Class: Mumukit::Auth::Permissions

Inherits:

Object

• Object
• Mumukit::Auth::Permissions

Includes:

Roles

Defined in:

lib/mumukit/auth/permissions.rb

Constant Summary

Constants included from Roles

Roles::ROLES

Instance Attribute Summary

• #scopes ⇒ Object

  Returns the value of attribute scopes.

Class Method Summary

• .dump(user) ⇒ Object
• .load(json) ⇒ Object
• .parse(hash) ⇒ Object

Instance Method Summary

• #add_permission!(role, *grants) ⇒ Object
• #as_json(options = {}) ⇒ Object
• #has_permission?(role, resource_slug) ⇒ Boolean
• #has_role?(role) ⇒ Boolean
• #initialize(scopes = {}) ⇒ Permissions constructor

  A new instance of Permissions.

• #remove_permission!(role, grant) ⇒ Object
• #scope_for(role) ⇒ Object
• #update_permission!(role, old_grant, new_grant) ⇒ Object

Constructor Details

#initialize(scopes = {}) ⇒ Permissions

Returns a new instance of Permissions.

# File 'lib/mumukit/auth/permissions.rb', line 6

def initialize(scopes={})
  raise 'invalid scopes' if scopes.any? { |key, value| value.class != Mumukit::Auth::Scope  }

  @scopes = scopes.with_indifferent_access
end

Instance Attribute Details

#scopes ⇒ Object

Returns the value of attribute scopes.

# File 'lib/mumukit/auth/permissions.rb', line 4

def scopes
  @scopes
end

Class Method Details

.dump(user) ⇒ Object

# File 'lib/mumukit/auth/permissions.rb', line 54

def self.dump(user)
  user.to_json
end

.load(json) ⇒ Object

# File 'lib/mumukit/auth/permissions.rb', line 46

def self.load(json)
  if json.nil?
    parse({})
  else
    parse(JSON.parse(json))
  end
end

.parse(hash) ⇒ Object

# File 'lib/mumukit/auth/permissions.rb', line 42

def self.parse(hash)
  new(Hash[hash.map { |role, grants| [role, Mumukit::Auth::Scope.parse(grants)] }])
end

Instance Method Details

#add_permission!(role, *grants) ⇒ Object

# File 'lib/mumukit/auth/permissions.rb', line 24

def add_permission!(role, *grants)
  self.scopes[role] ||= Mumukit::Auth::Scope.new
  scope_for(role)&.add_grant! *grants
end

#as_json(options = {}) ⇒ Object

# File 'lib/mumukit/auth/permissions.rb', line 38

def as_json(options={})
  scopes.as_json(options)
end

#has_permission?(role, resource_slug) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/mumukit/auth/permissions.rb', line 12

def has_permission?(role, resource_slug)
  !!scope_for(role)&.allows?(resource_slug)
end

#has_role?(role) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/mumukit/auth/permissions.rb', line 16

def has_role?(role)
  scopes[role].present?
end

#remove_permission!(role, grant) ⇒ Object

# File 'lib/mumukit/auth/permissions.rb', line 29

def remove_permission!(role, grant)
  scope_for(role)&.remove_grant!(grant)
end

#scope_for(role) ⇒ Object

# File 'lib/mumukit/auth/permissions.rb', line 20

def scope_for(role)
  self.scopes[role]
end

#update_permission!(role, old_grant, new_grant) ⇒ Object

# File 'lib/mumukit/auth/permissions.rb', line 33

def update_permission!(role, old_grant, new_grant)
  remove_permission! role, old_grant
  add_permission! role, new_grant
end