From 0bbf0b9184641b1cc3848db0484a659cf372e047 Mon Sep 17 00:00:00 2001
From: James Smith <james@floppy.org.uk>
Date: Thu, 29 Aug 2024 13:59:35 +0100
Subject: [PATCH 1/2] add granted_to, for finding objecrt that subjects have
 some permission on

---
 app/models/concerns/caber/object.rb |  8 ++++++++
 spec/models/caber/relation_spec.rb  | 12 ++++++++++++
 2 files changed, 20 insertions(+)

diff --git a/app/models/concerns/caber/object.rb b/app/models/concerns/caber/object.rb
index e1c93af..09fe2af 100644
--- a/app/models/concerns/caber/object.rb
+++ b/app/models/concerns/caber/object.rb
@@ -8,6 +8,14 @@ module Caber::Object
     def self.can_grant_permissions_to(model)
       has_many :"permitted_#{model.name.pluralize.parameterize}", through: :caber_relations, source: :subject, source_type: model.name
     end
+
+    scope :granted_to, ->(permission, subject) {
+                         includes(:caber_relations).where(
+                           "caber_relations.subject_id": subject.id,
+                           "caber_relations.subject_type": subject.class.name,
+                           "caber_relations.permission": permission
+                         )
+                       }
   end
 
   def grant_permission_to(permission, subject)
diff --git a/spec/models/caber/relation_spec.rb b/spec/models/caber/relation_spec.rb
index 7421dbe..a3f936c 100644
--- a/spec/models/caber/relation_spec.rb
+++ b/spec/models/caber/relation_spec.rb
@@ -45,6 +45,14 @@
     it "includes Alice in a list of users with viewer permission for the object" do
       expect(object.permitted_users.with_permission("viewer")).to include alice
     end
+
+    it "can get a list of objects that Alice has permission on" do
+      expect(Document.granted_to("viewer", alice)).to include object
+    end
+
+    it "can get a list of objects that Alice one of many permissions on" do
+      expect(Document.granted_to(["viewer", "owner"], alice)).to include object
+    end
   end
 
   context "with multiple objects" do
@@ -61,6 +69,10 @@
     it "does not include second (ungranted) object in Alices permitted object list" do
       expect(alice.permitted_documents.with_permission("viewer")).not_to include object_two
     end
+
+    it "does not include second object in list of objects that Alice has permission on" do
+      expect(Document.granted_to("viewer", alice)).not_to include object_two
+    end
   end
 
   context "checking more than one permission at once" do

From 250df07df709743e700764e5e9cb19ec111c0257 Mon Sep 17 00:00:00 2001
From: James Smith <james@floppy.org.uk>
Date: Thu, 29 Aug 2024 14:03:05 +0100
Subject: [PATCH 2/2] add granted_to details to README

---
 README.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/README.md b/README.md
index 3dafd63..10436c1 100644
--- a/README.md
+++ b/README.md
@@ -114,6 +114,14 @@ document.revoke_permission("viewer", user)
 document.revoke_all_permissions(user)
 ```
 
+### Finding objects
+
+You can get lists of objects that a user has some permission on:
+
+```
+Document.granted_to "viewer", user
+# => All the documents that user has "viewer" permission on
+```
 
 ## Development