Class: Lockdown::Permission

Inherits:

Object

• Object
• Lockdown::Permission

Defined in:

lib/lockdown/permission.rb

Instance Attribute Summary

• #controllers ⇒ Object readonly

  Returns the value of attribute controllers.

• #models ⇒ Object readonly

  Returns the value of attribute models.

• #name ⇒ Object readonly

  Returns the value of attribute name.

Instance Method Summary

• #==(other) ⇒ Object
• #current_context ⇒ Object
• #current_controller ⇒ Object
• #current_model ⇒ Object
• #equals(controller_method) ⇒ Object
• #except_methods(*methods) ⇒ Object
• #initialize(name_symbol) ⇒ Permission constructor

  A Permission is a set of rules that are, through UserGroups, assigned to users to allow access to system resources.

• #is_in(controller_method) ⇒ Object (also: #includes)
• #only_methods(*methods) ⇒ Object
• #protected_access? ⇒ Boolean
• #public_access? ⇒ Boolean
• #set_as_protected_access ⇒ Object
• #set_as_public_access ⇒ Object
• #to_model(name_symbol, param = :id) ⇒ Object
• #where(model_method) ⇒ Object
• #with_controller(name_symbol) ⇒ Object (also: #and_controller)
• #with_proc(&block) ⇒ Object

  allows you to pass in a proc object to do complex authorization control it is called from a to_model method.

Constructor Details

#initialize(name_symbol) ⇒ Permission

A Permission is a set of rules that are, through UserGroups, assigned to users to allow access to system resources.

Summary of controller oriented methods:

# defines which controller we're talking about
.with_controller(:controller_name)  #all_methods is the default

# only these methods on the controller
.only_methods(:meth1, :meth2)       

# all controller methods except these
.except_methods(:meth1, :meth2)

Summary of model oriented methods:

# defines which model we're talking about
.to_model(:model)         

# model_method is simply a public method on :model
.where(:model_method)           

# controller_method must equal model_method
.equals(:controller_method)         

# controller_method.include?(model_method)
.is_in(:controller_method)

Example:

# Define a permission called 'Manage Users' that allows users access
# all methods on the users_controller

set_permission(:manage_users).
  with_controller(:users)

# Define a permission called "My Account" that only allows a user access
# to methods show and update and the current_user_id must match the id 
# of the user being modified

set_permission(:my_account).
  with_controller(:users).
  only_methods(:show, :update).
  to_model(:user).
    where(:current_user_id).
    equals(:id)

# File 'lib/lockdown/permission.rb', line 100

def initialize(name_symbol)
  @name         = name_symbol
  @controllers  = {}
  @models       = {}
  @current_context = Lockdown::RootContext.new(name_symbol)
end

Instance Attribute Details

#controllers ⇒ Object (readonly)

Returns the value of attribute controllers.

# File 'lib/lockdown/permission.rb', line 50

def controllers
  @controllers
end

#models ⇒ Object (readonly)

Returns the value of attribute models.

# File 'lib/lockdown/permission.rb', line 50

def models
  @models
end

#name ⇒ Object (readonly)

Returns the value of attribute name.

# File 'lib/lockdown/permission.rb', line 50

def name
  @name
end

Instance Method Details

#==(other) ⇒ Object

# File 'lib/lockdown/permission.rb', line 220

def ==(other)
  name == other.name
end

#current_context ⇒ Object

# File 'lib/lockdown/permission.rb', line 208

def current_context
  @current_context
end

#current_controller ⇒ Object

# File 'lib/lockdown/permission.rb', line 212

def current_controller
  @controllers[current_context.name]
end

#current_model ⇒ Object

# File 'lib/lockdown/permission.rb', line 216

def current_model
  @models[current_context.name]
end

#equals(controller_method) ⇒ Object

# File 'lib/lockdown/permission.rb', line 151

def equals(controller_method)
  validate_context

  associate_controller_method(controller_method, :==)
  @current_context = Lockdown::RootContext.new(@name)
  self
end

#except_methods(*methods) ⇒ Object

# File 'lib/lockdown/permission.rb', line 126

def except_methods(*methods)
  validate_context

  current_controller.except_methods = methods

  @current_context = Lockdown::RootContext.new(@name)
  self
end

#is_in(controller_method) ⇒ Object Also known as: includes

# File 'lib/lockdown/permission.rb', line 159

def is_in(controller_method)
  validate_context

  associate_controller_method(controller_method, :include?)
  @current_context = Lockdown::RootContext.new(@name)
  self
end

#only_methods(*methods) ⇒ Object

# File 'lib/lockdown/permission.rb', line 118

def only_methods(*methods)
  validate_context

  current_controller.only_methods = methods
  @current_context = Lockdown::RootContext.new(@name)
  self
end

#protected_access? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/lockdown/permission.rb', line 190

def protected_access?
  @protected_access
end

#public_access? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/lockdown/permission.rb', line 186

def public_access?
  @public_access
end

#set_as_protected_access ⇒ Object

# File 'lib/lockdown/permission.rb', line 201

def set_as_protected_access
  if public_access?
    raise PermissionScopeCollision, "Permission: #{name} already marked as public and trying to set as protected."
  end
  @protected_access = true
end

#set_as_public_access ⇒ Object

# File 'lib/lockdown/permission.rb', line 194

def set_as_public_access
  if protected_access?
    raise PermissionScopeCollision, "Permission: #{name} already marked as protected and trying to set as public."
  end
  @public_access = true
end

#to_model(name_symbol, param = :id) ⇒ Object

# File 'lib/lockdown/permission.rb', line 135

def to_model(name_symbol, param = :id)
  validate_context

  @models[name_symbol] = Model.new(name_symbol, param)
  @current_context = Lockdown::ModelContext.new(name_symbol)
  self
end

#where(model_method) ⇒ Object

# File 'lib/lockdown/permission.rb', line 143

def where(model_method)
  validate_context

  current_model.model_method = model_method
  @current_context = Lockdown::ModelWhereContext.new(current_context.name)
  self
end

#with_controller(name_symbol) ⇒ Object Also known as: and_controller

# File 'lib/lockdown/permission.rb', line 107

def with_controller(name_symbol)
  validate_context

  controller = Controller.new(name_symbol)
  @controllers[name_symbol] = controller
  @current_context = Lockdown::ControllerContext.new(name_symbol)
  self
end

#with_proc(&block) ⇒ Object

allows you to pass in a proc object to do complex authorization control it is called from a to_model method. the to_model‘s model and the with_controller’s controller i.e. set_permission(:permission).

with_controller(:controller).
to_model(:model).
  with_proc do |model, controller|
    ...do stuff here
  end

# File 'lib/lockdown/permission.rb', line 176

def with_proc(&block)
  validate_context

  current_model.proc_object = Proc.new(&block)
  @current_context = Lockdown::ModelWithProcContext.new(current_context.name)
  self
end