Class: Authorization::AttributeWithPermission

Inherits:
Attribute
  • Object
show all
Defined in:
lib/declarative_authorization/authorization.rb

Overview

An attribute condition that uses existing rules to decide validation and create obligations.

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(privilege, attr_or_hash, context = nil) ⇒ AttributeWithPermission

E.g. privilege :read, attr_or_hash either :attribute or { :attribute => :deeper_attribute }



731
732
733
734
735
 
# File 'lib/declarative_authorization/authorization.rb', line 731

def initialize(privilege, attr_or_hash, context = nil)
  @privilege = privilege
  @context = context
  @attr_hash = attr_or_hash
end

Class Method Details

.reflection_for_path(parent_model, path) ⇒ Object 



839
840
841
842
843
844
845
846
847
848
849
850
851
852
 
# File 'lib/declarative_authorization/authorization.rb', line 839

def self.reflection_for_path(parent_model, path)
  reflection = path.empty? ? parent_model : begin
    parent = reflection_for_path(parent_model, path[0..-2])
    if !parent.respond_to?(:proxy_reflection) and parent.respond_to?(:klass)
      parent.klass.reflect_on_association(path.last)
    else
      parent.reflect_on_association(path.last)
    end
  rescue
    parent.reflect_on_association(path.last)
  end
  raise "invalid path #{path.inspect}" if reflection.nil?
  reflection
end

Instance Method Details

#initialize_copy(from) ⇒ Object 



737
738
739
 
# File 'lib/declarative_authorization/authorization.rb', line 737

def initialize_copy(from)
  @attr_hash = deep_hash_clone(@attr_hash) if @attr_hash.is_a?(Hash)
end

#obligation(attr_validator, hash_or_attr = nil, path = []) ⇒ Object

may return an array of obligations to be OR’ed



780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
 
# File 'lib/declarative_authorization/authorization.rb', line 780

def obligation(attr_validator, hash_or_attr = nil, path = [])
  hash_or_attr ||= @attr_hash
  case hash_or_attr
  when Symbol
    @context ||= begin
      rule_model = attr_validator.context.to_s.classify.constantize
      context_reflection = self.class.reflection_for_path(rule_model, path + [hash_or_attr])
      if context_reflection.klass.respond_to?(:decl_auth_context)
        context_reflection.klass.decl_auth_context
      else
        context_reflection.klass.name.tableize.to_sym
      end
    rescue # missing model, reflections
      hash_or_attr.to_s.pluralize.to_sym
    end

    obligations = attr_validator.engine.obligations(@privilege,
                      :context => @context,
                      :user    => attr_validator.user)

    obligations.collect {|obl| {hash_or_attr => obl} }
  when Hash
    obligations_array_attrs = []
    obligations =
        hash_or_attr.inject({}) do |all, pair|
          attr, sub_hash = pair
          all[attr] = obligation(attr_validator, sub_hash, path + [attr])
          if all[attr].length > 1
            obligations_array_attrs << attr
          else
            all[attr] = all[attr].first
          end
          all
        end
    obligations = [obligations]
    obligations_array_attrs.each do |attr|
      next_array_size = obligations.first[attr].length
      obligations = obligations.collect do |obls|
        (0...next_array_size).collect do |idx|
          obls_wo_array = obls.clone
          obls_wo_array[attr] = obls_wo_array[attr][idx]
          obls_wo_array
        end
      end.flatten
    end
    obligations
  when NilClass
    attr_validator.engine.obligations(@privilege,
        :context => attr_validator.context,
        :user    => attr_validator.user)
  else
    raise AuthorizationError, "Wrong conditions hash format: #{hash_or_attr.inspect}"
  end
end

#to_long_sObject 



835
836
837
 
# File 'lib/declarative_authorization/authorization.rb', line 835

def to_long_s
  "if_permitted_to #{@privilege.inspect}, #{@attr_hash.inspect}"
end

#validate?(attr_validator, object = nil, hash_or_attr = nil) ⇒ Boolean

Returns:

  • (Boolean) 


741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
 
# File 'lib/declarative_authorization/authorization.rb', line 741

def validate?(attr_validator, object = nil, hash_or_attr = nil)
  object ||= attr_validator.object
  hash_or_attr ||= @attr_hash
  return false unless object

  case hash_or_attr
  when Symbol
    attr_value = object_attribute_value(object, hash_or_attr)
    case attr_value
    when nil
      raise NilAttributeValueError, "Attribute #{hash_or_attr.inspect} is nil in #{object.inspect}."
    when Enumerable
      attr_value.any? do |inner_value|
        attr_validator.engine.permit? @privilege, :object => inner_value, :user => attr_validator.user
      end
    else
      attr_validator.engine.permit? @privilege, :object => attr_value, :user => attr_validator.user
    end
  when Hash
    hash_or_attr.all? do |attr, sub_hash|
      attr_value = object_attribute_value(object, attr)
      if attr_value == nil
        raise NilAttributeValueError, "Attribute #{attr.inspect} is nil in #{object.inspect}."
      elsif attr_value.is_a?(Enumerable)
        attr_value.any? do |inner_value|
          validate?(attr_validator, inner_value, sub_hash)
        end
      else
        validate?(attr_validator, attr_value, sub_hash)
      end
    end
  when NilClass
    attr_validator.engine.permit? @privilege, :object => object, :user => attr_validator.user
  else
    raise AuthorizationError, "Wrong conditions hash format: #{hash_or_attr.inspect}"
  end
end