Class: Lipsiadmin::AccessControl::Mapper

Inherits:

Object

• Object
• Lipsiadmin::AccessControl::Mapper

Includes:

Helper

Defined in:

lib/access_control/base.rb

Instance Attribute Summary

• #project_modules ⇒ Object readonly

  Returns the value of attribute project_modules.

• #roles ⇒ Object readonly

  Returns the value of attribute roles.

Instance Method Summary

• #allow_action(path) ⇒ Object

  Globally allow an action of a controller for the current role.

• #allow_all_actions(path) ⇒ Object

  Globally allow all actions from a controller for the current role.

• #allowed ⇒ Object

  Return allowed actions/controllers.

• #allowed? ⇒ Boolean

  Return true if current_account role is included in given roles.

• #denied ⇒ Object

  Return denied actions/controllers.

• #deny_action(path) ⇒ Object

  Globally deny an action of a controllerfor the current role.

• #deny_all_actions(path) ⇒ Object

  Globally denty all actions from a controller for the current role.

• #initialize(account, *roles, &block) ⇒ Mapper constructor

  :nodoc:.

• #project_module(name, controller = nil, &block) ⇒ Object

  Create a new project module.

Methods included from Helper

#recognize_path

Constructor Details

#initialize(account, *roles, &block) ⇒ Mapper

:nodoc:

# File 'lib/access_control/base.rb', line 78

def initialize(account, *roles, &block)#:nodoc:
  @project_modules = []
  @allowed         = []
  @denied          = []
  @roles           = roles
  @account_id      = account.is_a?(Account) ? account.id : account
  # Mantain backward compatibility
  yield(self, Account.find(@account_id)) rescue yield(self)
end

Instance Attribute Details

#project_modules ⇒ Object (readonly)

Returns the value of attribute project_modules.

# File 'lib/access_control/base.rb', line 76

def project_modules
  @project_modules
end

#roles ⇒ Object (readonly)

Returns the value of attribute roles.

# File 'lib/access_control/base.rb', line 76

def roles
  @roles
end

Instance Method Details

#allow_action(path) ⇒ Object

Globally allow an action of a controller for the current role

# File 'lib/access_control/base.rb', line 94

def allow_action(path)
  @allowed << recognize_path(path)
end

#allow_all_actions(path) ⇒ Object

Globally allow all actions from a controller for the current role

# File 'lib/access_control/base.rb', line 104

def allow_all_actions(path)
  @allowed << { :controller => recognize_path(path)[:controller] }
end

#allowed ⇒ Object

Return allowed actions/controllers

# File 'lib/access_control/base.rb', line 119

def allowed
  # I know is a double check but is better 2 times that no one.
  if allowed?
    @project_modules.each { |pm| @allowed.concat pm.allowed  }
    @allowed.uniq
  else 
    []
  end
end

#allowed? ⇒ Boolean

Return true if current_account role is included in given roles

Returns:

• (Boolean)

# File 'lib/access_control/base.rb', line 114

def allowed?
  @roles.any? { |r| r.to_s.downcase == Account.find(@account_id).role.downcase }
end

#denied ⇒ Object

Return denied actions/controllers

# File 'lib/access_control/base.rb', line 130

def denied
  @denied.uniq
end

#deny_action(path) ⇒ Object

Globally deny an action of a controllerfor the current role

# File 'lib/access_control/base.rb', line 99

def deny_action(path)
  @denied << recognize_path(path)
end

#deny_all_actions(path) ⇒ Object

Globally denty all actions from a controller for the current role

# File 'lib/access_control/base.rb', line 109

def deny_all_actions(path)
  @denied << { :controller => recognize_path(path)[:controller] }
end

#project_module(name, controller = nil, &block) ⇒ Object

Create a new project module

# File 'lib/access_control/base.rb', line 89

def project_module(name, controller=nil, &block)
  @project_modules << ProjectModule.new(name, controller, &block)
end