Module: Zuul::ActiveRecord::Role::PermissionMethods

Defined in:
lib/zuul/active_record/role.rb

Instance Method Summary collapse

Instance Method Details

#assign_permission(permission, context = nil, force_context = nil) ⇒ Object

Assigns a permission to a role within the provided context.

If a Permission object is provided it’s used directly, otherwise if a permission slug is provided, the permission is looked up in the context chain by target_permission.



51
52
53
54
55
56
57
58
59
 
# File 'lib/zuul/active_record/role.rb', line 51

def assign_permission(permission, context=nil, force_context=nil)
  auth_scope do
    context = Zuul::Context.parse(context)
    target = target_permission(permission, context, force_context)
    return false unless verify_target_context(target, context, force_context) && verify_target_context(self, context, false)

    return permission_role_class.find_or_create_by(role_foreign_key.to_sym => id, permission_foreign_key.to_sym => target.id, :context_type => context.class_name, :context_id => context.id)
  end
end

#has_permission?(permission, context = nil, force_context = nil) ⇒ Boolean Also known as: permission?, can?, allowed_to?

Checks whether a role has a permission within the provided context.

If a Permission object is provided it’s used directly, otherwise if a permission slug is provided, the permission is looked up in the context chain by target_permission.

The assigned context behaves the same way, in that if the permission is not found to belong to the role with the specified context, we look up the context chain.

Returns:

  • (Boolean) 


87
88
89
90
91
92
93
94
95
96
97
98
99
100
 
# File 'lib/zuul/active_record/role.rb', line 87

def has_permission?(permission, context=nil, force_context=nil)
  auth_scope do
    force_context ||= config.force_context
    context = Zuul::Context.parse(context)
    target = target_permission(permission, context, force_context)
    return false if target.nil?
    return permission_role_for?(target, context) if force_context

    return true if permission_role_for?(target, context)
    return true if context.instance? && permission_role_for?(target, Zuul::Context.new(context.klass))
    return true if !context.global? && permission_role_for?(target, Zuul::Context.new)
    return false
  end
end

#permission_role_for(target, context) ⇒ Object

Looks up a single permission_role based on the passed target and context



124
125
126
127
128
 
# File 'lib/zuul/active_record/role.rb', line 124

def permission_role_for(target, context)
  auth_scope do
    return permission_role_class.find_by(role_foreign_key.to_sym => id, permission_foreign_key.to_sym => target.id, :context_type => context.class_name, :context_id => context.id)
  end
end

#permission_role_for?(target, context) ⇒ Boolean

Returns:

  • (Boolean) 


130
131
132
 
# File 'lib/zuul/active_record/role.rb', line 130

def permission_role_for?(target, context)
  !permission_role_for(target, context).nil?
end

#permissions_for(context = nil, force_context = nil) ⇒ Object

Returns all permissions possessed by the role within the provided context.



106
107
108
109
110
111
112
113
114
115
116
 
# File 'lib/zuul/active_record/role.rb', line 106

def permissions_for(context=nil, force_context=nil)
  auth_scope do
    force_context ||= config.force_context
    context = Zuul::Context.parse(context)
    if force_context
      return role_permissions_for(context)
    else
      return role_permissions_within(context)
    end
  end
end

#permissions_for?(context = nil, force_context = nil) ⇒ Boolean

Check whether the role possesses any permissions within the specified context.

Returns:

  • (Boolean) 


119
120
121
 
# File 'lib/zuul/active_record/role.rb', line 119

def permissions_for?(context=nil, force_context=nil)
  permissions_for(context, force_context).count > 0
end

#role_permissions_for(context) ⇒ Object

Looks up all permissions for this role for the passed context



135
136
137
138
139
 
# File 'lib/zuul/active_record/role.rb', line 135

def role_permissions_for(context)
  auth_scope do
    return permission_class.joins(permission_role_plural_key).where(permission_role_plural_key => {role_foreign_key.to_sym => id, :context_type => context.class_name, :context_id => context.id})
  end
end

#role_permissions_for?(context) ⇒ Boolean

Returns:

  • (Boolean) 


141
142
143
 
# File 'lib/zuul/active_record/role.rb', line 141

def role_permissions_for?(context)
  !role_permissions_for(context).empty?
end

#role_permissions_within(context) ⇒ Object

Looks up all permissions for this role within the passed context (within the context chain)



146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
 
# File 'lib/zuul/active_record/role.rb', line 146

def role_permissions_within(context)
  auth_scope do
    return permission_class.joins("
        LEFT JOIN #{permission_roles_table_name}
          ON #{permission_roles_table_name}.#{permission_foreign_key} = #{permissions_table_name}.id"
      ).where("
        #{permission_roles_table_name}.#{role_foreign_key} = ?
        AND (
          #{permission_roles_table_name}.context_type #{sql_is_or_equal(context.class_name)} ?
          OR #{permission_roles_table_name}.context_type IS NULL
        )
        AND (
          #{permission_roles_table_name}.context_id #{sql_is_or_equal(context.id)} ?
          OR #{permission_roles_table_name}.context_id IS NULL
        )",
        id,
        context.class_name,
        context.id)
  end
end

#role_permissions_within?(context) ⇒ Boolean

Returns:

  • (Boolean) 


167
168
169
 
# File 'lib/zuul/active_record/role.rb', line 167

def role_permissions_within?(context)
  !role_permissions_within(context).empty?
end

#unassign_permission(permission, context = nil, force_context = nil) ⇒ Object Also known as: remove_permission

Removes a permission from a role within the provided context.

If a Permission object is provided it’s used directly, otherwise if a permission slug is provided, the permission is looked up in the context chain by target_permission.



66
67
68
69
70
71
72
73
74
75
76
 
# File 'lib/zuul/active_record/role.rb', line 66

def unassign_permission(permission, context=nil, force_context=nil)
  auth_scope do
    context = Zuul::Context.parse(context)
    target = target_permission(permission, context, force_context)
    return false if target.nil?

    assigned_permission = permission_role_for(target, context)
    return false if assigned_permission.nil?
    return assigned_permission.destroy
  end
end