orbit-basic/app/models/object_auth.rb

class ObjectAuth  < PrototypeAuth
  include OrbitCoreLib::ObjectTokenUtility
  validates_uniqueness_of :title ,:scope => [:obj_authable_type,:obj_authable_id]  #{ |c| }
  belongs_to :obj_authable, polymorphic: true
  after_save :check_user_has_can_access_app
  # > - Something.find_with_auth(query)
  # > - or Something.find(query).auth
  def siblings
    ObjectAuth.where({obj_authable_type: obj_authable_type,title: title})
  end

  def auth_obj
    class_obj = eval(self.obj_authable_type)
    class_obj.find self.obj_authable_id
  end

  def check_user_has_can_access_app
    sub_managing_users = auth_obj.module_app.sub_managing_users rescue []
    module_app =  auth_obj.module_app
    self.auth_users.each do |auth_user|
      if !sub_managing_users.include? auth_user && !auth_user.admin?
         module_app.assign_sub_manager(auth_user,User.current)
         module_app.save
      end
    end
    
  end

end