Class: Protector::DSL::Meta::Box

Inherits:

Object

• Object
• Protector::DSL::Meta::Box

Defined in:

lib/protector/dsl.rb

Overview

Single DSL evaluation result

Instance Attribute Summary

• #access ⇒ Object

  Returns the value of attribute access.

• #destroyable ⇒ Object

  Returns the value of attribute destroyable.

• #relation ⇒ Object

  Returns the value of attribute relation.

• #scope_proc ⇒ Object

  Returns the value of attribute scope_proc.

Protection DSL

• #can(action, *fields) ⇒ Object

  Enables action for given fields.

• #cannot(action, *fields) ⇒ Object

  Disables action for given fields.

• #scope { ... } ⇒ Object

  Activates the scope that selections will be filtered with.

Instance Method Summary

• #can?(action, field = false) ⇒ Boolean

  Check whether you can perform custom action for given fields (or generally if no field given).

• #creatable?(fields = false) ⇒ Boolean

  Checks whether you can create a model with given field in context of current subject.

• #destroyable? ⇒ Boolean

  Checks whether you can destroy a model in context of current subject.

• #initialize(model, fields, subject, entry, blocks) ⇒ Box constructor

  A new instance of Box.

• #readable?(field) ⇒ Boolean

  Checks whether given field of a model is readable in context of current subject.

• #scoped? ⇒ Boolean

  Checks whether protection with given subject has the selection scope defined.

• #updatable?(fields = false) ⇒ Boolean

  Checks whether you can update a model with given field in context of current subject.

Constructor Details

#initialize(model, fields, subject, entry, blocks) ⇒ Box

Returns a new instance of Box.

Parameters:

• model (Class) —

  The class of protected entity

• fields (Array<String>) —

  All the fields the model has

• subject (Object) —

  Restriction subject

• entry (Object) —

  An instance of the model

• blocks (Array<Proc>) —

  An array of protect blocks

# File 'lib/protector/dsl.rb', line 15

def initialize(model, fields, subject, entry, blocks)
  @model       = model
  @fields      = fields
  @access      = {update: {}, view: {}, create: {}}
  @relation    = false
  @destroyable = false

  blocks.each do |b|
    case b.arity
    when 2
      instance_exec subject, entry, &b
    when 1
      instance_exec subject, &b
    else
      instance_exec &b
    end
  end
end

Instance Attribute Details

#access ⇒ Object

Returns the value of attribute access.

# File 'lib/protector/dsl.rb', line 8

def access
  @access
end

#destroyable ⇒ Object

Returns the value of attribute destroyable.

# File 'lib/protector/dsl.rb', line 8

def destroyable
  @destroyable
end

#relation ⇒ Object

Returns the value of attribute relation.

# File 'lib/protector/dsl.rb', line 8

def relation
  @relation
end

#scope_proc ⇒ Object

Returns the value of attribute scope_proc.

# File 'lib/protector/dsl.rb', line 8

def scope_proc
  @scope_proc
end

Instance Method Details

#can(action, *fields) ⇒ Object

Enables action for given fields.

Built-in possible actions are: :view, :update, :create. You can pass any other actions you want to use with #can? afterwards.

The method enables action for every field if fields splat is empty. Use #cannot to exclude some of them afterwards.

The list of fields can be given as a Hash. In this form you can pass Range or Proc as a value. First will make Protector check against value inclusion. The latter will make it evaluate given lambda (which is supposed to return true or false determining if the value should validate or not).

Examples:

protect do
  can :view               # Can view any field
  can :view, 'f1'         # Can view `f1` field
  can :view, %w(f2 f3)    # Can view `f2`, `f3` fields
  can :update, f1: 1..2   # Can update f1 field with values between 1 and 2

  # Can create f1 field with value equal to 'olo'
  can :create, f1: lambda{|x| x == 'olo'}
end

Parameters:

• action (Symbol) —

  Action to allow

• fields (String, Hash, Array) —

  Splat of fields to allow action with

See Also:

• #can?

# File 'lib/protector/dsl.rb', line 85

def can(action, *fields)
  return @destroyable = true if action == :destroy
  @access[action] = {} unless @access[action]

  if fields.size == 0
    @fields.each{|f| @access[action][f.to_s] = nil}
  else
    fields.each do |a|
      if a.is_a?(Array)
        a.each{|f| @access[action][f.to_s] = nil}
      elsif a.is_a?(Hash)
        @access[action].merge!(a.stringify_keys)
      else
        @access[action][a.to_s] = nil
      end
    end
  end
end

#can?(action, field = false) ⇒ Boolean

Check whether you can perform custom action for given fields (or generally if no field given)

Parameters:

• action (Symbol) —

  Action to check against

• field (String) (defaults to: false) —

  Field to check against

Returns:

• (Boolean)

# File 'lib/protector/dsl.rb', line 156

def can?(action, field=false)
  return false unless @access[action]
  return !@access[action].empty? if field === false
  @access[action].has_key?(field)
end

#cannot(action, *fields) ⇒ Object

Disables action for given fields.

Works similar (but oppositely) to #can.

Parameters:

• action (Symbol) —

  Action to disallow

• fields (String, Hash, Array) —

  Splat of fields to disallow action with

See Also:

• #can
• #can?

# File 'lib/protector/dsl.rb', line 113

def cannot(action, *fields)
  return @destroyable = false if action == :destroy
  return unless @access[action]

  if fields.size == 0
    @access[action].clear
  else
    fields.each do |a|
      if a.is_a?(Array)
        a.each{|f| @access[action].delete(f.to_s)}
      else
        @access[action].delete(a.to_s)
      end
    end
  end
end

#creatable?(fields = false) ⇒ Boolean

Checks whether you can create a model with given field in context of current subject

Returns:

• (Boolean)

# File 'lib/protector/dsl.rb', line 138

def creatable?(fields=false)
  modifiable? :create, fields
end

#destroyable? ⇒ Boolean

Checks whether you can destroy a model in context of current subject

Returns:

• (Boolean)

# File 'lib/protector/dsl.rb', line 148

def destroyable?
  @destroyable
end

#readable?(field) ⇒ Boolean

Checks whether given field of a model is readable in context of current subject

Returns:

• (Boolean)

# File 'lib/protector/dsl.rb', line 133

def readable?(field)
  @access[:view].has_key?(field)
end

#scope { ... } ⇒ Object

Activates the scope that selections will be filtered with

Examples:

protect do
  # You can select nothing!
  scope { none }
end

Yields:

• Calls given model methods before the selection

# File 'lib/protector/dsl.rb', line 52

def scope(&block)
  @scope_proc = block
  @relation   = @model.instance_eval(&block)
end

#scoped? ⇒ Boolean

Checks whether protection with given subject has the selection scope defined

Returns:

• (Boolean)

# File 'lib/protector/dsl.rb', line 36

def scoped?
  !!@relation
end

#updatable?(fields = false) ⇒ Boolean

Checks whether you can update a model with given field in context of current subject

Returns:

• (Boolean)

# File 'lib/protector/dsl.rb', line 143

def updatable?(fields=false)
  modifiable? :update, fields
end