Class: Ros::ApplicationPolicy
- Inherits:
-
Object
- Object
- Ros::ApplicationPolicy
- Defined in:
- app/policies/ros/application_policy.rb
Direct Known Subclasses
Defined Under Namespace
Classes: Scope
Instance Attribute Summary collapse
-
#record ⇒ Object
readonly
Returns the value of attribute record.
-
#user ⇒ Object
readonly
Returns the value of attribute user.
Class Method Summary collapse
- .accepted_actions ⇒ Object
- .accepted_policies ⇒ Object
- .actions ⇒ Object
- .model_name ⇒ Object
- .policies ⇒ Object
- .policy_name ⇒ Object
Instance Method Summary collapse
- #accepted_actions(action) ⇒ Object
- #accepted_policies(action) ⇒ Object
- #create? ⇒ Boolean
- #destroy? ⇒ Boolean
- #edit? ⇒ Boolean
-
#index? ⇒ Boolean
UserPolicy.new({ policies: [‘IamFullAccess’] }, nil).index?.
-
#initialize(user, record) ⇒ ApplicationPolicy
constructor
A new instance of ApplicationPolicy.
- #new? ⇒ Boolean
-
#service ⇒ Object
def self.policies { “#ApplicationPolicy.policy_nameFullAccess”: { Effect: ‘Allow’, Action: “#ApplicationPolicy.policy_name:*”, Resource: ‘*’ }, “#ApplicationPolicy.policy_nameReadOnlyAccess”: { Effect: ‘Allow’, Action: [“#ApplicationPolicy.policy_name:Get*”, “#ApplicationPolicy.policy_name:List*”], Resource: ‘*’ } } end.
- #show? ⇒ Boolean
- #standard_check? ⇒ Boolean
- #update? ⇒ Boolean
Constructor Details
#initialize(user, record) ⇒ ApplicationPolicy
Returns a new instance of ApplicationPolicy.
19 20 21 22 |
# File 'app/policies/ros/application_policy.rb', line 19 def initialize(user, record) @user = user @record = record end |
Instance Attribute Details
#record ⇒ Object (readonly)
Returns the value of attribute record.
5 6 7 |
# File 'app/policies/ros/application_policy.rb', line 5 def record @record end |
#user ⇒ Object (readonly)
Returns the value of attribute user.
5 6 7 |
# File 'app/policies/ros/application_policy.rb', line 5 def user @user end |
Class Method Details
.accepted_actions ⇒ Object
122 123 124 125 126 127 128 129 130 131 |
# File 'app/policies/ros/application_policy.rb', line 122 def self.accepted_actions { index?: [ "#{policy_name}List#{model_name.pluralize}" ], create?: [ "#{policy_name}Create#{model_name}" ] } end |
.accepted_policies ⇒ Object
96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 |
# File 'app/policies/ros/application_policy.rb', line 96 def self.accepted_policies { index?: [ "AdministratorAccess", "#{policy_name}FullAccess", "#{policy_name}ReadOnlyAccess", ], show?: [ "AdministratorAccess", "#{policy_name}ReadOnlyAccess", ], create?: [ "AdministratorAccess", "#{policy_name}FullAccess", ], update?: [ "AdministratorAccess", "#{policy_name}FullAccess", ], destroy?: [ "AdministratorAccess", "#{policy_name}FullAccess", ] } end |
.actions ⇒ Object
7 8 9 10 11 |
# File 'app/policies/ros/application_policy.rb', line 7 def self.actions descendants.reject{ |d| d.name.eql? 'ApplicationPolicy' }.each_with_object([]) do |policy, ary| ary.concat(policy.accepted_actions.values.flatten) end.uniq end |
.model_name ⇒ Object
135 136 137 |
# File 'app/policies/ros/application_policy.rb', line 135 def self.model_name "#{name.gsub('Policy', '')}" end |
.policies ⇒ Object
13 14 15 16 17 |
# File 'app/policies/ros/application_policy.rb', line 13 def self.policies descendants.reject{ |d| d.name.eql? 'ApplicationPolicy' }.each_with_object([]) do |policy, ary| ary.concat(policy.accepted_policies.values.flatten) end.uniq end |
.policy_name ⇒ Object
133 |
# File 'app/policies/ros/application_policy.rb', line 133 def self.policy_name; Settings.service.policy_name end |
Instance Method Details
#accepted_actions(action) ⇒ Object
94 |
# File 'app/policies/ros/application_policy.rb', line 94 def accepted_actions(action); self.class.accepted_actions[action] || [] end |
#accepted_policies(action) ⇒ Object
93 |
# File 'app/policies/ros/application_policy.rb', line 93 def accepted_policies(action); self.class.accepted_policies[action] || [] end |
#create? ⇒ Boolean
33 34 35 |
# File 'app/policies/ros/application_policy.rb', line 33 def create? standard_check? end |
#destroy? ⇒ Boolean
49 50 51 |
# File 'app/policies/ros/application_policy.rb', line 49 def destroy? standard_check? end |
#edit? ⇒ Boolean
45 46 47 |
# File 'app/policies/ros/application_policy.rb', line 45 def edit? update? end |
#index? ⇒ Boolean
UserPolicy.new({ policies: [‘IamFullAccess’] }, nil).index?
25 26 27 |
# File 'app/policies/ros/application_policy.rb', line 25 def index? standard_check? end |
#new? ⇒ Boolean
37 38 39 |
# File 'app/policies/ros/application_policy.rb', line 37 def new? create? end |
#service ⇒ Object
def self.policies
{
"#{policy_name}FullAccess": {
Effect: 'Allow',
Action: "#{policy_name}:*",
Resource: '*'
},
"#{policy_name}ReadOnlyAccess": {
Effect: 'Allow',
Action: ["#{policy_name}:Get*", "#{policy_name}:List*"],
Resource: '*'
}
}
end
81 |
# File 'app/policies/ros/application_policy.rb', line 81 def service; Settings.service.name.eql?('iam') ? :local : :remote end |
#show? ⇒ Boolean
29 30 31 |
# File 'app/policies/ros/application_policy.rb', line 29 def show? standard_check? end |
#standard_check? ⇒ Boolean
83 84 85 86 87 88 89 90 91 |
# File 'app/policies/ros/application_policy.rb', line 83 def standard_check? action = caller_locations(1,1)[0].label.to_sym # Just like apartment, this will need code for if in IAM or in remote if service.eql?(:local) (user.policies.pluck(:name) & accepted_policies(action)).any? || (user.actions.pluck(:name) & accepted_actions(action)).any? else (user.policies & accepted_policies(action)).any? || (user.actions.pluck(:name) & accepted_actions(action)).any? end end |
#update? ⇒ Boolean
41 42 43 |
# File 'app/policies/ros/application_policy.rb', line 41 def update? standard_check? end |