Class: Authorizable::Permissions

Inherits:

Object

• Object
• Authorizable::Permissions

Defined in:

lib/authorizable/permissions.rb

Constant Summary

OBJECT =

Aliased constants for easier typing / readability

PermissionUtilities::OBJECT

ACCESS =

PermissionUtilities::ACCESS

CRUD_TYPES =

defaults for a resource

{
  edit: OBJECT,
  delete: OBJECT,
  create: OBJECT,
  view: ACCESS
}

Class Method Summary

• .can(name, allow = true, description = nil, visibility = nil, conditions = nil, kind = OBJECT) ⇒ Object

  similar to how CanCan does the creation of permission but without the need for a user to exist immediately.

• .set(permissions) ⇒ Object

  @example: { update_event: [OBJECT, true, “Edit Event”], delete_event: [OBJECT, [true, false, false], nil, ->(e, user){ e.hosted_by == user }], create_event: [ACCESS, RESTRICT_COLLABORATORS] } CRUD authorizations can be expcitly defined.

Class Method Details

.can(name, allow = true, description = nil, visibility = nil, conditions = nil, kind = OBJECT) ⇒ Object

similar to how CanCan does the creation of permission but without the need for a user to exist immediately

Parameters:

• name (Symbol) —

  what the permission should be called (the can prefix is automatic, and should be excluded)

• allow (Boolean) (defaults to: true) —

  (true) default authorization for this permission

• allow (Array) (defaults to: true) —

  (true) default authorization for this permission

• description (String) (defaults to: nil) —

  (nil) how to explain this permission

• visibility (Proc) (defaults to: nil) —

  (nil) conditions used when rendering this permission in the UI

• conditions (Proc) (defaults to: nil) —

  (nil) additional conditions used when authorizing a user

• kind (Number) (defaults to: OBJECT) —

  (OBJECT) used to specify if this permission takes access on an object or not

# File 'lib/authorizable/permissions.rb', line 97

def self.can(name, allow = true, description = nil, visibility = nil, conditions = nil, kind = OBJECT)
  permission_array = [kind, allow, description, visibility, conditions]
  self.add(name, permission_array)
end

.set(permissions) ⇒ Object

@example:

{
  update_event:   [OBJECT, true, "Edit Event"],
  delete_event: [OBJECT, [true, false, false], nil, ->(e, user){ e.hosted_by == user }],
  create_event: [ACCESS, RESTRICT_COLLABORATORS]
}
CRUD authorizations can be expcitly defined

@note:

update is aliased with edit, and may be used interchangeably
delete is aliased with destroy, and may be used interchangeably

@note:

descriptions are not provided by default, and are only specifiable
when explicitly defining permissions (not using crud)

Examples:

{
  crud: [
    object_name: [true, false, false],
    ojbect2_name: true,
  ]
}
by providing a :crud array in the hash will generate permissions
for the specified object: create, delete, read, and update

Parameters:

• permissions (Hash)

# File 'lib/authorizable/permissions.rb', line 66

def self.set(permissions)
  cruds = permissions.delete(:crud)

  self.definitions = permissions

  if cruds.present?
    cruds.each do |set|
      set.each do |key, values_for_roles|
        CRUD_TYPES.each do |action, kind|
          permission = "#{action}_#{key}"
          permission << "s" if kind == ACCESS # need a better way to pluralize
          permission = permission.to_sym
          permission_array = [kind, values_for_roles]
          self.definitions[permission] = permission_array
        end
      end
    end
  end
end