Module: AccessGranted::Policy

Included in:: AccessPolicy

Defined in:: lib/access-granted/policy.rb

Instance Attribute Summary collapse

#roles ⇒ Object

Returns the value of attribute roles.

Instance Method Summary collapse

Instance Attribute Details

#roles ⇒ `Object`

Returns the value of attribute roles.



3
4
5

# File 'lib/access-granted/policy.rb', line 3

def roles
  @roles
end

Instance Method Details

#authorize!(action, subject) ⇒ `Object`

# File 'lib/access-granted/policy.rb', line 41

def authorize!(action, subject)
  if cannot?(action, subject)
    raise AccessDenied
  end
  subject
end

#can?(action, subject = nil) ⇒ `Boolean`

Returns:

(Boolean)

# File 'lib/access-granted/policy.rb', line 28

def can?(action, subject = nil)
  roles.each do |role|
    next unless role.applies_to?(@user)
    permission = role.find_permission(action, subject)
    return permission.granted if permission
  end
  false
end

#cannot?(*args) ⇒ `Boolean`

Returns:

(Boolean)



37
38
39

# File 'lib/access-granted/policy.rb', line 37

def cannot?(*args)
  !can?(*args)
end

#configure ⇒ `Object`



11
12

# File 'lib/access-granted/policy.rb', line 11

def configure
end

#initialize(user) ⇒ `Object`

# File 'lib/access-granted/policy.rb', line 5

def initialize(user)
  @user          = user
  @roles         = []
  configure
end

#role(name, conditions_or_klass = nil, conditions = nil, &block) ⇒ `Object`

# File 'lib/access-granted/policy.rb', line 14

def role(name, conditions_or_klass = nil, conditions = nil, &block)
  name = name.to_sym
  if roles.select {|r| r.name == name }.any?
    raise DuplicateRole, "Role '#{name}' already defined"
  end
  r = if conditions_or_klass.is_a?(Class) && conditions_or_klass <= AccessGranted::Role
    conditions_or_klass.new(name, conditions, @user, block)
  else
    Role.new(name, conditions_or_klass, @user, block)
  end
  roles << r
  r
end

Module: AccessGranted::Policy

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#roles ⇒ Object

Instance Method Details

#authorize!(action, subject) ⇒ Object

#can?(action, subject = nil) ⇒ Boolean

#cannot?(*args) ⇒ Boolean

#configure ⇒ Object

#initialize(user) ⇒ Object

#role(name, conditions_or_klass = nil, conditions = nil, &block) ⇒ Object

#roles ⇒ `Object`

#authorize!(action, subject) ⇒ `Object`

#can?(action, subject = nil) ⇒ `Boolean`

#cannot?(*args) ⇒ `Boolean`

#configure ⇒ `Object`

#initialize(user) ⇒ `Object`

#role(name, conditions_or_klass = nil, conditions = nil, &block) ⇒ `Object`