Class: Mumukit::Auth::Permissions

Inherits:

Object

• Object
• Mumukit::Auth::Permissions

Includes:

Protection, Roles

Defined in:

lib/mumukit/auth/permissions.rb

Constant Summary

Constants included from Roles

Roles::ROLES

Instance Attribute Summary

• #scopes ⇒ Object

  Returns the value of attribute scopes.

Class Method Summary

• .dump(permission) ⇒ Object
• .load(json) ⇒ Object
• .parse(hash) ⇒ Object
• .reparse(something) ⇒ Object

Instance Method Summary

• #==(other) ⇒ Object (also: #eql?)
• #accessible_organizations ⇒ Object
• #add_permission!(role, *grants) ⇒ Object
• #as_json(options = {}) ⇒ Object
• #as_set ⇒ Object
• #assign_to?(other, previous) ⇒ Boolean
• #delegate_to?(other) ⇒ Boolean
• #grant_strings_for(role) ⇒ Object
• #has_permission?(role, resource_slug) ⇒ Boolean
• #has_role?(role) ⇒ Boolean
• #hash ⇒ Object
• #initialize(scopes = {}) ⇒ Permissions constructor

  A new instance of Permissions.

• #inspect ⇒ Object
• #merge(other) ⇒ Object
• #protect_permissions_assignment!(other, previous) ⇒ Object
• #remove_permission!(role, grant) ⇒ Object
• #role_allows?(role, resource_slug) ⇒ Boolean
• #scope_for(role) ⇒ Object
• #to_h ⇒ Object
• #to_s ⇒ Object
• #update_permission!(role, old_grant, new_grant) ⇒ Object

Methods included from Protection

#protect!, #protect_delegation!

Constructor Details

#initialize(scopes = {}) ⇒ Permissions

Returns a new instance of Permissions.

# File 'lib/mumukit/auth/permissions.rb', line 9

def initialize(scopes={})
  raise 'invalid scopes' if scopes.any? { |key, value| value.class != Mumukit::Auth::Scope }

  @scopes = scopes.with_indifferent_access
end

Instance Attribute Details

#scopes ⇒ Object

Returns the value of attribute scopes.

# File 'lib/mumukit/auth/permissions.rb', line 7

def scopes
  @scopes
end

Class Method Details

.dump(permission) ⇒ Object

# File 'lib/mumukit/auth/permissions.rb', line 83

def self.dump(permission)
  permission.to_json
end

.load(json) ⇒ Object

# File 'lib/mumukit/auth/permissions.rb', line 75

def self.load(json)
  if json.nil?
    parse({})
  else
    parse(JSON.parse(json))
  end
end

.parse(hash) ⇒ Object

# File 'lib/mumukit/auth/permissions.rb', line 64

def self.parse(hash)
  return new if hash.blank?

  new(hash.map { |role, grants| [role, Mumukit::Auth::Scope.parse(grants)] }.to_h)
end

.reparse(something) ⇒ Object

# File 'lib/mumukit/auth/permissions.rb', line 70

def self.reparse(something)
  something ||= {}
  parse(something.to_h)
end

Instance Method Details

#==(other) ⇒ Object Also known as: eql?

# File 'lib/mumukit/auth/permissions.rb', line 100

def ==(other)
  self.class == other.class && self.scopes == other.scopes
end

#accessible_organizations ⇒ Object

# File 'lib/mumukit/auth/permissions.rb', line 31

def accessible_organizations
  scope_for(:student)&.grants&.map { |grant| grant.to_mumukit_slug.organization }.to_set
end

#add_permission!(role, *grants) ⇒ Object

# File 'lib/mumukit/auth/permissions.rb', line 35

def add_permission!(role, *grants)
  scope_for(role).add_grant! *grants
end

#as_json(options = {}) ⇒ Object

# File 'lib/mumukit/auth/permissions.rb', line 60

def as_json(options={})
  scopes.as_json(options)
end

#as_set ⇒ Object

# File 'lib/mumukit/auth/permissions.rb', line 96

def as_set
  Set.new scopes.flat_map { |role, scope| scope.grants.map {|grant| [role, grant]} }
end

#assign_to?(other, previous) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/mumukit/auth/permissions.rb', line 87

def assign_to?(other, previous)
  diff = previous.as_set ^ other.as_set
  diff.all? { |role, grant| has_permission?(role, grant) }
end

#delegate_to?(other) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/mumukit/auth/permissions.rb', line 52

def delegate_to?(other)
  other.scopes.all? { |role, scope| has_all_permissions?(role, scope) }
end

#grant_strings_for(role) ⇒ Object

# File 'lib/mumukit/auth/permissions.rb', line 56

def grant_strings_for(role)
  scope_for(role).grants.map(&:to_s)
end

#has_permission?(role, resource_slug) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/mumukit/auth/permissions.rb', line 15

def has_permission?(role, resource_slug)
  Mumukit::Auth::Role.parse(role).allows?(resource_slug, self)
end

#has_role?(role) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/mumukit/auth/permissions.rb', line 23

def has_role?(role)
  scopes[role].present?
end

#hash ⇒ Object

# File 'lib/mumukit/auth/permissions.rb', line 106

def hash
  scopes.hash
end

#inspect ⇒ Object

# File 'lib/mumukit/auth/permissions.rb', line 114

def inspect
  "<Mumukit::Auth::Permissions #{to_s}>"
end

#merge(other) ⇒ Object

# File 'lib/mumukit/auth/permissions.rb', line 39

def merge(other)
  self.class.new(scopes.merge(other.scopes) { |_key, left, right| left.merge right })
end

#protect_permissions_assignment!(other, previous) ⇒ Object

Raises:

• (Mumukit::Auth::UnauthorizedAccessError)

# File 'lib/mumukit/auth/permissions.rb', line 92

def protect_permissions_assignment!(other, previous)
  raise Mumukit::Auth::UnauthorizedAccessError unless assign_to?(self.class.reparse(other), previous)
end

#remove_permission!(role, grant) ⇒ Object

# File 'lib/mumukit/auth/permissions.rb', line 43

def remove_permission!(role, grant)
  scope_for(role).remove_grant!(grant)
end

#role_allows?(role, resource_slug) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/mumukit/auth/permissions.rb', line 19

def role_allows?(role, resource_slug)
  scope_for(role).allows?(resource_slug)
end

#scope_for(role) ⇒ Object

# File 'lib/mumukit/auth/permissions.rb', line 27

def scope_for(role)
  self.scopes[role] ||= Mumukit::Auth::Scope.new
end

#to_h ⇒ Object

# File 'lib/mumukit/auth/permissions.rb', line 118

def to_h
  as_json
end

#to_s ⇒ Object

# File 'lib/mumukit/auth/permissions.rb', line 110

def to_s
  '!' + scopes.map { |role, scope| "#{role}:#{scope}" }.join(';')
end

#update_permission!(role, old_grant, new_grant) ⇒ Object

# File 'lib/mumukit/auth/permissions.rb', line 47

def update_permission!(role, old_grant, new_grant)
  remove_permission! role, old_grant
  add_permission! role, new_grant
end