adminbruno
/
docuseal
mirror of https://github.com/docusealco/docuseal
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '920644213e'
${ noResults }
docuseal/lib/ability.rb

51 lines
2.0 KiB
Raw Blame History

# frozen_string_literal: true
class Ability
include CanCan::Ability
def initialize(user)
# Existing DocuSeal permissions (unchanged)
can %i[read create update], Template, Abilities::TemplateConditions.collection(user) do |template|
Abilities::TemplateConditions.entity(template, user:, ability: 'manage')
end
can :destroy, Template, account_id: user.account_id
can :manage, TemplateFolder, account_id: user.account_id
can :manage, TemplateSharing, template: { account_id: user.account_id }
can :manage, Submission, account_id: user.account_id
can :manage, Submitter, account_id: user.account_id
can :manage, User, account_id: user.account_id
can :manage, EncryptedConfig, account_id: user.account_id
can :manage, EncryptedUserConfig, user_id: user.id
can :manage, AccountConfig, account_id: user.account_id
can :manage, UserConfig, user_id: user.id
can :manage, Account, id: user.account_id
can :manage, AccessToken, user_id: user.id
can :manage, WebhookUrl, account_id: user.account_id
# FloDoc Institution Management Permissions
# Layer 2: Model-level authorization
# Super Admin Permissions
if user.cohort_super_admin?
can :manage, Institution, id: user.managed_institutions.select(:id)
can :manage, Cohort, institution_id: user.managed_institutions.select(:id)
can :manage, Sponsor, institution_id: user.managed_institutions.select(:id)
can :manage, CohortAdminInvitation, institution_id: user.managed_institutions.select(:id)
can :read, SecurityEvent, user_id: user.id
end
# Regular Admin Permissions
if user.cohort_admin?
can :read, Institution, id: user.institutions.select(:id)
can :manage, Cohort, institution_id: user.institutions.select(:id)
can :read, Sponsor, institution_id: user.institutions.select(:id)
end
# Security Event Access (for monitoring)
can :read, SecurityEvent do |event|
event.user_id == user.id || user.cohort_super_admin?
end
end
end
Reference in new issue View Git Blame Copy Permalink