Class: Adeia::ControllerResource

Inherits:

Object

• Object
• Adeia::ControllerResource

Defined in:

lib/adeia/controller_resource.rb

Class Method Summary

• .add_before_filter(controller_class, method, **args) ⇒ Object
• .load_resource_or_records_and_authorize(controller) ⇒ Object
• .require_login(controller) ⇒ Object

Instance Method Summary

• #authorization ⇒ Object
• #authorize! ⇒ Object
• #authorized?(method, element, resource) ⇒ Boolean
• #check_permissions! ⇒ Object
• #initialize(controller, **args) ⇒ ControllerResource constructor

  A new instance of ControllerResource.

• #load_records ⇒ Object
• #load_resource ⇒ Object

Constructor Details

#initialize(controller, **args) ⇒ ControllerResource

Returns a new instance of ControllerResource.

# File 'lib/adeia/controller_resource.rb', line 29

def initialize(controller, **args)
  @controller = controller
  @action_name = args.fetch(:action, @controller.action_name)
  @controller_name = args.fetch(:controller, @controller.controller_path)
  @token = args.fetch(:token, @controller.request.GET[:token])
  @resource = args[:resource]
  @user = @controller.current_user
  @controller.store_location
end

Class Method Details

.add_before_filter(controller_class, method, **args) ⇒ Object

# File 'lib/adeia/controller_resource.rb', line 8

def self.add_before_filter(controller_class, method, **args)
  controller_class.send(:before_action, args.slice(:only, :except, :if, :unless)) do |controller|
    ControllerResource.send(method, controller)
  end
end

.load_resource_or_records_and_authorize(controller) ⇒ Object

# File 'lib/adeia/controller_resource.rb', line 14

def self.load_resource_or_records_and_authorize(controller)
  case controller.action_name
  when "index"
    controller.authorize_and_load_records!
  when "show", "edit", "update", "destroy"
    controller.load_and_authorize!
  else
    controller.authorize!
  end
end

.require_login(controller) ⇒ Object

# File 'lib/adeia/controller_resource.rb', line 25

def self.require_login(controller)
  controller.require_login!
end

Instance Method Details

#authorization ⇒ Object

# File 'lib/adeia/controller_resource.rb', line 63

def authorization
  @authorization ||= Authorization.new(@controller_name, @action_name, @token, @resource, @user)
end

#authorize! ⇒ Object

# File 'lib/adeia/controller_resource.rb', line 67

def authorize!
  authorization.authorize!
end

#authorized?(method, element, resource) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/adeia/controller_resource.rb', line 75

def authorized?(method, element, resource)
  @controller_name, @resource = get_controller_and_resource(element, resource)
  instance_variable_get_or_set(method)
end

#check_permissions! ⇒ Object

# File 'lib/adeia/controller_resource.rb', line 71

def check_permissions!
  authorization.check_permissions!
end

#load_records ⇒ Object

# File 'lib/adeia/controller_resource.rb', line 48

def load_records
  rights = authorization.read_rights.merge(authorization.token_rights(:read)) { |key, v1, v2| v1 + v2 }
  rights, resource_ids = rights[:rights], rights[:resource_ids]
  @records ||= if rights.any? { |r| r.permission_type == "all_entries" }
    resource_class.all
  elsif rights.any? { |r| r.permission_type == "on_ownerships" }
    resource_class.where("user_id = ? OR id IN (?)", @user.id, resource_ids)
  elsif rights.any? { |r| r.permission_type == "on_entry" }
    resource_class.where(id: resource_ids)
  else
    resource_class.none
  end
  @controller.instance_variable_set("@#{resource_name.pluralize}", @records)
end

#load_resource ⇒ Object

# File 'lib/adeia/controller_resource.rb', line 39

def load_resource
  begin
    @resource ||= resource_class.find(@controller.params.fetch(:id))
    @controller.instance_variable_set("@#{resource_name}", @resource)
  rescue KeyError
    raise MissingParams.new(:id)
  end
end