Module: Zuul::ActiveRecord::Subject::PermissionMethods::InstanceMethods

Defined in:

lib/zuul/active_record/subject.rb

Instance Method Summary

• #assign_permission(permission, context = nil, force_context = nil) ⇒ Object

  Assigns a permission to a subject within the provided context.

• #has_permission?(permission, context = nil, force_context = nil) ⇒ Boolean (also: #permission?, #can?, #allowed_to?)

  Checks whether a subject has a permission within the provided context.

• #permission_role_for(target, context, proles = nil) ⇒ Object

  Looks up a permission role based on the passed target and context.

• #permission_role_for?(target, context, proles = nil) ⇒ Boolean
• #permission_role_or_subject_for(target, context, proles = nil) ⇒ Object

  Looks up a permission subject or role based on the passed target and context.

• #permission_role_or_subject_for?(target, context, proles = nil) ⇒ Boolean
• #permission_subject_for(target, context) ⇒ Object

  Looks up a permission subject based on the passed target and context.

• #permission_subject_for?(target, context) ⇒ Boolean
• #permissions_for(context = nil, force_context = nil) ⇒ Object

  Returns all permissions possessed by the subject within the provided context.

• #permissions_for?(context = nil, force_context = nil) ⇒ Boolean

  Check whether the subject possesses any permissions within the specified context.

• #role_and_subject_permissions_for(context, proles = nil) ⇒ Object
• #role_and_subject_permissions_for?(context, proles = nil) ⇒ Boolean
• #role_and_subject_permissions_within(context, proles = nil) ⇒ Object
• #role_and_subject_permissions_within?(context, proles = nil) ⇒ Boolean
• #unassign_permission(permission, context = nil, force_context = nil) ⇒ Object (also: #remove_permission)

  Removes a permission from a subject within the provided context.

Instance Method Details

#assign_permission(permission, context = nil, force_context = nil) ⇒ Object

Assigns a permission to a subject within the provided context.

If a Permission object is provided it’s used directly, otherwise if a permission slug is provided, the permission is looked up in the context chain by target_permission.

# File 'lib/zuul/active_record/subject.rb', line 222

def assign_permission(permission, context=nil, force_context=nil)
  auth_scope do
    context = Zuul::Context.parse(context)
    target = target_permission(permission, context, force_context)
    return false unless verify_target_context(target, context, force_context)
    return permission_subject_class.find_or_create_by(subject_foreign_key.to_sym => id, permission_foreign_key.to_sym => target.id, :context_type => context.class_name, :context_id => context.id)
  end
end

#has_permission?(permission, context = nil, force_context = nil) ⇒ Boolean Also known as: permission?, can?, allowed_to?

Checks whether a subject has a permission within the provided context.

If a Permission object is provided it’s used directly, otherwise if a permission slug is provided, the permission is looked up in the context chain by target_permission.

The assigned context behaves the same way, in that if the permission is not found to belong to the subject with the specified context, we look up the context chain.

Permissions belonging to roles possessed by the subject are also included.

Returns:

• (Boolean)

# File 'lib/zuul/active_record/subject.rb', line 259

def has_permission?(permission, context=nil, force_context=nil)
  auth_scope do
    force_context ||= config.force_context
    context = Zuul::Context.parse(context)
    target = target_permission(permission, context, force_context)
    return false if target.nil?
    return permission_role_or_subject_for?(target, context) if force_context

    return true if permission_role_or_subject_for?(target, context)
    return true if context.instance? && permission_role_or_subject_for?(target, Zuul::Context.new(context.klass))
    return true if !context.global? && permission_role_or_subject_for?(target, Zuul::Context.new)
    return false
  end
end

#permission_role_for(target, context, proles = nil) ⇒ Object

Looks up a permission role based on the passed target and context

# File 'lib/zuul/active_record/subject.rb', line 314

def permission_role_for(target, context, proles=nil)
  auth_scope do
    proles ||= roles_for(context)
    return permission_role_class.find_by(role_foreign_key.to_sym => proles.map(&:id), permission_foreign_key.to_sym => target.id, :context_type => context.class_name, :context_id => context.id)
  end
end

#permission_role_for?(target, context, proles = nil) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/zuul/active_record/subject.rb', line 321

def permission_role_for?(target, context, proles=nil)
  !permission_role_for(target, context, proles).nil?
end

#permission_role_or_subject_for(target, context, proles = nil) ⇒ Object

Looks up a permission subject or role based on the passed target and context

# File 'lib/zuul/active_record/subject.rb', line 326

def permission_role_or_subject_for(target, context, proles=nil)
  permission_subject_for(target, context) || permission_role_for(target, context, proles)
end

#permission_role_or_subject_for?(target, context, proles = nil) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/zuul/active_record/subject.rb', line 330

def permission_role_or_subject_for?(target, context, proles=nil)
  !permission_role_or_subject_for(target, context, proles).nil?
end

#permission_subject_for(target, context) ⇒ Object

Looks up a permission subject based on the passed target and context

# File 'lib/zuul/active_record/subject.rb', line 303

def permission_subject_for(target, context)
  auth_scope do
    return permission_subject_class.find_by(subject_foreign_key.to_sym => id, permission_foreign_key.to_sym => target.id, :context_type => context.class_name, :context_id => context.id)
  end
end

#permission_subject_for?(target, context) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/zuul/active_record/subject.rb', line 309

def permission_subject_for?(target, context)
  !permission_subject_for(target, context).nil?
end

#permissions_for(context = nil, force_context = nil) ⇒ Object

Returns all permissions possessed by the subject within the provided context.

This includes permissions assigned directly to the subject or any roles possessed by the subject, as well as all permissions found by looking up the context chain.

# File 'lib/zuul/active_record/subject.rb', line 281

def permissions_for(context=nil, force_context=nil)
  auth_scope do
    force_context ||= config.force_context
    context = Zuul::Context.parse(context)
    roles = roles_for(context)
    if force_context
      return role_and_subject_permissions_for(context, roles)
    else
      return role_and_subject_permissions_within(context, roles)
    end
  end
end

#permissions_for?(context = nil, force_context = nil) ⇒ Boolean

Check whether the subject possesses any permissions within the specified context.

This includes permissions assigned directly to the subject or any roles possessed by the subject, as well as all permissions found by looking up the context chain.

Returns:

• (Boolean)

# File 'lib/zuul/active_record/subject.rb', line 298

def permissions_for?(context=nil, force_context=nil)
  !permissions_for(context, force_context).empty?
end

#role_and_subject_permissions_for(context, proles = nil) ⇒ Object

# File 'lib/zuul/active_record/subject.rb', line 334

def role_and_subject_permissions_for(context, proles=nil)
  auth_scope do
    return permission_class.joins("
        LEFT JOIN #{permission_roles_table_name}
          ON #{permission_roles_table_name}.#{permission_foreign_key} = #{permissions_table_name}.id
        LEFT JOIN #{permission_subjects_table_name}
          ON #{permission_subjects_table_name}.#{permission_foreign_key} = #{permissions_table_name}.id"
      ).where("
        (
          #{permission_subjects_table_name}.#{subject_foreign_key} = ?
          AND #{permission_subjects_table_name}.context_type #{sql_is_or_equal(context.class_name)} ?
          AND #{permission_subjects_table_name}.context_id #{sql_is_or_equal(context.id)} ?
        )
        OR
        (
          #{permission_roles_table_name}.#{role_foreign_key} IN (?)
          AND #{permission_roles_table_name}.context_type #{sql_is_or_equal(context.class_name)} ?
          AND #{permission_roles_table_name}.context_id #{sql_is_or_equal(context.id)} ?
        )",
        id,
        context.class_name,
        context.id,
        (proles || roles_for(context)).map(&:id),
        context.class_name,
        context.id)
  end
end

#role_and_subject_permissions_for?(context, proles = nil) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/zuul/active_record/subject.rb', line 362

def role_and_subject_permissions_for?(context, proles=nil)
  !role_and_subject_permissions_for(context, proles).empty?
end

#role_and_subject_permissions_within(context, proles = nil) ⇒ Object

# File 'lib/zuul/active_record/subject.rb', line 366

def role_and_subject_permissions_within(context, proles=nil)
  auth_scope do
    return permission_class.joins("
        LEFT JOIN #{permission_roles_table_name}
        ON #{permission_roles_table_name}.#{permission_foreign_key} = #{permissions_table_name}.id
        LEFT JOIN #{permission_subjects_table_name}
        ON #{permission_subjects_table_name}.#{permission_foreign_key} = #{permissions_table_name}.id"
      ).where("
        (
          #{permission_subjects_table_name}.#{subject_foreign_key} = ?
          AND (
            #{permission_subjects_table_name}.context_type #{sql_is_or_equal(context.class_name)} ?
            OR #{permission_subjects_table_name}.context_type IS NULL
          )
          AND (
            #{permission_subjects_table_name}.context_id #{sql_is_or_equal(context.id)} ?
            OR #{permission_subjects_table_name}.context_id IS NULL
          )
        )
        OR (
          #{permission_roles_table_name}.#{role_foreign_key} IN (?)
          AND (
            #{permission_roles_table_name}.context_type #{sql_is_or_equal(context.class_name)} ?
            OR #{permission_roles_table_name}.context_type IS NULL
          )
          AND (
            #{permission_roles_table_name}.context_id #{sql_is_or_equal(context.id)} ?
            OR #{permission_roles_table_name}.context_id IS NULL
          )
        )",
        id,
        context.class_name,
        context.id,
        (proles || roles_for(context)).map(&:id),
        context.class_name,
        context.id)
  end
end

#role_and_subject_permissions_within?(context, proles = nil) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/zuul/active_record/subject.rb', line 405

def role_and_subject_permissions_within?(context, proles=nil)
  !role_and_subject_permissions_within(context, proles).empty?
end

#unassign_permission(permission, context = nil, force_context = nil) ⇒ Object Also known as: remove_permission

Removes a permission from a subject within the provided context.

If a Permission object is provided it’s used directly, otherwise if a permission slug is provided, the permission is looked up in the context chain by target_permission.

# File 'lib/zuul/active_record/subject.rb', line 236

def unassign_permission(permission, context=nil, force_context=nil)
  auth_scope do
    context = Zuul::Context.parse(context)
    target = target_permission(permission, context, force_context)
    return false if target.nil?

    assigned_permission = permission_subject_for(target, context)
    return false if assigned_permission.nil?
    return assigned_permission.destroy
  end
end