Class: Shamu::Security::ActiveRecordPolicy

Inherits:
Policy
  • Object
show all
Defined in:
lib/shamu/security/active_record_policy.rb

Overview

Extends the standard Policy class to add ActiveRecord::Relation refinements based on granted policies.

Examples:

class UserPolicy < Shamu::Security::ActiveRecordPolicy
  private

    def permissions
      permit :read, UserEntity do |user|
        user.public?
      end

      refine :read, Models::User do |users, additional_context|
        users.where( public: true )
      end
    end

end

class UsersService < Shamu::Services::Service
  include Shamu::Security::Support

  def list
    entity_list policy.refine_relation( :list, Model::User.all ) do |record|
      scorpion.fetch UserEntity, { record: record }, {}
    end
  end

  private

    def policy_class
      UserPolicy
    end
end

Instance Attribute Summary

Attributes inherited from Policy

#principal, #roles

Dependencies collapse

Instance Method Summary collapse

Methods inherited from Policy

#alias_action, #authorize!, #deny, #in_role?, #initialize, #permissions, #permit, #permit?, #when_elevated

Methods included from Roles

expand_roles, role, role_defined?, roles

Constructor Details

This class inherits a constructor from Shamu::Security::Policy

Instance Method Details

#refine(*actions, model_class) {|relation, additional_context| ... }

This method returns an undefined value.

Declare a refinement that should be applied to an ActiveRecord::Relation for the given actions. #refine_relation will yield the relation to any matching refinement to reduce the scope of available records available for projection.

Examples:

def permissions
  permit :read, UserEntity do |user|
    user.public?
  end
  refine :read, Models::User do |users, additional_context|
    users.where( public: true )
  end
end

Parameters:

  • actions (Array<Symbol>)

    that should be refined.

  • model_class (Class)

    the ActiveRecord::Base class to refine.

Yields:

  • (relation, additional_context)

Yield Parameters:

  • relation (ActiveRecord::Relation)

    to refine.

  • additional_context (Object)

    offered to #refine_relation.

Yield Returns:

  • (ActiveRecord::Relation, nil)

    the refined relation, or nil if no refinement should be applied.



93
94
95
 
# File 'lib/shamu/security/active_record_policy.rb', line 93

def refine( *actions, model_class, &block )
  refinements << PolicyRefinement.new( expand_aliases( actions ), model_class, block )
end

#refine_relation(action, relation, additional_context = nil) ⇒ ActiveRecord::Relation

Refine an ActiveRecord::Relation to select only those records permitted for the given action.

Parameters:

  • action (Symbol)

    to perform on the Entities::Entity that will be projected from the records.

  • relation (ActiveRecord::Relation)

    to refine.

  • additional_context (Object) (defaults to: nil)

    that the #refine block may consider when applying the refinement.

Returns:

  • (ActiveRecord::Relation)

    the refined relation.



49
50
51
52
53
54
55
56
57
58
59
60
 
# File 'lib/shamu/security/active_record_policy.rb', line 49

def refine_relation( action, relation, additional_context = nil )
  refined = false

  refinements.each do |refinement|
    if refinement.match?( action, relation )
      refined  = true
      relation = refinement.apply( relation, additional_context ) || relation
    end
  end

  refined ? relation : relation.none
end