SQLSession/Model/Query.pm

use strict;
use warnings;

package SQLSession::Model::Query;
use Jifty::DBI::Schema;
use SQLSession::Model::Database;
use SQLSession::Model::User;
use Scalar::Defer;

use SQLSession::Record schema {
        column name =>
                type is 'text',
                label is 'Name of query',
                distinct,
                hints is 'Short name for this query',
                mandatory;

        column sql_query =>
                type is 'text',
                label is 'SQL query',
                mandatory,
                distinct,
                hints is 'Use this area to enter SQL query',
                render as 'textarea';
        
        column on_database =>
                refers_to SQLSession::Model::Database by 'id',
                label is 'on database',
                mandatory;
        
        column note =>
                type is 'text',
                label is 'Note',
                render as 'textarea',
                since '0.0.2';
        
        column visible =>
                type is 'boolean',
                default is 1,
                indexed,
                since '0.0.3';

        column owner =>
                refers_to SQLSession::Model::User by 'id',
                label is 'Query owner',
                default is defer { Jifty->web->current_user->id || 0 },
                since '0.0.6';

        column created_on =>
                type is 'timestamp',
                label is 'Created On',
                default is defer { DateTime->now },
                filters are 'Jifty::DBI::Filter::DateTime',
                since '0.0.6';
        
        column parent =>
                refers_to SQLSession::Model::Query by 'id',
                label is 'Originator query',
                indexed,
                since '0.0.7';

};

sub since { '0.0.1' }

# Your model-specific methods go here.

sub current_user_can {
        my $self = shift;

        my ($action,$item,$name) = @_;

#       warn "current_user_can $action | $item | ", $name ? $name : 'NO NAME', "\n";

        # prevent deep recursion for next rule
        if ( $action && $item && $action eq 'read' && $item eq 'column' ) {
#               return 1 if !defined($name);    # special case for my group by query -- might be security hole!
                return 1 if ( $name && $name =~ m/^(owner|visible)$/ );
        }

        if ( $self->visible || $self->owner == $self->current_user->id ) {
                return 1;
        };

        return 1 if ( $self->visible && $self->current_user->role('edit'));
        return 1 if ( $action eq 'create' && $self->current_user->role('edit'));

        return 1 if ( $self->current_user->is_superuser );

        return 0;
}

1;

1	use strict;
2	use warnings;
3
4	package SQLSession::Model::Query;
5	use Jifty::DBI::Schema;
6	use SQLSession::Model::Database;
7	use SQLSession::Model::User;
8	use Scalar::Defer;
9
10	use SQLSession::Record schema {
11	column name =>
12	type is 'text',
13	label is 'Name of query',
14	distinct,
15	hints is 'Short name for this query',
16	mandatory;
17
18	column sql_query =>
19	type is 'text',
20	label is 'SQL query',
21	mandatory,
22	distinct,
23	hints is 'Use this area to enter SQL query',
24	render as 'textarea';
25
26	column on_database =>
27	refers_to SQLSession::Model::Database by 'id',
28	label is 'on database',
29	mandatory;
30
31	column note =>
32	type is 'text',
33	label is 'Note',
34	render as 'textarea',
35	since '0.0.2';
36
37	column visible =>
38	type is 'boolean',
39	default is 1,
40	indexed,
41	since '0.0.3';
42
43	column owner =>
44	refers_to SQLSession::Model::User by 'id',
45	label is 'Query owner',
46	default is defer { Jifty->web->current_user->id \|\| 0 },
47	since '0.0.6';
48
49	column created_on =>
50	type is 'timestamp',
51	label is 'Created On',
52	default is defer { DateTime->now },
53	filters are 'Jifty::DBI::Filter::DateTime',
54	since '0.0.6';
55
56	column parent =>
57	refers_to SQLSession::Model::Query by 'id',
58	label is 'Originator query',
59	indexed,
60	since '0.0.7';
61
62	};
63
64	sub since { '0.0.1' }
65
66	# Your model-specific methods go here.
67
68	sub current_user_can {
69	my $self = shift;
70
71	my ($action,$item,$name) = @_;
72
73	# warn "current_user_can $action \| $item \| ", $name ? $name : 'NO NAME', "\n";
74
75	# prevent deep recursion for next rule
76	if ( $action && $item && $action eq 'read' && $item eq 'column' ) {
77	# return 1 if !defined($name); # special case for my group by query -- might be security hole!
78	return 1 if ( $name && $name =~ m/^(owner\|visible)$/ );
79	}
80
81	if ( $self->visible \|\| $self->owner == $self->current_user->id ) {
82	return 1;
83	};
84
85	return 1 if ( $self->visible && $self->current_user->role('edit'));
86	return 1 if ( $action eq 'create' && $self->current_user->role('edit'));
87
88	return 1 if ( $self->current_user->is_superuser );
89
90	return 0;
91	}
92
93	1;
94