Class: Ddr::Auth::Roles::RoleSet

Inherits:

SimpleDelegator

• Object
• SimpleDelegator
• Ddr::Auth::Roles::RoleSet

Defined in:

lib/ddr/auth/roles/role_set.rb

Overview

Wraps a set of Roles (ActiveTriples::Term)

Instance Method Summary

• #grant(*roles) ⇒ Object

  Grants roles - i.e., adds them to the role set Note that we reject roles that are included because ActiveTriples::Term#<< does not support isomorphism.

• #granted?(role) ⇒ Boolean

  Return true/false depending on whether the role has been granted.

• #replace(*roles) ⇒ Object

  Replace the current roles in the role set with new roles.

• #revoke(*roles) ⇒ Object

  Revokes roles - i.e., removes them from the role set Note that we have to destroy resources on the ActiveTriples::Term because Term#delete does not support isomorphism.

• #revoke_all ⇒ Object

  Remove all roles from the role set.

• #to_a ⇒ Object
• #where(criteria) ⇒ Object

Instance Method Details

#grant(*roles) ⇒ Object

Grants roles - i.e., adds them to the role set

Note that we reject roles that are included because
ActiveTriples::Term#<< does not support isomorphism. 
https://github.com/ActiveTriples/ActiveTriples/issues/42

Examples:

• default scope (:resource)

grant type: :curator, person: "bob"

• explicit scope

grant type: :curator, person: "sue", scope: :policy

Parameters:

• roles (Array<Ddr::Auth::Roles::Role, Hash>) —

  the roles to grant

# File 'lib/ddr/auth/roles/role_set.rb', line 20

def grant(*roles)
  self << coerce(roles).reject { |r| include?(r) }
end

#granted?(role) ⇒ Boolean

Return true/false depending on whether the role has been granted

Parameters:

• role (Ddr::Auth::Roles::Role, Hash) —

  the role

Returns:

• (Boolean) —

  whether the role has been granted

# File 'lib/ddr/auth/roles/role_set.rb', line 27

def granted?(role)
  include? coerce(role)
end

#replace(*roles) ⇒ Object

Replace the current roles in the role set with new roles

Parameters:

• roles (Array<Ddr::Auth::Roles::Role, Hash>) —

  the roles to grant

# File 'lib/ddr/auth/roles/role_set.rb', line 49

def replace(*roles)
  revoke_all
  # XXX Not sure why we have to use __getobj__ here
  __getobj__.set coerce(roles)
end

#revoke(*roles) ⇒ Object

Revokes roles - i.e., removes them from the role set

Note that we have to destroy resources on the 
ActiveTriples::Term because Term#delete does not
support isomorphism.
https://github.com/ActiveTriples/ActiveTriples/issues/42

Examples:

revoke type: :curator, agent: "bob", scope: :resource

Parameters:

• role (Ddr::Auth::Roles::Role, Hash) —

  the role to revoke

# File 'lib/ddr/auth/roles/role_set.rb', line 39

def revoke(*roles)
  coerce(roles).each do |role|
    if role_index = find_index(role)
      self[role_index].destroy
    end
  end
end

#revoke_all ⇒ Object

Remove all roles from the role set

# File 'lib/ddr/auth/roles/role_set.rb', line 56

def revoke_all          
  delete(*__getobj__)
end

#to_a ⇒ Object

# File 'lib/ddr/auth/roles/role_set.rb', line 60

def to_a
  map.to_a
end

#where(criteria) ⇒ Object

# File 'lib/ddr/auth/roles/role_set.rb', line 64

def where(criteria)
  query.where(criteria)
end