Class: Ddr::Managers::RoleManager
- Defined in:
- lib/ddr/managers/role_manager.rb
Instance Attribute Summary
Attributes inherited from Manager
Instance Method Summary collapse
- #granted ⇒ Object
-
#index_fields ⇒ Hash
Return a hash of role information to index.
-
#permissions_in_scope_for_agents(scope, agents) ⇒ Object
Return a list of the permissions granted in scope to any of the agents.
-
#policy_permissions_for_agents(agents) ⇒ Object
Return a list of the permissions granted in policy scope to any of the agents.
-
#policy_permissions_for_user(user) ⇒ Object
Return the permissions granted to the user in policy scope (via roles on the object).
-
#resource_permissions_for_agents(agents) ⇒ Object
Return a list of the permissions granted in resource scope to any of the agents.
-
#resource_permissions_for_user(user) ⇒ Object
Return the permissions granted to the user in resource scope (via roles on the object).
-
#revoke_policy_roles ⇒ Object
Revoke all roles in policy scope.
-
#revoke_resource_roles ⇒ Object
Revoke all role in resource scope.
-
#role_based_permissions(user) ⇒ Object
Return the permissions granted to the user on the object in resource scope, plus the permissions granted to the user on the object’s admin policy in policy scope.
Methods inherited from Manager
Constructor Details
This class inherits a constructor from Ddr::Managers::Manager
Instance Method Details
#granted ⇒ Object
8 9 10 |
# File 'lib/ddr/managers/role_manager.rb', line 8 def granted @granted ||= Ddr::Auth::Roles::RoleSet.new(ds.access_role) end |
#index_fields ⇒ Hash
Return a hash of role information to index
59 60 61 62 63 64 65 66 67 68 |
# File 'lib/ddr/managers/role_manager.rb', line 59 def index_fields granted.each_with_object({}) do |role, fields| scope_field = scope_index_field(role) fields[scope_field] ||= [] fields[scope_field] |= [role.agent_name] scope_role_field = scope_role_index_field(role) fields[scope_role_field] ||= [] fields[scope_role_field] << role.agent_name end end |
#permissions_in_scope_for_agents(scope, agents) ⇒ Object
Return a list of the permissions granted in scope to any of the agents
23 24 25 |
# File 'lib/ddr/managers/role_manager.rb', line 23 def (scope, agents) where(scope: scope, agent: agents).map(&:permissions).flatten.uniq end |
#policy_permissions_for_agents(agents) ⇒ Object
Return a list of the permissions granted in policy scope to any of the agents
33 34 35 |
# File 'lib/ddr/managers/role_manager.rb', line 33 def (agents) (:policy, agents) end |
#policy_permissions_for_user(user) ⇒ Object
Return the permissions granted to the user in policy scope (via roles on the object)
43 44 45 |
# File 'lib/ddr/managers/role_manager.rb', line 43 def (user) (user.agents) end |
#resource_permissions_for_agents(agents) ⇒ Object
Return a list of the permissions granted in resource scope to any of the agents
28 29 30 |
# File 'lib/ddr/managers/role_manager.rb', line 28 def (agents) (:resource, agents) end |
#resource_permissions_for_user(user) ⇒ Object
Return the permissions granted to the user in resource scope (via roles on the object)
38 39 40 |
# File 'lib/ddr/managers/role_manager.rb', line 38 def (user) (user.agents) end |
#revoke_policy_roles ⇒ Object
Revoke all roles in policy scope
13 14 15 |
# File 'lib/ddr/managers/role_manager.rb', line 13 def revoke_policy_roles revoke *(where(scope: :policy)) end |
#revoke_resource_roles ⇒ Object
Revoke all role in resource scope
18 19 20 |
# File 'lib/ddr/managers/role_manager.rb', line 18 def revoke_resource_roles revoke *(where(scope: :resource)) end |
#role_based_permissions(user) ⇒ Object
Return the permissions granted to the user on the object in resource scope, plus the permissions granted to the user on the object’s admin policy in policy scope
49 50 51 52 53 54 55 |
# File 'lib/ddr/managers/role_manager.rb', line 49 def (user) perms = (user) if policy = object.admin_policy perms |= policy.roles.(user) end perms end |