1 |
use strict; |
2 |
use warnings; |
3 |
|
4 |
package SQLSession::Model::Query; |
5 |
use Jifty::DBI::Schema; |
6 |
use SQLSession::Model::Database; |
7 |
use SQLSession::Model::User; |
8 |
use Scalar::Defer; |
9 |
|
10 |
use SQLSession::Record schema { |
11 |
column name => |
12 |
type is 'text', |
13 |
label is 'Name of query', |
14 |
is distinct, |
15 |
hints is 'Short name for this query', |
16 |
is not_null; |
17 |
|
18 |
column sql_query => |
19 |
type is 'text', |
20 |
label is 'SQL query', |
21 |
is not_null, |
22 |
hints is 'Use this area to enter SQL query', |
23 |
render as 'textarea'; |
24 |
|
25 |
column on_database => |
26 |
refers_to SQLSession::Model::Database by 'id', |
27 |
label is 'on database', |
28 |
is not_null; |
29 |
|
30 |
column note => |
31 |
type is 'text', |
32 |
label is 'Note', |
33 |
render as 'textarea', |
34 |
since '0.0.2'; |
35 |
|
36 |
column visible => |
37 |
type is 'boolean', |
38 |
default is 1, |
39 |
is indexed, |
40 |
since '0.0.3'; |
41 |
|
42 |
column owner => |
43 |
refers_to SQLSession::Model::User by 'id', |
44 |
label is 'Query owner', |
45 |
default is defer { Jifty->web->current_user->id || 0 }, |
46 |
since '0.0.6'; |
47 |
|
48 |
column created_on => |
49 |
type is 'timestamp', |
50 |
label is 'Created On', |
51 |
default is defer { DateTime->now }, |
52 |
filters are 'Jifty::DBI::Filter::DateTime', |
53 |
since '0.0.6'; |
54 |
|
55 |
column parent => |
56 |
refers_to SQLSession::Model::Query by 'id', |
57 |
label is 'Originator query', |
58 |
is indexed, |
59 |
since '0.0.7'; |
60 |
|
61 |
}; |
62 |
|
63 |
sub since { '0.0.1' } |
64 |
|
65 |
# Your model-specific methods go here. |
66 |
|
67 |
sub current_user_can { |
68 |
my $self = shift; |
69 |
|
70 |
my ($action,$item,$name) = @_; |
71 |
|
72 |
# warn "current_user_can $action | $item | ", $name ? $name : 'NO NAME', "\n"; |
73 |
|
74 |
# prevent deep recursion for next rule |
75 |
if ( $action && $item && $action eq 'read' && $item eq 'column' ) { |
76 |
# return 1 if !defined($name); # special case for my group by query -- might be security hole! |
77 |
return 1 if ( $name && $name =~ m/^(owner|visible)$/ ); |
78 |
} |
79 |
|
80 |
if ( $self->visible || $self->owner == $self->current_user->id ) { |
81 |
return 1; |
82 |
}; |
83 |
|
84 |
return 1 if ( $self->visible && $self->current_user->role('edit')); |
85 |
return 1 if ( $action eq 'create' && $self->current_user->role('edit')); |
86 |
|
87 |
return 1 if ( $self->current_user->is_superuser ); |
88 |
|
89 |
return 0; |
90 |
} |
91 |
|
92 |
1; |
93 |
|