Class: LogicalAuthz::AccessControl::Builder
- Inherits:
-
Object
- Object
- LogicalAuthz::AccessControl::Builder
- Defined in:
- lib/logical_authz/access_control.rb
Class Method Summary collapse
Instance Method Summary collapse
-
#add_rule(rule, allows = true, name = nil) ⇒ Object
TODO DSL needs to allow config of rules.
- #allow(rule = nil, name = nil, &block) ⇒ Object
- #define(&block) ⇒ Object
- #deny(rule = nil, name = nil, &block) ⇒ Object
-
#except(policy) ⇒ Object
This needs a different name.
- #existing_policy ⇒ Object
- #if_allowed(&block) ⇒ Object
- #if_denied(&block) ⇒ Object
-
#initialize(helper_mod = nil) ⇒ Builder
constructor
A new instance of Builder.
- #list(existing = nil) ⇒ Object
- #related(&block) ⇒ Object
- #resolve_rule(rule) ⇒ Object
- #with_criteria(policy, &block) ⇒ Object
Constructor Details
#initialize(helper_mod = nil) ⇒ Builder
Returns a new instance of Builder.
17 18 19 20 21 22 23 24 25 |
# File 'lib/logical_authz/access_control.rb', line 17 def initialize(helper_mod = nil) @helper_mod = helper_mod @list = @before = [] @after = [] (class << self; self; end).instance_eval do include(helper_mod) unless helper_mod.nil? end end |
Class Method Details
.register_policy_class(name, klass) ⇒ Object
7 8 9 10 |
# File 'lib/logical_authz/access_control.rb', line 7 def register_policy_class(name, klass) define_method(name) { klass.new } define_method("if_#{name}") { klass.new } end |
.register_policy_helper(name, &block) ⇒ Object
12 13 14 |
# File 'lib/logical_authz/access_control.rb', line 12 def register_policy_helper(name, &block) define_method(name, &block) end |
Instance Method Details
#add_rule(rule, allows = true, name = nil) ⇒ Object
TODO DSL needs to allow config of rules
53 54 55 56 57 58 59 |
# File 'lib/logical_authz/access_control.rb', line 53 def add_rule(rule, allows = true, name = nil) rule = resolve_rule(rule) rule.decision = allows rule.name = name unless name.nil? @list << rule end |
#allow(rule = nil, name = nil, &block) ⇒ Object
61 62 63 64 65 66 67 68 69 |
# File 'lib/logical_authz/access_control.rb', line 61 def allow(rule = nil, name = nil, &block) if rule.nil? if block.nil? raise "Allow needs to have a rule or a block" end rule = block end add_rule(rule, true, name) end |
#define(&block) ⇒ Object
27 28 29 |
# File 'lib/logical_authz/access_control.rb', line 27 def define(&block) instance_eval(&block) end |
#deny(rule = nil, name = nil, &block) ⇒ Object
71 72 73 74 75 76 77 78 79 |
# File 'lib/logical_authz/access_control.rb', line 71 def deny(rule = nil, name = nil, &block) if rule.nil? if block.nil? raise "Deny needs to have a rule or a block" end rule = block end add_rule(rule, false, name) end |
#except(policy) ⇒ Object
This needs a different name
94 95 96 97 |
# File 'lib/logical_authz/access_control.rb', line 94 def except(policy) #This needs a different name policy = resolve_rule(policy) Reversed.new(policy) end |
#existing_policy ⇒ Object
105 106 107 |
# File 'lib/logical_authz/access_control.rb', line 105 def existing_policy @list = @after end |
#if_allowed(&block) ⇒ Object
81 82 83 |
# File 'lib/logical_authz/access_control.rb', line 81 def if_allowed(&block) IfAllows.new(@helper_mod, &block) end |
#if_denied(&block) ⇒ Object
85 86 87 |
# File 'lib/logical_authz/access_control.rb', line 85 def if_denied(&block) IfDenies.new(@helper_mod, &block) end |
#list(existing = nil) ⇒ Object
109 110 111 112 |
# File 'lib/logical_authz/access_control.rb', line 109 def list(existing = nil) existing ||= [] result = @before + existing + @after end |
#related(&block) ⇒ Object
89 90 91 92 |
# File 'lib/logical_authz/access_control.rb', line 89 def (&block) raise PolicyDefinitionError, "related called without a block" if block.nil? Owner.new(&block) end |
#resolve_rule(rule) ⇒ Object
31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 |
# File 'lib/logical_authz/access_control.rb', line 31 def resolve_rule(rule) case rule when Policy #This is the important case, actually when Symbol, String klass = Policy.names[rule.to_sym] raise "Policy name #{rule} not found in #{Policy.names.keys.inspect}" if klass.nil? Rails.logger.debug { "Using deprecated string/symbol policy naming: #{rule.inspect}" } rule = klass.new when Class rule = rule.new unless rule.responds_to?(:check) raise "Policy classes must respond to #check" end when Proc rule = ProcPolicy.new(&rule) else raise "Authorization Rules have to be Policy objects, a Policy class or a proc" end rule end |
#with_criteria(policy, &block) ⇒ Object
99 100 101 102 103 |
# File 'lib/logical_authz/access_control.rb', line 99 def with_criteria(policy, &block) raise PolicyDefinitionError, "with_criteria called without a block" if block.nil? policy = resolve_rule(policy) RemappedCriteria.new(policy, &block) end |