Module: AccessGranted::Policy

Defined in:

lib/access-granted/policy.rb

Instance Attribute Summary

• #roles ⇒ Object

  Returns the value of attribute roles.

Instance Method Summary

• #authorize!(action, subject) ⇒ Object
• #can?(action, subject) ⇒ Boolean
• #cannot?(*args) ⇒ Boolean
• #configure(user) ⇒ Object
• #initialize(user) ⇒ Object
• #match_roles(user) ⇒ Object
• #role(name, conditions_or_klass = nil, conditions = nil, &block) ⇒ Object

Instance Attribute Details

#roles ⇒ Object

Returns the value of attribute roles.

# File 'lib/access-granted/policy.rb', line 3

def roles
  @roles
end

Instance Method Details

#authorize!(action, subject) ⇒ Object

# File 'lib/access-granted/policy.rb', line 49

def authorize!(action, subject)
  if cannot?(action, subject)
    raise AccessDenied
  end
  subject
end

#can?(action, subject) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/access-granted/policy.rb', line 31

def can?(action, subject)
  match_roles(@user).each do |role|
    permission = role.find_permission(action, subject)
    return permission.granted if permission
  end
  false
end

#cannot?(*args) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/access-granted/policy.rb', line 39

def cannot?(*args)
  !can?(*args)
end

#configure(user) ⇒ Object

# File 'lib/access-granted/policy.rb', line 12

def configure(user)
end

#initialize(user) ⇒ Object

# File 'lib/access-granted/policy.rb', line 5

def initialize(user)
  @user          = user
  @roles         = []
  @last_priority = 0
  configure(@user)
end

#match_roles(user) ⇒ Object

# File 'lib/access-granted/policy.rb', line 43

def match_roles(user)
  roles.select do |role|
    role.applies_to?(user)
  end
end

#role(name, conditions_or_klass = nil, conditions = nil, &block) ⇒ Object

# File 'lib/access-granted/policy.rb', line 15

def role(name, conditions_or_klass = nil, conditions = nil, &block)
  name = name.to_sym
  if roles.select {|r| r.name == name }.any?
    raise DuplicateRole, "Role '#{name}' already defined"
  end
  @last_priority += 1
  r = if conditions_or_klass.is_a?(Class) && conditions_or_klass <= AccessGranted::Role
    conditions_or_klass.new(name, @last_priority, conditions, @user, block)
  else
    Role.new(name, @last_priority, conditions_or_klass, @user, block)
  end
  roles << r
  roles.sort_by! {|r|  r.priority }
  r
end