Simplify front-end ACL code

Simplify the front-end code that transforms annotation permissions objects into ACLs. Since the front-end does not have to be exposed to the system principals and special "all" grant used by Pyramid it only needs to have special handling of the "group:__world__" principal; others are unused.

Simplify front-end ACL code
Simplify the front-end code that transforms annotation permissions objects into ACLs. Since the front-end does not have to be exposed to the system principals and special "all" grant used by Pyramid it only needs to have special handling of the "group:__world__" principal; others are unused.
f78319e5 · Randall Leeds · 3dec0f11 · f78319e5
Commit f78319e5 authored Jan 19, 2015 by Randall Leeds
Show whitespace changes
Inline Side-by-side

Showing with 19 additions and 36 deletions

permissions-service.coffee h/static/scripts/permissions-service.coffee +19 -36

No files found.
--- a/h/static/scripts/permissions-service.coffee
+++ b/h/static/scripts/permissions-service.coffee
@@ -7,9 +7,13 @@
 # offers some utility functions regarding those.
 ###
 class Permissions
+  ALL_PERMISSIONS = {}
  GROUP_WORLD = 'group:__world__'
-  EVERYONE = 'Everyone'
+  ADMIN_PARTY = [{
-  ALL_PERMISSIONS = 'ALL_PERMISSIONS'
+    allow: true
+    principal: GROUP_WORLD
+    action: ALL_PERMISSIONS
+  }]
  this.$inject = ['auth']
  constructor:    (auth) ->
@@ -68,38 +72,17 @@ class Permissions
  # Creates access-level-control object list
  _acl = (context) ->
-    acl = []
+    parts =
      for action, roles of context.permissions or []
        for role in roles
-        allow = true
+          allow: true
-        if role.indexOf('group:') is 0
+          principal: role
-          if role == GROUP_WORLD
-            principal = EVERYONE
-          else
-            # unhandled group
-            allow = false
-            principal = role
-        else
-          if role.indexOf('acct:') is 0
-            principal = role
-          else
-            allow = false
-            principal = role
-        acl.push
-          allow: allow
-          principal: principal
          action: action
-    if acl.length
+    if parts.length
-      acl
+      acl = Array::concat parts...
    else
-      return [
+      acl = ADMIN_PARTY
-        allow: true
-        principal: EVERYONE
-        action: ALL_PERMISSIONS
-      ]
  ###*
  # @ngdoc method
@@ -112,14 +95,14 @@ class Permissions
  # User access-level-control function
  ###
  permits: (action, context, user) ->
-    acls = _acl context
+    acl = _acl context
-    for acl in acls
+    for ace in acl
-      if acl.principal not in [user, EVERYONE]
+      if ace.principal not in [user, GROUP_WORLD]
        continue
-      if acl.action not in [action, ALL_PERMISSIONS]
+      if ace.action not in [action, ALL_PERMISSIONS]
        continue
-      return acl.allow
+      return ace.allow
    false