Class: ViewModel::AccessControl

Inherits:
Object
  • Object
show all
Includes:
Callbacks
Defined in:
lib/view_model/access_control.rb

Overview

Defines an access control discipline for a given action against a viewmodel.

Access control is based around three edit check hooks: visible, editable and valid_edit. The visible determines whether a view can be seen. The editable check determines whether a view in its current state is eligible to be changed. The valid_edit change determines whether an attempted change is permitted. Each edit check returns a pair of boolean success and optional exception to raise.

Direct Known Subclasses

Composed, Open, ReadOnly, Tree

Defined Under Namespace

Classes: Composed, Open, ReadOnly, Result, Tree

Constant Summary

Constants included from Callbacks

Callbacks::ALWAYS

Instance Method Summary collapse

Methods included from Callbacks

#ineligible, #run_callback, wrap_deserialize, wrap_serialize

Constructor Details

#initializeAccessControl

Returns a new instance of AccessControl.



39
40
41
 
# File 'lib/view_model/access_control.rb', line 39

def initialize
  @initial_editability_store = {}
end

Instance Method Details

#editable!(view, deserialize_context:, changes:) ⇒ Object 



82
83
84
85
86
87
88
 
# File 'lib/view_model/access_control.rb', line 82

def editable!(view, deserialize_context:, changes:)
  run_callback(ViewModel::Callbacks::Hook::BeforeVisit,       view, deserialize_context)
  run_callback(ViewModel::Callbacks::Hook::BeforeDeserialize, view, deserialize_context)
  run_callback(ViewModel::Callbacks::Hook::OnChange,          view, deserialize_context, changes: changes) if changes
  run_callback(ViewModel::Callbacks::Hook::AfterDeserialize,  view, deserialize_context, changes: changes)
  run_callback(ViewModel::Callbacks::Hook::AfterVisit,        view, deserialize_context)
end

#editable_check(_traversal_env) ⇒ Object

Check that the record is eligible to be changed in its current state, in the given context. This must be called before any edits have taken place (thus checking against the initial state of the viewmodel), and if editing is denied, an error must be raised only if an edit is later attempted. To be overridden by viewmodel implementations.



59
60
61
 
# File 'lib/view_model/access_control.rb', line 59

def editable_check(_traversal_env)
  Result::DENY
end

#valid_edit_check(_traversal_env) ⇒ Object

Once the changes to be made to the viewmodel are known, check that the attempted changes are permitted in the given context. For viewmodels with transactional backing models, the changes may be made in advance to give the edit checks the opportunity to compare values. To be overridden by viewmodel implementations.



68
69
70
 
# File 'lib/view_model/access_control.rb', line 68

def valid_edit_check(_traversal_env)
  Result::DENY
end

#visible!(view, context:) ⇒ Object

Wrappers to check access control for a single view directly. Because the checking is run directly on one node without any tree context, it’s only valid to run:

  • on root views

  • when no children could contribute to the result



77
78
79
80
 
# File 'lib/view_model/access_control.rb', line 77

def visible!(view, context:)
  run_callback(ViewModel::Callbacks::Hook::BeforeVisit, view, context)
  run_callback(ViewModel::Callbacks::Hook::AfterVisit,  view, context)
end

#visible_check(_traversal_env) ⇒ Object

Check that the user is permitted to view the record in its current state, in the given context.



45
46
47
 
# File 'lib/view_model/access_control.rb', line 45

def visible_check(_traversal_env)
  Result::DENY
end