Class: PapersPlease::Role

Inherits:

Object

• Object
• PapersPlease::Role

Defined in:

lib/papers_please/role.rb

Instance Attribute Summary

• #name ⇒ Object readonly

  Returns the value of attribute name.

• #permissions ⇒ Object readonly

  Returns the value of attribute permissions.

• #predicate ⇒ Object readonly

  Returns the value of attribute predicate.

Instance Method Summary

• #add_permission(actions, klass, query: nil, predicate: nil, granted_by: nil) ⇒ Object (also: #grant)
• #applies_to?(user) ⇒ Boolean
• #find_permission(action, subject) ⇒ Object
• #initialize(name, predicate: nil, definition: nil) ⇒ Role constructor

  A new instance of Role.

• #permission_exists?(action, subject) ⇒ Boolean

Constructor Details

#initialize(name, predicate: nil, definition: nil) ⇒ Role

Returns a new instance of Role.

# File 'lib/papers_please/role.rb', line 5

def initialize(name, predicate: nil, definition: nil)
  @name = name
  @predicate = predicate
  @permissions = []
end

Instance Attribute Details

#name ⇒ Object (readonly)

Returns the value of attribute name.

# File 'lib/papers_please/role.rb', line 3

def name
  @name
end

#permissions ⇒ Object (readonly)

Returns the value of attribute permissions.

# File 'lib/papers_please/role.rb', line 3

def permissions
  @permissions
end

#predicate ⇒ Object (readonly)

Returns the value of attribute predicate.

# File 'lib/papers_please/role.rb', line 3

def predicate
  @predicate
end

Instance Method Details

#add_permission(actions, klass, query: nil, predicate: nil, granted_by: nil) ⇒ Object Also known as: grant

# File 'lib/papers_please/role.rb', line 17

def add_permission(actions, klass, query: nil, predicate: nil, granted_by: nil)
  prepare_actions(actions).each do |action|
    raise DuplicatePermission if permission_exists?(action, klass)
    raise InvalidGrant, 'granted_by must be an array of [Class, Proc]' if !granted_by.nil? && !valid_grant?(granted_by)

    has_query = query.is_a?(Proc)
    has_predicate = predicate.is_a?(Proc)
    permission = Permission.new(action, klass)

    if granted_by
      permission.granting_class = granted_by[0]
      permission.granted_by = granted_by[1]
    end

    if has_query && has_predicate
      # Both query & predicate provided

      permission.query = query
      permission.predicate = predicate
    elsif has_query && !has_predicate
      # Only query provided
      permission.query = query

      if action == :create && actions == :manage
        # If the action is :create, expanded from :manage
        # then we set the default all predicate
        permission.predicate = (proc { true })
      else
        # Otherwise the default predicate is to check
        # for inclusion in the returned relationship
        permission.predicate = (proc { |user, obj|
          res = query.call(user, klass, action)
          res.respond_to?(:include?) && res.include?(obj)
        })
      end
    elsif !has_query && has_predicate
      # Only predicate provided
      permission.predicate = predicate
    else
      # Neither provided
      permission.query = (proc { klass.all })
      permission.predicate = (proc { true })
    end

    permissions << permission
  end
end

#applies_to?(user) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/papers_please/role.rb', line 11

def applies_to?(user)
  return @predicate.call(user) if @predicate.is_a? Proc

  true
end

#find_permission(action, subject) ⇒ Object

# File 'lib/papers_please/role.rb', line 66

def find_permission(action, subject)
  permissions.detect do |permission|
    permission.matches? action, subject
  end
end

#permission_exists?(action, subject) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/papers_please/role.rb', line 72

def permission_exists?(action, subject)
  !find_permission(action, subject).nil?
end