2019-09-16 14:39:47 +02:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
# Check the access policies for API::SettingsController
|
2016-03-23 18:39:41 +01:00
|
|
|
class SettingPolicy < ApplicationPolicy
|
2020-06-08 15:08:07 +02:00
|
|
|
# Defines the scope of the settings index, depending on the role of the current user
|
|
|
|
class Scope < Scope
|
|
|
|
def resolve
|
|
|
|
if user.nil? || (user && !user.admin?)
|
|
|
|
scope.where.not(name: SettingPolicy.public_blacklist)
|
|
|
|
else
|
|
|
|
scope
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2020-01-22 11:53:40 +01:00
|
|
|
%w[update bulk_update reset].each do |action|
|
2016-03-23 18:39:41 +01:00
|
|
|
define_method "#{action}?" do
|
2019-01-14 12:57:31 +01:00
|
|
|
user.admin?
|
2016-03-23 18:39:41 +01:00
|
|
|
end
|
|
|
|
end
|
2020-06-08 15:08:07 +02:00
|
|
|
|
|
|
|
def show?
|
|
|
|
user&.admin? || SettingPolicy.public_whitelist.include?(record.name)
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_present?
|
2020-06-15 16:56:43 +02:00
|
|
|
user&.admin? || SettingPolicy.public_whitelist.concat(%w[openlab_app_secret stripe_secret_key]).include?(record.name)
|
2020-06-08 15:08:07 +02:00
|
|
|
end
|
|
|
|
|
|
|
|
##
|
2022-01-04 15:27:58 +01:00
|
|
|
# List of settings that anyone can read. The other settings are restricted for admins.
|
2020-06-08 15:08:07 +02:00
|
|
|
# This list must be manually updated if a new setting should be world-readable
|
|
|
|
##
|
|
|
|
def self.public_whitelist
|
|
|
|
%w[about_title about_body about_contacts privacy_body privacy_dpo twitter_name home_blogpost machine_explications_alert
|
|
|
|
training_explications_alert training_information_message subscription_explications_alert booking_window_start
|
2021-06-10 10:39:42 +02:00
|
|
|
booking_window_end booking_move_enable booking_move_delay booking_cancel_enable booking_cancel_delay
|
2020-06-08 15:08:07 +02:00
|
|
|
fablab_name name_genre event_explications_alert space_explications_alert link_name home_content phone_required
|
|
|
|
tracking_id book_overlapping_slots slot_duration events_in_calendar spaces_module plans_module invoicing_module
|
2020-06-08 17:45:43 +02:00
|
|
|
recaptcha_site_key feature_tour_display disqus_shortname allowed_cad_extensions openlab_app_id openlab_default
|
2021-04-09 12:09:54 +02:00
|
|
|
online_payment_module stripe_public_key confirmation_required wallet_module trainings_module address_required
|
2021-09-20 19:43:05 +02:00
|
|
|
payment_gateway payzen_endpoint payzen_public_key public_agenda_module renew_pack_threshold statistics_module
|
2022-05-11 15:45:49 +02:00
|
|
|
pack_only_for_subscription overlapping_categories public_registrations facebook twitter viadeo linkedin instagram
|
2022-03-18 19:44:30 +01:00
|
|
|
youtube vimeo dailymotion github echosciences pinterest lastfm flickr machines_module user_change_group
|
2022-12-06 16:08:38 +01:00
|
|
|
user_validation_required user_validation_required_list store_module store_withdrawal_instructions store_hidden
|
2023-01-26 09:48:37 +01:00
|
|
|
external_id machines_banner_active machines_banner_text machines_banner_cta_active machines_banner_cta_label
|
|
|
|
machines_banner_cta_url trainings_banner_active trainings_banner_text trainings_banner_cta_active trainings_banner_cta_label
|
2023-01-26 11:11:38 +01:00
|
|
|
trainings_banner_cta_url events_banner_active events_banner_text events_banner_cta_active events_banner_cta_label
|
2023-07-03 14:32:35 +02:00
|
|
|
events_banner_cta_url projects_list_member_filter_presence projects_list_date_filters_presence
|
2023-03-31 14:44:37 +02:00
|
|
|
project_categories_filter_placeholder project_categories_wording family_account]
|
2020-06-08 15:08:07 +02:00
|
|
|
end
|
|
|
|
|
|
|
|
##
|
2022-01-04 15:27:58 +01:00
|
|
|
# List of settings that only admins can read.
|
2020-06-08 15:08:07 +02:00
|
|
|
# This blacklist is automatically generated from the public_whitelist above.
|
|
|
|
##
|
|
|
|
def self.public_blacklist
|
2022-09-27 11:14:27 +02:00
|
|
|
Setting.validators.detect { |v| v.instance_of?(ActiveModel::Validations::InclusionValidator) && v.attributes.include?(:name) }
|
2020-06-08 15:08:07 +02:00
|
|
|
.options[:in] - SettingPolicy.public_whitelist
|
|
|
|
end
|
2016-03-23 18:39:41 +01:00
|
|
|
end
|