Class: Mumukit::Auth::Permissions
- Inherits:
-
Object
- Object
- Mumukit::Auth::Permissions
show all
- Includes:
- Protection, Roles
- Defined in:
- lib/mumukit/auth/permissions.rb
Constant Summary
Constants included
from Roles
Roles::ROLES
Instance Attribute Summary collapse
Class Method Summary
collapse
Instance Method Summary
collapse
Methods included from Protection
#protect!, #protect_delegation!
Constructor Details
#initialize(scopes = {}) ⇒ Permissions
Returns a new instance of Permissions.
9
10
11
12
13
|
# File 'lib/mumukit/auth/permissions.rb', line 9
def initialize(scopes={})
raise 'invalid scopes' if scopes.any? { |key, value| value.class != Mumukit::Auth::Scope }
@scopes = scopes.with_indifferent_access
end
|
Instance Attribute Details
#scopes ⇒ Object
Returns the value of attribute scopes.
7
8
9
|
# File 'lib/mumukit/auth/permissions.rb', line 7
def scopes
@scopes
end
|
Class Method Details
.dump(permission) ⇒ Object
96
97
98
|
# File 'lib/mumukit/auth/permissions.rb', line 96
def self.dump(permission)
permission.to_json
end
|
.load(json) ⇒ Object
88
89
90
91
92
93
94
|
# File 'lib/mumukit/auth/permissions.rb', line 88
def self.load(json)
if json.nil?
parse({})
else
parse(JSON.parse(json))
end
end
|
.parse(hash) ⇒ Object
77
78
79
80
81
|
# File 'lib/mumukit/auth/permissions.rb', line 77
def self.parse(hash)
return new if hash.blank?
new(hash.map { |role, grants| [role, Mumukit::Auth::Scope.parse(grants)] }.to_h)
end
|
.reparse(something) ⇒ Object
83
84
85
86
|
# File 'lib/mumukit/auth/permissions.rb', line 83
def self.reparse(something)
something ||= {}
parse(something.to_h)
end
|
Instance Method Details
#==(other) ⇒ Object
Also known as:
eql?
113
114
115
|
# File 'lib/mumukit/auth/permissions.rb', line 113
def ==(other)
self.class == other.class && self.scopes == other.scopes
end
|
#accessible_organizations ⇒ Object
Deprecated: use ‘student_granted_organizations` organizations instead
32
33
34
35
36
|
# File 'lib/mumukit/auth/permissions.rb', line 32
def accessible_organizations
warn "Don't use accessible_organizations, since this method is probably not doing what you would expect.\n" +
"Use student_granted_organizations if you still need its behaviour"
student_granted_organizations
end
|
#add_permission!(role, *grants) ⇒ Object
48
49
50
|
# File 'lib/mumukit/auth/permissions.rb', line 48
def add_permission!(role, *grants)
scope_for(role).add_grant! *grants
end
|
#as_json(options = {}) ⇒ Object
73
74
75
|
# File 'lib/mumukit/auth/permissions.rb', line 73
def as_json(options={})
scopes.as_json(options)
end
|
#as_set ⇒ Object
109
110
111
|
# File 'lib/mumukit/auth/permissions.rb', line 109
def as_set
Set.new scopes.flat_map { |role, scope| scope.grants.map {|grant| [role, grant]} }
end
|
#assign_to?(other, previous) ⇒ Boolean
100
101
102
103
|
# File 'lib/mumukit/auth/permissions.rb', line 100
def assign_to?(other, previous)
diff = previous.as_set ^ other.as_set
diff.all? { |role, grant| has_permission?(role, grant) }
end
|
#delegate_to?(other) ⇒ Boolean
65
66
67
|
# File 'lib/mumukit/auth/permissions.rb', line 65
def delegate_to?(other)
other.scopes.all? { |role, scope| has_all_permissions?(role, scope) }
end
|
#grant_strings_for(role) ⇒ Object
69
70
71
|
# File 'lib/mumukit/auth/permissions.rb', line 69
def grant_strings_for(role)
scope_for(role).grants.map(&:to_s)
end
|
#granted_organizations_for(role) ⇒ Object
44
45
46
|
# File 'lib/mumukit/auth/permissions.rb', line 44
def granted_organizations_for(role)
scope_for(role)&.grants&.map { |grant| grant.to_mumukit_slug.organization }.to_set
end
|
#has_permission?(role, resource_slug) ⇒ Boolean
15
16
17
|
# File 'lib/mumukit/auth/permissions.rb', line 15
def has_permission?(role, resource_slug)
Mumukit::Auth::Role.parse(role).allows?(resource_slug, self)
end
|
#has_role?(role) ⇒ Boolean
23
24
25
|
# File 'lib/mumukit/auth/permissions.rb', line 23
def has_role?(role)
scopes[role].present?
end
|
#hash ⇒ Object
119
120
121
|
# File 'lib/mumukit/auth/permissions.rb', line 119
def hash
scopes.hash
end
|
#inspect ⇒ Object
127
128
129
|
# File 'lib/mumukit/auth/permissions.rb', line 127
def inspect
"<Mumukit::Auth::Permissions #{to_s}>"
end
|
#merge(other) ⇒ Object
52
53
54
|
# File 'lib/mumukit/auth/permissions.rb', line 52
def merge(other)
self.class.new(scopes.merge(other.scopes) { |_key, left, right| left.merge right })
end
|
#protect_permissions_assignment!(other, previous) ⇒ Object
105
106
107
|
# File 'lib/mumukit/auth/permissions.rb', line 105
def protect_permissions_assignment!(other, previous)
raise Mumukit::Auth::UnauthorizedAccessError unless assign_to?(self.class.reparse(other), previous)
end
|
#remove_permission!(role, grant) ⇒ Object
56
57
58
|
# File 'lib/mumukit/auth/permissions.rb', line 56
def remove_permission!(role, grant)
scope_for(role).remove_grant!(grant)
end
|
#role_allows?(role, resource_slug) ⇒ Boolean
19
20
21
|
# File 'lib/mumukit/auth/permissions.rb', line 19
def role_allows?(role, resource_slug)
scope_for(role).allows?(resource_slug)
end
|
#scope_for(role) ⇒ Object
27
28
29
|
# File 'lib/mumukit/auth/permissions.rb', line 27
def scope_for(role)
self.scopes[role] ||= Mumukit::Auth::Scope.new
end
|
#student_granted_organizations ⇒ Object
Answers the organizations for which the user has been explicitly granted acceses as student. This method does not include the organizations the user has access because of the roles hierarchy
40
41
42
|
# File 'lib/mumukit/auth/permissions.rb', line 40
def student_granted_organizations
granted_organizations_for :student
end
|
#to_h ⇒ Object
131
132
133
|
# File 'lib/mumukit/auth/permissions.rb', line 131
def to_h
as_json
end
|
#to_s ⇒ Object
123
124
125
|
# File 'lib/mumukit/auth/permissions.rb', line 123
def to_s
'!' + scopes.map { |role, scope| "#{role}:#{scope}" }.join(';')
end
|
#update_permission!(role, old_grant, new_grant) ⇒ Object
60
61
62
63
|
# File 'lib/mumukit/auth/permissions.rb', line 60
def update_permission!(role, old_grant, new_grant)
remove_permission! role, old_grant
add_permission! role, new_grant
end
|