Module: ActiveRecordPermissions::Permissions::SecurityMethods

Defined in:
lib/active_scaffold/active_record_permissions.rb

Instance Method Summary collapse

Instance Method Details

#authorized_for?(options = {}) ⇒ Boolean

A generic authorization query. This is what will be called programatically, since the actual permission methods can’t be guaranteed to exist. And because we want to intelligently combine multiple applicable methods.

options should be a CRUD verb (:create, :read, :update, :destroy) options should be the name of a model attribute options is the name of a method

Returns:

  • (Boolean) 


85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
 
# File 'lib/active_scaffold/active_record_permissions.rb', line 85

def authorized_for?(options = {})
  # column_authorized_for_crud_type? has the highest priority over other methods,
  # you can disable a crud verb and enable that verb for a column
  # (for example, disable update and enable inplace_edit in a column)
  method = column_and_crud_type_security_method(options[:column], options[:crud_type])
  return send(method) if method and respond_to?(method)

  # authorized_for_action? has higher priority than other methods,
  # you can disable a crud verb and enable an action with that crud verb
  # (for example, disable update and enable an action with update as crud type)
  method = action_security_method(options[:action])
  return send(method) if method and respond_to?(method)

  # collect other possibly-related methods that actually exist
  methods = [
    column_security_method(options[:column]),
    crud_type_security_method(options[:crud_type]),
  ].compact.select {|m| respond_to?(m)}

  # if any method returns false, then return false
  return false if methods.any? {|m| !send(m)}

  # if any method actually exists then it must've returned true, so return true
  return true unless methods.empty?

  # if no method exists, return the default permission
  return ActiveRecordPermissions.default_permission
end

#authorized_for_read_column?(column) ⇒ Boolean

Returns:

  • (Boolean) 


114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
 
# File 'lib/active_scaffold/active_record_permissions.rb', line 114

def authorized_for_read_column?(column)
  self.class.auth_column_read_methods ||= {}
  methods = self.class.auth_column_read_methods[column]
  if methods.nil?
    method = column_and_crud_type_security_method(column, :read)
    methods = if method && respond_to?(method)
      [method]
    else
      [column_security_method(column),
      crud_type_security_method(:read)].compact.select {|m| respond_to?(m)}
    end
    self.class.auth_column_read_methods[column] = methods
  end

  # if any method returns false, then return false
  return false if methods.any? {|m| !send(m)}

  # if any method actually exists then it must've returned true, so return true
  return true unless methods.empty?

  # if no method exists, return the default permission
  return ActiveRecordPermissions.default_permission
end