Class: Decidim::DecidimAwesome::AccessAuthorizationService

Inherits:

Object

• Object
• Decidim::DecidimAwesome::AccessAuthorizationService

Defined in:

app/services/decidim/decidim_awesome/access_authorization_service.rb

Instance Attribute Summary

• #authorization_groups ⇒ Object readonly

  Returns the value of attribute authorization_groups.

• #organization ⇒ Object readonly

  Returns the value of attribute organization.

• #user ⇒ Object readonly

  Returns the value of attribute user.

Instance Method Summary

• #adapters ⇒ Object
• #authorization_handlers ⇒ Object
• #authorization_status(method) ⇒ Object
• #granted? ⇒ Boolean
• #initialize(user, organization, authorization_groups = []) ⇒ AccessAuthorizationService constructor

  A new instance of AccessAuthorizationService.

Constructor Details

#initialize(user, organization, authorization_groups = []) ⇒ AccessAuthorizationService

Returns a new instance of AccessAuthorizationService.

# File 'app/services/decidim/decidim_awesome/access_authorization_service.rb', line 6

def initialize(user, organization, authorization_groups = [])
  @user = user
  @organization = organization
  @available_handlers = organization.available_authorizations & Decidim.authorization_workflows.map(&:name)
  @authorization_groups = authorization_groups.filter_map do |group|
    group.filter_map do |handler, options|
      next unless @available_handlers.include?(handler)

      [handler, options]
    end.to_h
  end.compact_blank
end

Instance Attribute Details

#authorization_groups ⇒ Object (readonly)

Returns the value of attribute authorization_groups.

# File 'app/services/decidim/decidim_awesome/access_authorization_service.rb', line 19

def authorization_groups
  @authorization_groups
end

#organization ⇒ Object (readonly)

Returns the value of attribute organization.

# File 'app/services/decidim/decidim_awesome/access_authorization_service.rb', line 19

def organization
  @organization
end

#user ⇒ Object (readonly)

Returns the value of attribute user.

# File 'app/services/decidim/decidim_awesome/access_authorization_service.rb', line 19

def user
  @user
end

Instance Method Details

#adapters ⇒ Object

# File 'app/services/decidim/decidim_awesome/access_authorization_service.rb', line 43

def adapters
  @authorizations ||= adapters_for(authorization_handlers)
end

#authorization_handlers ⇒ Object

# File 'app/services/decidim/decidim_awesome/access_authorization_service.rb', line 35

def authorization_handlers
  @authorization_handlers ||= authorization_groups.flat_map do |group|
    next unless group.is_a?(Hash)

    group.keys
  end.uniq
end

#authorization_status(method) ⇒ Object

# File 'app/services/decidim/decidim_awesome/access_authorization_service.rb', line 47

def authorization_status(method)
  authorization_statuses_for({ method => authorization_groups.flat_map { |group| group[method] } }).first
end

#granted? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/services/decidim/decidim_awesome/access_authorization_service.rb', line 21

def granted?
  return false unless user
  return true if authorization_groups.blank?

  # if one group is authorized that's ok
  # inside a group, all adapters must be authorized
  authorization_groups.detect do |group|
    statuses = authorization_statuses_for(group)
    next if statuses.blank?

    statuses.all? { |status| status == :ok }
  end
end