Class: Aclize::Acl::ControllersRegistry

Inherits:

Object

• Object
• Aclize::Acl::ControllersRegistry

Defined in:

lib/aclize/acl/controllers_registry.rb

Instance Attribute Summary

• #denied ⇒ Object readonly

  Returns the value of attribute denied.

• #permitted ⇒ Object readonly

  Returns the value of attribute permitted.

Instance Method Summary

• #initialize ⇒ ControllersRegistry constructor

  A new instance of ControllersRegistry.

• #permit(controller, only: nil, except: nil) ⇒ Object

  add a new permit rule to controllers registry.

• #permitted?(controller, *args) ⇒ Boolean

  check if each action in the list is allowed for the specified controller.

Constructor Details

#initialize ⇒ ControllersRegistry

Returns a new instance of ControllersRegistry.

# File 'lib/aclize/acl/controllers_registry.rb', line 13

def initialize
  @permitted = {"*" => []}.nested_under_indifferent_access
  @denied    = {"*" => []}.nested_under_indifferent_access
end

Instance Attribute Details

#denied ⇒ Object (readonly)

Returns the value of attribute denied.

# File 'lib/aclize/acl/controllers_registry.rb', line 11

def denied
  @denied
end

#permitted ⇒ Object (readonly)

Returns the value of attribute permitted.

# File 'lib/aclize/acl/controllers_registry.rb', line 11

def permitted
  @permitted
end

Instance Method Details

#permit(controller, only: nil, except: nil) ⇒ Object

add a new permit rule to controllers registry

Raises:

• (ArgumentError)

# File 'lib/aclize/acl/controllers_registry.rb', line 19

def permit(controller, only: nil, except: nil)
  @permitted[controller] ||= []
  @denied[controller]    ||= []

  raise ArgumentError.new("#permit cannot accept both :only and :except. At most one of them can be specified!") if only && except

  if except
    @permitted[controller] = ["*"]
    @denied[controller]    = normalize(except)
  elsif only
    @denied[controller]    = []
    @permitted[controller] = normalize(only)
  else
    @permitted[controller] = ["*"]
    @denied[controller]    = []
  end
end

#permitted?(controller, *args) ⇒ Boolean

check if each action in the list is allowed for the specified controller

Returns:

• (Boolean)

# File 'lib/aclize/acl/controllers_registry.rb', line 38

def permitted?(controller, *args)
  @permitted[controller] ||= []
  @denied[controller]    ||= []
  actions = normalize(args)

  if actions.empty?
    return controller_permitted?(controller)
  elsif controller_permitted?(controller)
    # we know the there's at least one permitted action for this controller,
    # so return false if there's at least one denied action in the list of actions to check
    return false unless (actions & @denied[controller]).empty?

    # we know that the actions aren't denied at controller level, so we could
    # return true if all the actions are also permitted at controller level
    return true if @permitted[controller].include?("*") || (actions & @permitted[controller]) == actions

    # the actions aren't permitted at controller level, so if any of them is
    # denied at global level, we will return false
    return false unless (actions & @denied["*"]).empty?

    # the actions aren't denied at global level, so we have to check if them
    # are allowed at global level and return true if so
    return true if @permitted["*"].include?("*") || (actions & @permitted["*"]) == actions
  end

  return false
end