the fly the method to handle all the
	# is_a_superuser?
	def method_missing(method_id, *args)
	if match = matches_dynamic_role_check?(method_id)
	tokenize_roles(match.captures.first).each do \|check\|
	return true if roles.collect{\|r\| r.short_name }.include?(check)
	end
	return false
	else
	super
	end
	end

	private

	def matches_dynamic_role_check?(method_id)
	/^is_an?_([a-zA-Z]\w*)\?$/.match(method_id.to_s)
	end

	# might at some point add the _and_ token
	def tokenize_roles(string_to_split)
	string_to_split.split(/_or_/)
	end
	end
	class Users < Application
	# The basic authentication method
	before :ensure_authenticated
	# This used to make sure that the user is authorized to do anything in this controller
	# So take a look at the bottom for the authorization code it's very simple
	# because of the dynamic user method
	before :ensure_authorization

	def index
	#
	end

	def show(id)
	#
	end

	def new
	#
	end

	def edit(id)
	#
	end

	def create(user)
	#
	end

	def update(id, user, userinfo)
	#
	end

	def destroy(id)
	#
	end

	# only allow "user admins" or "super" users to use this controller
	def ensure_authorization
	throw(:halt, redirect("/race/home", :message => {:error => "You are not authorized to access that page." })) unless session.user.is_a_user_manager_or_super?
	end

	end # Users