Class: Authorization::Attribute

Inherits:
Object
  • Object
show all
Defined in:
lib/declarative_authorization/authorization.rb

Direct Known Subclasses

AttributeWithPermission

Instance Method Summary collapse

Constructor Details

#initialize(conditions_hash) ⇒ Attribute

attr_conditions_hash of form { :object_attribute => [operator, value_block], … } { :object_attribute => { :attr => … } }



568
569
570
 
# File 'lib/declarative_authorization/authorization.rb', line 568

def initialize(conditions_hash)
  @conditions_hash = conditions_hash
end

Instance Method Details

#initialize_copy(from) ⇒ Object 



572
573
574
 
# File 'lib/declarative_authorization/authorization.rb', line 572

def initialize_copy(from)
  @conditions_hash = deep_hash_clone(@conditions_hash)
end

#obligation(attr_validator, hash = nil) ⇒ Object

resolves all the values in condition_hash



671
672
673
674
675
676
677
678
679
680
681
682
683
 
# File 'lib/declarative_authorization/authorization.rb', line 671

def obligation(attr_validator, hash = nil)
  hash = (hash || @conditions_hash).clone
  hash.each do |attr, value|
    if value.is_a?(Hash)
      hash[attr] = obligation(attr_validator, value)
    elsif value.is_a?(Array) and value.length == 2
      hash[attr] = [value[0], attr_validator.evaluate(value[1])]
    else
      raise AuthorizationError, "Wrong conditions hash format"
    end
  end
  hash
end

#to_long_s(hash = nil) ⇒ Object 



685
686
687
688
689
690
691
692
693
694
695
696
697
698
 
# File 'lib/declarative_authorization/authorization.rb', line 685

def to_long_s(hash = nil)
  if hash
    hash.inject({}) do |memo, key_val|
      key, val = key_val
      memo[key] = case val
                  when Array then "#{val[0]} { #{val[1].respond_to?(:to_ruby) ? val[1].to_ruby.gsub(/^proc \{\n?(.*)\n?\}$/m, '\1') : "..."} }"
                  when Hash then to_long_s(val)
                  end
      memo
    end
  else
    "if_attribute #{to_long_s(@conditions_hash).inspect}"
  end
end

#validate?(attr_validator, object = nil, hash = nil) ⇒ Boolean

Returns:

  • (Boolean) 


576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
 
# File 'lib/declarative_authorization/authorization.rb', line 576

def validate?(attr_validator, object = nil, hash = nil)
  object ||= attr_validator.object
  return false unless object

  if Authorization.is_a_association_proxy?(object) && object.respond_to?(:empty?)
    return false if object.empty?
    object.each do |member|
      return true if validate?(attr_validator, member, hash)
    end
    return false
  end

  (hash || @conditions_hash).all? do |attr, value|
    attr_value = object_attribute_value(object, attr)
    if value.is_a?(Hash)
      if attr_value.is_a?(Enumerable)
        attr_value.any? do |inner_value|
          validate?(attr_validator, inner_value, value)
        end
      elsif attr_value == nil
        raise NilAttributeValueError, "Attribute #{attr.inspect} is nil in #{object.inspect}."
      else
        validate?(attr_validator, attr_value, value)
      end
    elsif value.is_a?(Array) and value.length == 2 and value.first.is_a?(Symbol)
      evaluated = if value[1].is_a?(Proc)
                    attr_validator.evaluate(value[1])
                  else
                    value[1]
                  end
      case value[0]
      when :is
        attr_value == evaluated
      when :is_not
        attr_value != evaluated
      when :contains
        begin
          attr_value.include?(evaluated)
        rescue NoMethodError => e
          raise AuthorizationUsageError, "Operator contains requires a " +
              "subclass of Enumerable as attribute value, got: #{attr_value.inspect} " +
              "contains #{evaluated.inspect}: #{e}"
        end
      when :does_not_contain
        begin
          !attr_value.include?(evaluated)
        rescue NoMethodError => e
          raise AuthorizationUsageError, "Operator does_not_contain requires a " +
              "subclass of Enumerable as attribute value, got: #{attr_value.inspect} " +
              "does_not_contain #{evaluated.inspect}: #{e}"
        end
      when :intersects_with
        begin
          !(evaluated.to_set & attr_value.to_set).empty?
        rescue NoMethodError => e
          raise AuthorizationUsageError, "Operator intersects_with requires " +
              "subclasses of Enumerable, got: #{attr_value.inspect} " +
              "intersects_with #{evaluated.inspect}: #{e}"
        end
      when :is_in
        begin
          evaluated.include?(attr_value)
        rescue NoMethodError => e
          raise AuthorizationUsageError, "Operator is_in requires a " +
              "subclass of Enumerable as value, got: #{attr_value.inspect} " +
              "is_in #{evaluated.inspect}: #{e}"
        end
      when :is_not_in
        begin
          !evaluated.include?(attr_value)
        rescue NoMethodError => e
          raise AuthorizationUsageError, "Operator is_not_in requires a " +
              "subclass of Enumerable as value, got: #{attr_value.inspect} " +
              "is_not_in #{evaluated.inspect}: #{e}"
        end
      when :lt
        attr_value && attr_value < evaluated
      when :lte
        attr_value && attr_value <= evaluated
      when :gt
        attr_value && attr_value > evaluated
      when :gte
        attr_value && attr_value >= evaluated
      when :id_in_scope
        evaluated.exists?(attr_value)
      else
        raise AuthorizationError, "Unknown operator #{value[0]}"
      end
    else
      raise AuthorizationError, "Wrong conditions hash format"
    end
  end
end