Module: Consent::PermissionMigration
- Defined in:
- lib/consent/permission_migration.rb
Overview
Permission migration helper module
Instance Method Summary collapse
-
#copy_permissions(from:, override:) ⇒ Object
Copy permissions from one existing permission into a new permission selecting with attrs would be overrided.
-
#grant_permission(subject:, action:, role_ids:, view: "1") ⇒ Object
Grant a permission to a collection of roles.
-
#remove_permission(subject:, action:, role_ids:) ⇒ Object
Removes a permission from a collection of roles.
-
#update_permissions(from:, to:) ⇒ Object
Batch updates permission data.
Instance Method Details
#copy_permissions(from:, override:) ⇒ Object
Copy permissions from one existing permission into a new permission selecting with attrs would be overrided.
I.e.:
(
from: { subject: :sale, action: :view },
override: { subject: :project }
)
19 20 21 22 23 24 25 26 27 |
# File 'lib/consent/permission_migration.rb', line 19 def (from:, override:) raise ArgumentError, "Subject and Action are always required" if from[:subject].blank? || from[:action].blank? ::Consent::Permission.to(**from).each do || ::Consent::Permission.create!( .slice(:subject, :action, :view, :role_id).merge(override) ) end end |
#grant_permission(subject:, action:, role_ids:, view: "1") ⇒ Object
Grant a permission to a collection of roles.
I.e.:
(
subject: :view_installer_pay_report,
action: ProjectTask,
role_ids: [2, 7, 140]
)
45 46 47 48 49 50 51 52 |
# File 'lib/consent/permission_migration.rb', line 45 def (subject:, action:, role_ids:, view: "1") role_ids.each do |role_id| ::Consent::Permission.create!(subject: subject, action: action, role_id: role_id, view: view) end end |
#remove_permission(subject:, action:, role_ids:) ⇒ Object
Removes a permission from a collection of roles.
I.e.:
(
subject: :view,
action: User,
role_ids: [78, 12]
)
68 69 70 71 72 73 74 75 |
# File 'lib/consent/permission_migration.rb', line 68 def (subject:, action:, role_ids:) role_ids.each do |role_id| = ::Consent::Permission.find_by(subject: subject, action: action, role_id: role_id) .destroy! end end |
#update_permissions(from:, to:) ⇒ Object
Batch updates permission data
-
CAUTION *
Updating a permission in a migration means that for some time the old permission
will be broken in production. So, you might lock out people between the permission
running and your code getting deployed/restarted in the webservers.
Example:
- Page A is only displayed to users that `can? :view, Candidate`
- If you're willing to rename the `view` action to be `view_candidates`
- Then you could go with a permission like this
update_permissions(
from: { subject: :candidate, action: :view },
to: { action: :view_candidates }
)
- And you'll have to change the permission check to be `can? :view_candidates, Candidate`
- When you merge your PR, then the migration will run first, and later on your code will
reach production.
- Between that time, the page that uses that permission will be unreachable since
`can? :view, Candidate` doesn't exists anymore in the DB.
I.e.:
Renames a subject affecting all grantted permissions keeping everything else
(
from: { subject: :sale },
to: { subject: :project }
)
Moves an action from a subject to another keeping the view
(
from: { subject: :sale, action: :perform },
to: { subject: :project }
)
Rename an action within a subject keeping the view
(
from: { subject: :sale, action: :read },
to: { action: :inspect }
)
Rename a view within a subject and action context
(
from: { subject: :sale, action: :read, view: :territory },
to: { view: :department_territory }
)
131 132 133 134 135 136 137 |
# File 'lib/consent/permission_migration.rb', line 131 def (from:, to:) raise ArgumentError, "Subject is always required" if from[:subject].blank? ::Consent::Permission.to(**from).find_each do || .update(to) end end |