Class: Zuul::ActionController::DSL::Permissions

Inherits:
Actionable show all
Defined in:
lib/zuul/action_controller/dsl/permissions.rb

Instance Attribute Summary

Attributes inherited from Base

#actions, #context, #default, #default_block_allow_rules, #default_block_deny_rules, #force_context, #mode, #permissions, #results, #roles, #scope, #subject_method

Instance Method Summary collapse

Methods inherited from Actionable

#all, #allow?, #deny?

Methods inherited from Base

#all_actions, #all_permissions, #all_roles, #allow_permissions, #allow_roles, #anyone, #authorized?, #collect_results, #contextual_permission, #contextual_role, #deny_permissions, #deny_roles, #execute, #logged_in, #logged_out, #options, #parse_context, #set_options, #subject

Instance Method Details

#allow(*actions) ⇒ Object 



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
 
# File 'lib/zuul/action_controller/dsl/permissions.rb', line 9

def allow(*actions)
  log_timer_start = Time.now.to_f
  actions = actions[0] if actions.length == 1 && actions[0].is_a?(Array)
  actions.concat(@actions)
  return if subject.nil? || @permissions.empty? || actions.empty?
  if actions.map(&:to_sym).include?(@controller.params[:action].to_sym)
    @permissions.each do |permission|
      if allow?(permission)
        logger.debug "  \e[1;33mACL (#{((Time.now.to_f - log_timer_start) * 1000.0).round(1)}ms)\e[0m  \e[1mMATCH\e[0m for \e[32mallow\e[0m permission \e[1m#{permission.is_a?(subject.auth_scope(@scope).role_class) ? "#{permission.slug}[#{permission.context.to_s}]" : permission}\e[0m"
        @results << true
        return
      end
      logger.debug "  \e[1;33mACL (#{((Time.now.to_f - log_timer_start) * 1000.0).round(1)}ms)\e[0m  \e[1mNO MATCH\e[0m for \e[32mallow\e[0m permission \e[1m#{permission.is_a?(subject.auth_scope(@scope).role_class) ? "#{permission.slug}[#{permission.context.to_s}]" : permission}\e[0m"
    end
  end
end

#deny(*actions) ⇒ Object 



26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
 
# File 'lib/zuul/action_controller/dsl/permissions.rb', line 26

def deny(*actions)
  log_timer_start = Time.now.to_f
  actions = actions[0] if actions.length == 1 && actions[0].is_a?(Array)
  actions.concat(@actions)
  return if subject.nil? || @permissions.empty? || actions.empty?
  if actions.map(&:to_sym).include?(@controller.params[:action].to_sym)
    @permissions.each do |permission|
      if deny?(permission)
        logger.debug "  \e[1;33mACL (#{((Time.now.to_f - log_timer_start) * 1000.0).round(1)}ms)\e[0m  \e[1mMATCH\e[0m for \e[31mdeny\e[0m permission \e[1m#{permission.is_a?(subject.auth_scope(@scope).role_class) ? "#{permission.slug}[#{permission.context.to_s}]" : permission}\e[0m"
        @results << false
        return
      end
      logger.debug "  \e[1;33mACL (#{((Time.now.to_f - log_timer_start) * 1000.0).round(1)}ms)\e[0m  \e[1mNO MATCH\e[0m for \e[31mdeny\e[0m permission \e[1m#{permission.is_a?(subject.auth_scope(@scope).role_class) ? "#{permission.slug}[#{permission.context.to_s}]" : permission}\e[0m"
    end
  end
end

#match?(permission) ⇒ Boolean

Returns:

  • (Boolean) 


5
6
7
 
# File 'lib/zuul/action_controller/dsl/permissions.rb', line 5

def match?(permission)
  subject.auth_scope(@scope, @context, @force_context) { |context, force_context| has_permission?(permission, context.to_context, force_context) }
end