1 |
use strict; |
2 |
use warnings; |
3 |
|
4 |
package SQLSession::Model::Query; |
5 |
use Jifty::DBI::Schema; |
6 |
use SQLSession::Model::Database; |
7 |
use SQLSession::Model::User; |
8 |
use Scalar::Defer; |
9 |
|
10 |
use SQLSession::Record schema { |
11 |
column name => |
12 |
type is 'text', |
13 |
label is 'Name of query', |
14 |
distinct, |
15 |
hints is 'Short name for this query', |
16 |
mandatory; |
17 |
|
18 |
column sql_query => |
19 |
type is 'text', |
20 |
label is 'SQL query', |
21 |
mandatory, |
22 |
distinct, |
23 |
hints is 'Use this area to enter SQL query', |
24 |
render as 'textarea'; |
25 |
|
26 |
column on_database => |
27 |
refers_to SQLSession::Model::Database by 'id', |
28 |
label is 'on database', |
29 |
mandatory; |
30 |
|
31 |
column note => |
32 |
type is 'text', |
33 |
label is 'Note', |
34 |
render as 'textarea', |
35 |
since '0.0.2'; |
36 |
|
37 |
column visible => |
38 |
type is 'boolean', |
39 |
default is 1, |
40 |
indexed, |
41 |
since '0.0.3'; |
42 |
|
43 |
column owner => |
44 |
refers_to SQLSession::Model::User by 'id', |
45 |
label is 'Query owner', |
46 |
default is defer { Jifty->web->current_user->id || 0 }, |
47 |
since '0.0.6'; |
48 |
|
49 |
column created_on => |
50 |
type is 'timestamp', |
51 |
label is 'Created On', |
52 |
default is defer { DateTime->now }, |
53 |
filters are 'Jifty::DBI::Filter::DateTime', |
54 |
since '0.0.6'; |
55 |
}; |
56 |
|
57 |
# Your model-specific methods go here. |
58 |
|
59 |
sub current_user_can { |
60 |
my $self = shift; |
61 |
|
62 |
my ($action,$item,$name) = @_; |
63 |
|
64 |
# warn "current_user_can $action | $item | ", $name ? $name : 'NO NAME', "\n"; |
65 |
|
66 |
# prevent deep recursion for next rule |
67 |
if ( $action && $item && $action eq 'read' && $item eq 'column' ) { |
68 |
# return 1 if !defined($name); # special case for my group by query -- might be security hole! |
69 |
return 1 if ( $name && $name =~ m/^(owner|visible)$/ ); |
70 |
} |
71 |
|
72 |
if ( $self->visible || $self->owner == $self->current_user->id ) { |
73 |
return 1; |
74 |
}; |
75 |
|
76 |
return 1 if ( $self->visible && $self->current_user->role('edit')); |
77 |
return 1 if ( $action eq 'create' && $self->current_user->role('edit')); |
78 |
|
79 |
return 1 if ( $self->current_user->is_superuser ); |
80 |
|
81 |
return 0; |
82 |
} |
83 |
|
84 |
1; |
85 |
|