Class: AnnotationSecurity::Rule

Inherits:

Object

• Object
• AnnotationSecurity::Rule

Defined in:

lib/annotation_security/policy/rule.rb

Overview

AnnotationSecurity::Rule

A right or a relation that belongs to a policy.

Rules can be static or dynamic or both. If the rule is a right, these values will be evaluated lazily.

Instance Method Summary

• #copy(policy_class) ⇒ Object

  Creates a copy for policy class.

• #dynamic? ⇒ Boolean

  Return if this rule can be evaluated with a resource.

• #evaluate(policy, *args) ⇒ Object

  Evaluate proc for policy.

• #extend_class(klass) ⇒ Object

  Creates a method for a policy class that evaluates this rule * klass either @policy_class or its static partner.

• #flag_s ⇒ Object

  :nodoc:.

• #full_name ⇒ Object

  :nodoc:.

• #initialize(name, policy_class, *args, &block) ⇒ Rule constructor

  Initialize a rule.

• #name ⇒ Object

  :nodoc:.

• #requires_credential? ⇒ Boolean

  :nodoc:.

• #right? ⇒ Boolean

  Return if this rule was defined as right.

• #static? ⇒ Boolean

  Return if this rule can be evaluated without a resource.

• #to_s ⇒ Object

  :nodoc:.

Constructor Details

#initialize(name, policy_class, *args, &block) ⇒ Rule

Initialize a rule

Raises:

• (ArgumentError)

# File 'lib/annotation_security/policy/rule.rb', line 15

def initialize(name,policy_class,*args,&block) # :nodoc:
  super()
  @name = name.to_sym
  @policy_class = policy_class
  @proc = block
  read_flags(args)
  read_options(args)
  if @proc
    initialize_for_proc(args)
  else
    initialize_for_string(args)
  end
  raise ArgumentError,
      "#{self}: Unexpected Arguments: #{args.join ','}" unless args.blank?
  #puts self
end

Instance Method Details

#copy(policy_class) ⇒ Object

Creates a copy for policy class

# File 'lib/annotation_security/policy/rule.rb', line 128

def copy(policy_class) # :nodoc:
  args = [name, policy_class,flag,options,@condition].compact
  self.class.new(*args,&@proc)
end

#dynamic? ⇒ Boolean

Return if this rule can be evaluated with a resource

Returns:

• (Boolean)

# File 'lib/annotation_security/policy/rule.rb', line 63

def dynamic? # :nodoc:
  return @dynamic unless @dynamic.nil?
  lazy_initialize
  @dynamic
end

#evaluate(policy, *args) ⇒ Object

Evaluate proc for policy

Raises:

• (AnnotationSecurity::RuleError)

# File 'lib/annotation_security/policy/rule.rb', line 115

def evaluate(policy,*args) # :nodoc:
  raise AnnotationSecurity::RuleError, "#{self}: This rule has no proc" unless @proc
  if @arity == 0
    policy.instance_exec(&@proc)
  elsif @arity > 0
    policy.instance_exec(*(args[0..@arity-1]),&@proc)
  else
    policy.instance_exec(*args,&@proc)
  end
end

#extend_class(klass) ⇒ Object

Creates a method for a policy class that evaluates this rule

• klass either @policy_class or its static partner

# File 'lib/annotation_security/policy/rule.rb', line 78

def extend_class(klass) # :nodoc:

  # Arguments passed to AbstractPolicy#user_roles
  # * +role+ symbol identifying the role a user must have (or nil)
  # * +user_required+ if false, the rule will also be
  #                   evaluated if the user is nil
  user_args = "#{@as ? ":#@as" : 'nil'},#{requires_credential?}"

  # Actual logic of the rule
  rule_code = @proc ? code_for_proc : code_for_string

  # Arguments passed to RuleExecutionError#new if an error occured
  # while evaluating the rule
  # * +rule+ full name of the rule
  # * +proc+ true iif this rule is defined with a proc
  # * +ex+ the original exeption
  ex_args = "'#{full_name}',#{@proc ? true : false},$!"

  code = "def #@name(*args) \n"

  # If parameter :is is given, @user.is_{@is}? has to return true.
  # 
  code << "return false if @user.nil? || !@user.is_#@is?\n" if @is
  code << %{
    # __resource__ = @resource
    return user_roles(#{user_args}).any? do |__user__|
      #{rule_code}
    end
  rescue StandardError
    raise $! if $!.is_a? AnnotationSecurity::SecurityError
    raise AnnotationSecurity::RuleExecutionError.new(#{ex_args})
  end}
  klass.class_eval(code)
  self
end

#flag_s ⇒ Object

:nodoc:

# File 'lib/annotation_security/policy/rule.rb', line 40

def flag_s # :nodoc:
  (@right ? 'r' : '-') +
  (@static.nil? ? '?' : (@static ? 's' : '-')) +
  (@dynamic.nil? ? '?' : (@dynamic ? 'd' : '-')) +
  (@req_user.nil? ? '?' : (@req_user ? 'u' : '-'))
end

#full_name ⇒ Object

:nodoc:

# File 'lib/annotation_security/policy/rule.rb', line 36

def full_name # :nodoc:
  "#@policy_class##@name"
end

#name ⇒ Object

:nodoc:

# File 'lib/annotation_security/policy/rule.rb', line 133

def name # :nodoc:
  @name
end

#requires_credential? ⇒ Boolean

:nodoc:

Returns:

• (Boolean)

# File 'lib/annotation_security/policy/rule.rb', line 69

def requires_credential? # :nodoc:
  return @req_user unless @req_user.nil?
  lazy_initialize
  @req_user
end

#right? ⇒ Boolean

Return if this rule was defined as right

Returns:

• (Boolean)

# File 'lib/annotation_security/policy/rule.rb', line 49

def right? # :nodoc:
  @right
end

#static? ⇒ Boolean

Return if this rule can be evaluated without a resource

Returns:

• (Boolean)

# File 'lib/annotation_security/policy/rule.rb', line 55

def static? # :nodoc:
  return @static unless @static.nil?
  lazy_initialize
  @static
end

#to_s ⇒ Object

:nodoc:

# File 'lib/annotation_security/policy/rule.rb', line 32

def to_s # :nodoc:
  "<#{full_name}[#{flag_s}]>"
end