Class: AnnotationSecurity::AbstractStaticPolicy

Inherits:
AbstractPolicy show all
Defined in:
lib/annotation_security/policy/abstract_static_policy.rb

Overview

Abstract superclass for all static policies. For each policy there is a static policy that is responsible for evaluating static rules.

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from AbstractPolicy

#add_method_for_rule, add_rule, #all_for_role, #allowed?, classname_suffix, copy_rule_from, #evaluate, #evaluate_dynamically, forbidden_rule_names, get_rule, #get_rule, #get_rule!, has_dynamic_rule?, has_rule?, #has_rule?, has_static_rule?, #initialize, initialize, load_rule, #method_missing, new_subclass, #raise_access_denied, #raise_rule_missing, reset, #resource_type, resource_type, #static_policy, #user_roles, #with_resource

Constructor Details

This class inherits a constructor from AnnotationSecurity::AbstractPolicy

Dynamic Method Handling

This class handles dynamic methods through the method_missing method in the class AnnotationSecurity::AbstractPolicy

Class Method Details

.all_resources_policyObject

Rules that are defined for all resource types can be found here.



12
13
14
 
# File 'lib/annotation_security/policy/abstract_static_policy.rb', line 12

def self.all_resources_policy # :nodoc:
  AllResourcesPolicy.static_policy_class
end

.belongs_to(dynamic_policy_class) ⇒ Object

Sets the dynamic policy class this policy class belongs to



17
18
19
 
# File 'lib/annotation_security/policy/abstract_static_policy.rb', line 17

def self.belongs_to(dynamic_policy_class) #:nodoc:
  @dynamic_policy_class = dynamic_policy_class
end

.dynamic_policy_classObject

The corresponding dynamic policy class.



29
30
31
 
# File 'lib/annotation_security/policy/abstract_static_policy.rb', line 29

def self.dynamic_policy_class #:nodoc:
  @dynamic_policy_class
end

.rule_setObject

Rule set for this classes resource type



41
42
43
44
 
# File 'lib/annotation_security/policy/abstract_static_policy.rb', line 41

def self.rule_set # :nodoc:
  # Each dynamic and static policy pair shares one rule set.
  dynamic_policy_class.rule_set
end

.static?Boolean

Returns true iif this is policy class is responsible for static rules.

Returns:

  • (Boolean) 


35
36
37
 
# File 'lib/annotation_security/policy/abstract_static_policy.rb', line 35

def self.static? # :nodoc:
  true
end

.static_policy_classObject

A static policy class has no other corresponding static policy class. This should never be called.



23
24
25
 
# File 'lib/annotation_security/policy/abstract_static_policy.rb', line 23

def self.static_policy_class #:nodoc:
  method_missing(:static_policy_class)
end

.use_static_rule(symbol) ⇒ Object

If possible, redirects the rule to the static side. Returns a rule object or nil.



48
49
50
 
# File 'lib/annotation_security/policy/abstract_static_policy.rb', line 48

def self.use_static_rule(symbol) #:nodoc:
  nil # This is not possible
end

Instance Method Details

#evaluate_rule(rule, user, args) ⇒ Object

Evaluate a rule that is defined with a proc

  • symbol Name of the rule

  • user user object that has to fulfill the rule

  • args List of additional arguments



70
71
72
73
74
 
# File 'lib/annotation_security/policy/abstract_static_policy.rb', line 70

def evaluate_rule(rule,user,args) #:nodoc:
  # In contrast to AbstractPolicy#evaluate_rule,
  # no resource is passed as argument
  get_rule!(rule).evaluate(self,user,*args)
end

#evaluate_statically(rules) ⇒ Object

Evaluate the rules in static mode. Rules that cannot be evaluated are skipped.

  • rules array of symbols

Throws a SecurityViolationError if a rule fails, returns true if all rules succeed.



57
58
59
60
61
62
63
64
 
# File 'lib/annotation_security/policy/abstract_static_policy.rb', line 57

def evaluate_statically(rules) #:nodoc:
  rules.each do |rule|
    if has_rule?(rule) && !__send__(rule)
      raise_access_denied(rule)
    end
  end
  true
end