Class: Ros::ApplicationPolicy

Inherits:
Object
  • Object
show all
Defined in:
app/policies/ros/application_policy.rb

Direct Known Subclasses

TenantPolicy

Defined Under Namespace

Classes: Scope

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(user, record) ⇒ ApplicationPolicy

Returns a new instance of ApplicationPolicy.



19
20
21
22
 
# File 'app/policies/ros/application_policy.rb', line 19

def initialize(user, record)
  @user = user
  @record = record
end

Instance Attribute Details

#recordObject (readonly)

Returns the value of attribute record.



5
6
7
 
# File 'app/policies/ros/application_policy.rb', line 5

def record
  @record
end

#userObject (readonly)

Returns the value of attribute user.



5
6
7
 
# File 'app/policies/ros/application_policy.rb', line 5

def user
  @user
end

Class Method Details

.accepted_actionsObject 



122
123
124
125
126
127
128
129
130
131
 
# File 'app/policies/ros/application_policy.rb', line 122

def self.accepted_actions
  {
    index?: [
      "#{policy_name}List#{model_name.pluralize}"
    ],
    create?: [
      "#{policy_name}Create#{model_name}"
    ]
  }
end

.accepted_policiesObject 



96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
 
# File 'app/policies/ros/application_policy.rb', line 96

def self.accepted_policies
  {
    index?: [
      "AdministratorAccess",
      "#{policy_name}FullAccess",
      "#{policy_name}ReadOnlyAccess",
    ],
    show?: [
      "AdministratorAccess",
      "#{policy_name}ReadOnlyAccess",
    ],
    create?: [
      "AdministratorAccess",
      "#{policy_name}FullAccess",
    ],
    update?: [
      "AdministratorAccess",
      "#{policy_name}FullAccess",
    ],
    destroy?: [
      "AdministratorAccess",
      "#{policy_name}FullAccess",
    ]
  }
end

.actionsObject 



7
8
9
10
11
 
# File 'app/policies/ros/application_policy.rb', line 7

def self.actions
  descendants.reject{ |d| d.name.eql? 'ApplicationPolicy' }.each_with_object([]) do |policy, ary|
    ary.concat(policy.accepted_actions.values.flatten)
  end.uniq
end

.model_nameObject 



135
136
137
 
# File 'app/policies/ros/application_policy.rb', line 135

def self.model_name
  "#{name.gsub('Policy', '')}"
end

.policiesObject 



13
14
15
16
17
 
# File 'app/policies/ros/application_policy.rb', line 13

def self.policies
  descendants.reject{ |d| d.name.eql? 'ApplicationPolicy' }.each_with_object([]) do |policy, ary|
    ary.concat(policy.accepted_policies.values.flatten)
  end.uniq
end

.policy_nameObject 



133
 
# File 'app/policies/ros/application_policy.rb', line 133

def self.policy_name; Settings.service.policy_name end

Instance Method Details

#accepted_actions(action) ⇒ Object 



94
 
# File 'app/policies/ros/application_policy.rb', line 94

def accepted_actions(action); self.class.accepted_actions[action] || [] end

#accepted_policies(action) ⇒ Object 



93
 
# File 'app/policies/ros/application_policy.rb', line 93

def accepted_policies(action); self.class.accepted_policies[action] || [] end

#create?Boolean

Returns:

  • (Boolean) 


33
34
35
 
# File 'app/policies/ros/application_policy.rb', line 33

def create?
  standard_check?
end

#destroy?Boolean

Returns:

  • (Boolean) 


49
50
51
 
# File 'app/policies/ros/application_policy.rb', line 49

def destroy?
  standard_check?
end

#edit?Boolean

Returns:

  • (Boolean) 


45
46
47
 
# File 'app/policies/ros/application_policy.rb', line 45

def edit?
  update?
end

#index?Boolean

UserPolicy.new({ policies: [‘IamFullAccess’] }, nil).index?

Returns:

  • (Boolean) 


25
26
27
 
# File 'app/policies/ros/application_policy.rb', line 25

def index?
  standard_check?
end

#new?Boolean

Returns:

  • (Boolean) 


37
38
39
 
# File 'app/policies/ros/application_policy.rb', line 37

def new?
  create?
end

#serviceObject

def self.policies

{
  "#{policy_name}FullAccess": {
    Effect: 'Allow',
    Action: "#{policy_name}:*",
    Resource: '*'
  },
  "#{policy_name}ReadOnlyAccess": {
    Effect: 'Allow',
    Action: ["#{policy_name}:Get*", "#{policy_name}:List*"],
    Resource: '*'
  }
}

end



81
 
# File 'app/policies/ros/application_policy.rb', line 81

def service; Settings.service.name.eql?('iam') ? :local : :remote end

#show?Boolean

Returns:

  • (Boolean) 


29
30
31
 
# File 'app/policies/ros/application_policy.rb', line 29

def show?
  standard_check?
end

#standard_check?Boolean

Returns:

  • (Boolean) 


83
84
85
86
87
88
89
90
91
 
# File 'app/policies/ros/application_policy.rb', line 83

def standard_check?
  action = caller_locations(1,1)[0].label.to_sym
# Just like apartment, this will need code for if in IAM or in remote
  if service.eql?(:local)
    (user.policies.pluck(:name) & accepted_policies(action)).any? || (user.actions.pluck(:name) & accepted_actions(action)).any?
  else
    (user.policies & accepted_policies(action)).any? || (user.actions.pluck(:name) & accepted_actions(action)).any?
  end
end

#update?Boolean

Returns:

  • (Boolean) 


41
42
43
 
# File 'app/policies/ros/application_policy.rb', line 41

def update?
  standard_check?
end