Class: Lipsiadmin::AccessControl::Base

Inherits:

Object

Object
Lipsiadmin::AccessControl::Base

show all

Defined in:: lib/access_control/base.rb

Overview

This Class map and get roles/projects for accounts

Examples:

  roles_for :administrator do |role, current_account|
    role.allow_all_actions "/backend/base"
    role.deny_action_of    "/backend/accounts/details"

    role.project_module :administration do |project|
      project.menu :general_settings, "/backend/settings" do |submenu|
        submenu.add :accounts, "/backend/accounts" do |submenu|
          submenu.add :sub_accounts, "/backend/accounts/subaccounts"
        end
      end
    end

    role.project_module :categories do |project|
      current_account.categories.each do |cat|
        project.menu cat.name, "/backend/categories/#{cat.id}.js"
      end
    end
  end

If a user logged with role administrator or that have a project_module administrator can:

- Access in all actions of "/backend/base" controller
- Denied access to ONLY action <tt>"/backend/accounts/details"</tt>
- Access to a project module called Administration
- Access to all actions of the controller "/backend/settings"
- Access to all actions of the controller "/backend/categories"
- Access to all actions EXCEPT <tt>details</tt> of controller "/backend/accounts"

Constant Summary collapse

@@cache =

{}

Class Method Summary collapse

.maps_for(account) ⇒ Object

Returns maps (allowed && denied actions) for the given account.
.roles ⇒ Object

Returns all roles.
.roles_for(*roles, &block) ⇒ Object

We map project modules for a given role or roles.

Class Method Details

.maps_for(account) ⇒ `Object`

Returns maps (allowed && denied actions) for the given account

# File 'lib/access_control/base.rb', line 66

def maps_for(account)
  @@cache[account.id] ||= @mappers.collect { |m| m.call(account) }.
                                   reject  { |m| !m.allowed? }
  @@cache[account.id]
end

.roles ⇒ `Object`

Returns all roles



61
62
63

# File 'lib/access_control/base.rb', line 61

def roles
  @roles.nil? ? [] : @roles.collect(&:to_s)
end

.roles_for(*roles, &block) ⇒ `Object`

We map project modules for a given role or roles

# File 'lib/access_control/base.rb', line 52

def roles_for(*roles, &block)
  roles.each { |role| raise AccessControlError, "Role #{role} must be a symbol!" unless role.is_a?(Symbol)  }
  @mappers ||= []
  @roles   ||= []
  @roles.concat(roles)
  @mappers << Proc.new { |account| Mapper.new(account, *roles, &block) }
end