Class: HubSsoLib::Permissions

Inherits:

Object

Object
HubSsoLib::Permissions

show all

Defined in:: lib/hub_sso_lib.rb

Overview

Class: Permissions #

(C) Hipposoft 2006                                         #
                                                           #

Purpose: Methods to help, in conjunction with Roles, determine the #

access permissions a particular user is granted.           #
                                                           #

Author: A.D.Hodgkinson #

History: 17-Oct-2006 (ADH): Adapted from Clubhouse. #

20-Oct-2006 (ADH): Integrated into HubSsoLib.              #

Instance Method Summary collapse

#initialize(pmap) ⇒ Permissions constructor

Initialize a permissions object.
#permitted?(roles, action) ⇒ Boolean

Does the given Roles object grant permission for the given action, expressed as a string or symbol? Returns ‘true’ if so, else ‘false’.

Constructor Details

#initialize(pmap) ⇒ `Permissions`

Initialize a permissions object. The map is a hash which maps action names, expressed as symbols, to roles, expressed as individual symbols, equivalent strings, or arrays of multiple strings or symbols. Use ‘nil’ to indicate permission for the general public - no login required - or simply omit the action (unlisted actions are permitted).

Example mapping for a generic controller:

:new     => [ :admin, :webmaster, :privileged, :normal ],
:create  => [ :admin, :webmaster, :privileged, :normal ],
:edit    => [ :admin, :webmaster, :privileged, :normal ],
:update  => [ :admin, :webmaster, :privileged, :normal ],
:delete  => [ :admin, :webmaster, :privileged ],
:list    => nil,
:show    => nil



325
326
327

# File 'lib/hub_sso_lib.rb', line 325

def initialize(pmap)
  @permissions = pmap
end

Instance Method Details

#permitted?(roles, action) ⇒ `Boolean`

Does the given Roles object grant permission for the given action, expressed as a string or symbol? Returns ‘true’ if so, else ‘false’.

If a role is given as some other type, an attempt is made to convert it to a Roles object internally (so you could pass a role symbol, string, array of symbols or strings, or comma-separated string).

Passing an empty roles string will tell you whether or not the action requires login. Only actions not in the permissions list or those with a ‘nil’ list of roles will generate a result ‘true’, since any other actions will require your empty roles string to include at least one role (which it obviously doesn’t).

Returns:

(Boolean)

# File 'lib/hub_sso_lib.rb', line 342

def permitted?(roles, action)
  action = action.to_s.intern
  roles  = roles.to_authenticated_roles

  return true unless @permissions.include?(action)
  return true if @permissions[action].nil?
  return roles.include?(@permissions[action])
end