Class: Patriarch::AuthorizationService

Inherits:
Object
  • Object
show all
Includes:
Singleton
Defined in:
lib/patriarch/authorization_service.rb

Instance Method Summary collapse

Instance Method Details

#check_types(transac) ⇒ Object

When declaring behaviours in model thanks to add_behaviour helper we enforce that ONLY the declared behaviours are authorized. We hence verify that when a behaviour is called. For example User could be able to like Items and thus be blessed with #like as an instance method. But then we can call like upon from any user instance to like any object, this method prevents it.



23
24
25
26
27
28
29
30
31
32
33
34
35
 
# File 'lib/patriarch/authorization_service.rb', line 23

def check_types(transac)
  protagonists_models = transac.protagonists_models
  behaviour = transac.relation_type.to_s.sub(/undo_/,'').underscore.to_sym
  auths = []

  # See register behaviour to see how it is implemented. 
  # TODO Couplage trop grand ici. 
  protagonists_models.each do |protagonist_model|
    auths << protagonist_model.patriarch_behaviours[behaviour].include?(protagonists_models)
  end
  
  !auths.include?(false)
end

#grant?(transac) ⇒ Boolean

All authorization services are called by method #grant Since type verification is an eternal we implement grant in the mother class and let daughter classes call it with super and benefit from verify_types or bypass it completely and override the function

Returns:

  • (Boolean) 


14
15
16
 
# File 'lib/patriarch/authorization_service.rb', line 14

def grant?(transac)
  check_types(transac) || raise(Patriarch::ForbiddenBehaviourException, "that behaviour is not authorized")
end