Class: Protector::DSL::Meta::Box

Inherits:

Object

• Object
• Protector::DSL::Meta::Box

Defined in:

lib/protector/dsl.rb

Overview

Single DSL evaluation result

Instance Attribute Summary

• #access ⇒ Object

  Returns the value of attribute access.

• #adapter ⇒ Object

  Returns the value of attribute adapter.

• #destroyable ⇒ Object

  Returns the value of attribute destroyable.

Protection DSL

• #can(action, *fields) ⇒ Object

  Enables action for given fields.

• #cannot(action, *fields) ⇒ Object

  Disables action for given fields.

• #eval_scope_procs(instance) ⇒ Object
• #relation ⇒ Object
• #scope { ... } ⇒ Object

  Activates the scope that selections will be filtered with.

• #scope_procs ⇒ Object

Instance Method Summary

• #can?(action, field = false) ⇒ Boolean

  Check whether you can perform custom action for given fields (or generally if no field given).

• #cannot?(*args) ⇒ Boolean
• #creatable?(fields = false) ⇒ Boolean

  Checks whether you can create a model with given field in context of current subject.

• #destroyable? ⇒ Boolean

  Checks whether you can destroy a model in context of current subject.

• #first_uncreatable_field(fields) ⇒ Object
• #first_unupdatable_field(fields) ⇒ Object
• #initialize(adapter, model, fields, subject, entry, blocks) ⇒ Box constructor

  A new instance of Box.

• #readable?(field) ⇒ Boolean

  Checks whether given field of a model is readable in context of current subject.

• #scoped? ⇒ Boolean

  Checks whether protection with given subject has the selection scope defined.

• #updatable?(fields = false) ⇒ Boolean

  Checks whether you can update a model with given field in context of current subject.

Constructor Details

#initialize(adapter, model, fields, subject, entry, blocks) ⇒ Box

Returns a new instance of Box.

Parameters:

• model (Class) —

  The class of protected entity

• fields (Array<String>) —

  All the fields the model has

• subject (Object) —

  Restriction subject

• entry (Object) —

  An instance of the model

• blocks (Array<Proc>) —

  An array of protect blocks

# File 'lib/protector/dsl.rb', line 15

def initialize(adapter, model, fields, subject, entry, blocks)
  @adapter     = adapter
  @model       = model
  @fields      = fields
  @access      = {}
  @scope_procs = []
  @destroyable = false

  Protector.insecurely do
    blocks.each do |b|
      case b.arity
      when 2
        instance_exec(subject, entry, &b)
      when 1
        instance_exec(subject, &b)
      else
        instance_exec(&b)
      end
    end
  end
end

Instance Attribute Details

#access ⇒ Object

Returns the value of attribute access.

# File 'lib/protector/dsl.rb', line 8

def access
  @access
end

#adapter ⇒ Object

Returns the value of attribute adapter.

# File 'lib/protector/dsl.rb', line 8

def adapter
  @adapter
end

#destroyable ⇒ Object

Returns the value of attribute destroyable.

# File 'lib/protector/dsl.rb', line 8

def destroyable
  @destroyable
end

Instance Method Details

#can(action, *fields) ⇒ Object

Enables action for given fields.

Built-in possible actions are: :read, :update, :create. You can pass any other actions you want to use with #can? afterwards.

The method enables action for every field if fields splat is empty. Use #cannot to exclude some of them afterwards.

The list of fields can be given as a Hash. In this form you can pass Range or Proc as a value. First will make Protector check against value inclusion. The latter will make it evaluate given lambda (which is supposed to return true or false determining if the value should validate or not).

Examples:

protect do
  can :read               # Can read any field
  can :read, 'f1'         # Can read `f1` field
  can :read, %w(f2 f3)    # Can read `f2`, `f3` fields
  can :update, f1: 1..2   # Can update f1 field with values between 1 and 2

  # Can create f1 field with value equal to 'olo'
  can :create, f1: lambda{|x| x == 'olo'}
end

Parameters:

• action (Symbol) —

  Action to allow

• fields (String, Hash, Array) —

  Splat of fields to allow action with

See Also:

• #can?

# File 'lib/protector/dsl.rb', line 105

def can(action, *fields)
  action = deprecate_actions(action)

  return @destroyable = true if action == :destroy

  @access[action] = {} unless @access[action]

  if fields.length == 0
    @fields.each { |f| @access[action][f.to_s] = nil }
  else
    fields.each do |a|
      if a.is_a?(Array)
        a.each { |f| @access[action][f.to_s] = nil }
      elsif a.is_a?(Hash)
        @access[action].merge!(a.stringify_keys)
      else
        @access[action][a.to_s] = nil
      end
    end
  end
end

#can?(action, field = false) ⇒ Boolean

Check whether you can perform custom action for given fields (or generally if no field given)

Parameters:

• action (Symbol) —

  Action to check against

• field (String) (defaults to: false) —

  Field to check against

Returns:

• (Boolean)

# File 'lib/protector/dsl.rb', line 192

def can?(action, field=false)
  return destroyable? if action == :destroy

  return false unless @access[action]
  return !@access[action].empty? unless field

  @access[action].key?(field.to_s)
end

#cannot(action, *fields) ⇒ Object

Disables action for given fields.

Works similar (but oppositely) to #can.

Parameters:

• action (Symbol) —

  Action to disallow

• fields (String, Hash, Array) —

  Splat of fields to disallow action with

See Also:

• #can
• #can?

# File 'lib/protector/dsl.rb', line 136

def cannot(action, *fields)
  action = deprecate_actions(action)

  return @destroyable = false if action == :destroy

  return unless @access[action]

  if fields.length == 0
    @access.delete(action)
  else
    fields.each do |a|
      if a.is_a?(Array)
        a.each { |f| @access[action].delete(f.to_s) }
      else
        @access[action].delete(a.to_s)
      end
    end

    @access.delete(action) if @access[action].empty?
  end
end

#cannot?(*args) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/protector/dsl.rb', line 201

def cannot?(*args)
  !can?(*args)
end

#creatable?(fields = false) ⇒ Boolean

Checks whether you can create a model with given field in context of current subject

Returns:

• (Boolean)

# File 'lib/protector/dsl.rb', line 166

def creatable?(fields=false)
  modifiable? :create, fields
end

#destroyable? ⇒ Boolean

Checks whether you can destroy a model in context of current subject

Returns:

• (Boolean)

# File 'lib/protector/dsl.rb', line 184

def destroyable?
  @destroyable
end

#eval_scope_procs(instance) ⇒ Object

# File 'lib/protector/dsl.rb', line 71

def eval_scope_procs(instance)
  scope_procs.reduce(instance) do |relation, scope_proc|
    relation.instance_eval(&scope_proc)
  end
end

#first_uncreatable_field(fields) ⇒ Object

# File 'lib/protector/dsl.rb', line 170

def first_uncreatable_field(fields)
  first_unmodifiable_field :create, fields
end

#first_unupdatable_field(fields) ⇒ Object

# File 'lib/protector/dsl.rb', line 179

def first_unupdatable_field(fields)
  first_unmodifiable_field :update, fields
end

#readable?(field) ⇒ Boolean

Checks whether given field of a model is readable in context of current subject

Returns:

• (Boolean)

# File 'lib/protector/dsl.rb', line 161

def readable?(field)
  @access[:read] && @access[:read].key?(field.to_s)
end

#relation ⇒ Object

# File 'lib/protector/dsl.rb', line 65

def relation
  return false unless scoped?

  @relation ||= eval_scope_procs @model
end

#scope { ... } ⇒ Object

Activates the scope that selections will be filtered with

Examples:

protect do
  # You can select nothing!
  scope { none }
end

Yields:

• Calls given model methods before the selection

# File 'lib/protector/dsl.rb', line 55

def scope(&block)
  @scope_procs << block
  @relation = false
end

#scope_procs ⇒ Object

# File 'lib/protector/dsl.rb', line 60

def scope_procs
  return [@adapter.null_proc] if @scope_procs.empty? && Protector.config.paranoid?
  @scope_procs
end

#scoped? ⇒ Boolean

Checks whether protection with given subject has the selection scope defined

Returns:

• (Boolean)

# File 'lib/protector/dsl.rb', line 39

def scoped?
  Protector.config.paranoid? || @scope_procs.length > 0
end

#updatable?(fields = false) ⇒ Boolean

Checks whether you can update a model with given field in context of current subject

Returns:

• (Boolean)

# File 'lib/protector/dsl.rb', line 175

def updatable?(fields=false)
  modifiable? :update, fields
end