Class: NexusCqrs::Auth::PermissionProvider

Inherits:

Object

• Object
• NexusCqrs::Auth::PermissionProvider

Defined in:

lib/nexus_cqrs/auth/permission_provider.rb

Instance Method Summary

• #for_user(permission_model) ⇒ Hash

  Retrieves a list of permissions assigned to a user for ANY entity ID.

• #for_user_on_entity(permission_model, entity_id) ⇒ Array

  Retrieves a list of permissions assigned to a user for a specific entity.

• #has_permission?(permission_key, permission_model = nil, entity_id = nil) ⇒ Boolean

  Returns true if the current user has the requested permission on the requested entity (if passed), or globally.

• #initialize(user_id, global_permissions) ⇒ PermissionProvider constructor

  A new instance of PermissionProvider.

Constructor Details

#initialize(user_id, global_permissions) ⇒ PermissionProvider

Returns a new instance of PermissionProvider.

# File 'lib/nexus_cqrs/auth/permission_provider.rb', line 7

def initialize(user_id, global_permissions)
  @user_id = user_id
  @global_permissions = parse_permissions_array(global_permissions)
end

Instance Method Details

#for_user(permission_model) ⇒ Hash

Retrieves a list of permissions assigned to a user for ANY entity ID

Examples:

Get a list of permissions

permissions.for_user(CollectionPermissions) #=>
  {
    1 => ["collection:discard"],
    2 => ["collection:discard"],
    3 => ["collection:discard", "collection:edit"],
    4 => ["collection:discard"],
  }

Parameters:

• permission_model (Class) —

  Permission model class

Returns:

• (Hash) —

  Returns a hash representing each entity and the user’s permissions

# File 'lib/nexus_cqrs/auth/permission_provider.rb', line 84

def for_user(permission_model)
  return {} if @user_id.nil?

  permissions = {}

  # retrieve entity-specific permissions from DB and map to hash
  permission_model.where(user_id: @user_id).each do |p|
    if permissions[p.entity_id].nil?
      permissions[p.entity_id] = [p.permission]
    else
      permissions[p.entity_id] << p.permission
    end
  end

  permissions
end

#for_user_on_entity(permission_model, entity_id) ⇒ Array

Retrieves a list of permissions assigned to a user for a specific entity

Examples:

Get a list of permissions

permissions.for_user_on_entity(CollectionPermissions, collection.id) #=>
  [
    {:global=>false, :key=>"collection:discard"},
    {:global=>false, :key=>"collection:publish"},
    {:global=>false, :key=>"collection:view_under_moderation"},
    {:global=>false, :key=>"collection:set_status"}
  ]

Parameters:

• permission_model (ApplicationRecord) —

  Permission model

• entity_id (Integer) —

  ID of the entity

Returns:

• (Array) —

  Returns an array of hashes representing permission keys, along with their global status

# File 'lib/nexus_cqrs/auth/permission_provider.rb', line 54

def for_user_on_entity(permission_model, entity_id)
  return [] if @user_id.nil?

  # retrieve entity-specific permissions from cached user permissions and map to hash
  entity_permissions = if cached_permissions(permission_model).key?(entity_id)
    cached_permissions(permission_model)[entity_id]
      .map { |p| { global: false, key: p } }
  else
    []
  end

  # Map global permissions to hash
  global_permissions = @global_permissions.map { |p| { global: true, key: p } }

  # Combine hashes and ensure global permissions take priority
  (global_permissions + entity_permissions).uniq { |p| p[:key] }
end

#has_permission?(permission_key, permission_model = nil, entity_id = nil) ⇒ Boolean

Returns true if the current user has the requested permission on the requested entity (if passed), or globally

Examples:

Check for permission

permissions.has_permission?('collection:publish', CollectionPermissions, collection.id) #=> true

Parameters:

• permission_key (String) —

  Permission key to check against

• permission_model (ApplicationRecord) (defaults to: nil) —

  Permission model

• entity_id (Integer) (defaults to: nil) —

  ID of the entity

Returns:

• (Boolean) —

  Returns true if the current user has this permission on this entity

# File 'lib/nexus_cqrs/auth/permission_provider.rb', line 20

def has_permission?(permission_key, permission_model = nil, entity_id = nil)
  return false if @user_id.nil?

  return true if @global_permissions.include?(permission_key)

  # check entity-specific permissions
  unless permission_model.nil?

    # get all permissions for this entity. NOTE: This will be cached per-request.
    permissions = cached_permissions(permission_model)

    # if there are no permissions for this entity and user, return false
    return false if permissions[entity_id].nil?

    # if the permission key is in the user's permissions for this entity, return true
    return true if permissions[entity_id].include?(permission_key)
  end

  false
end