Module: AccessGranted::Policy

Included in:

AccessPolicy

Defined in:

lib/access-granted/policy.rb

Instance Attribute Summary

• #cache ⇒ Object

  Returns the value of attribute cache.

• #roles ⇒ Object

  Returns the value of attribute roles.

• #user ⇒ Object readonly

  Returns the value of attribute user.

Instance Method Summary

• #applicable_roles ⇒ Object
• #authorize!(action, subject, message = 'Access Denied') ⇒ Object
• #can?(action, subject = nil) ⇒ Boolean
• #cannot?(*args) ⇒ Boolean
• #check_permission(action, subject) ⇒ Object
• #configure ⇒ Object
• #initialize(user, cache_enabled = true) ⇒ Object
• #role(name, conditions_or_klass = nil, conditions = nil, &block) ⇒ Object

Instance Attribute Details

#cache ⇒ Object

Returns the value of attribute cache.

# File 'lib/access-granted/policy.rb', line 3

def cache
  @cache
end

#roles ⇒ Object

Returns the value of attribute roles.

# File 'lib/access-granted/policy.rb', line 3

def roles
  @roles
end

#user ⇒ Object (readonly)

Returns the value of attribute user.

# File 'lib/access-granted/policy.rb', line 4

def user
  @user
end

Instance Method Details

#applicable_roles ⇒ Object

# File 'lib/access-granted/policy.rb', line 66

def applicable_roles
  @applicable_roles ||= roles.select do |role|
    role.applies_to?(user)
  end
end

#authorize!(action, subject, message = 'Access Denied') ⇒ Object

# File 'lib/access-granted/policy.rb', line 59

def authorize!(action, subject, message = 'Access Denied')
  if cannot?(action, subject)
    raise AccessDenied.new(action, subject, message)
  end
  subject
end

#can?(action, subject = nil) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/access-granted/policy.rb', line 30

def can?(action, subject = nil)
  cache[action] ||= {}

  if cache[action][subject]
    cache[action][subject]
  else
    granted, actions = check_permission(action, subject)
    actions.each do |a|
      cache[a] ||= {}
      cache[a][subject] ||= granted
    end

    granted
  end
end

#cannot?(*args) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/access-granted/policy.rb', line 55

def cannot?(*args)
  !can?(*args)
end

#check_permission(action, subject) ⇒ Object

# File 'lib/access-granted/policy.rb', line 46

def check_permission(action, subject)
  applicable_roles.each do |role|
    permission = role.find_permission(action, subject)
    return [permission.granted, permission.actions] if permission
  end

  [false, []]
end

#configure ⇒ Object

# File 'lib/access-granted/policy.rb', line 13

def configure
end

#initialize(user, cache_enabled = true) ⇒ Object

# File 'lib/access-granted/policy.rb', line 6

def initialize(user, cache_enabled = true)
  @user          = user
  @roles         = []
  @cache         = {}
  configure
end

#role(name, conditions_or_klass = nil, conditions = nil, &block) ⇒ Object

# File 'lib/access-granted/policy.rb', line 16

def role(name, conditions_or_klass = nil, conditions = nil, &block)
  name = name.to_sym
  if roles.select {|r| r.name == name }.any?
    raise DuplicateRole, "Role '#{name}' already defined"
  end
  r = if conditions_or_klass.is_a?(Class) && conditions_or_klass <= AccessGranted::Role
    conditions_or_klass.new(name, conditions, user, block)
  else
    Role.new(name, conditions_or_klass, user, block)
  end
  roles << r
  r
end