Module: ViewingPolicy

Extended by:
ActiveSupport::Concern
Includes:
SharingPolicy
Defined in:
lib/sharing_policy.rb

Constant Summary

Constants included from SharingPolicy

SharingPolicy::VERSION

Instance Method Summary collapse

Methods included from SharingPolicy

policy

Instance Method Details

#authorize(user, membership_assert, action_assert) ⇒ Object

tries to authorize user against policy, test against each user group



38
39
40
41
42
43
44
45
46
47
48
49
50
 
# File 'lib/sharing_policy.rb', line 38

def authorize(user, membership_assert, action_assert)
  auth_responses = []
  @policy["cases"].each do |user_group, required_actions|
    response_of_group = authorize_case(user, user_group, membership_assert, action_assert)
    auth_responses << response_of_group
  end

  #responde with highest authorization can give
  status_codes = auth_responses.map {|response| response[0]}

  auth_responses.reject {|response| response[0] > status_codes.min}

end

#authorize_case(user, user_group, membership_assert, action_assert) ⇒ Object

authorize user for each group specified in policy return [STATUS_CODE, MESSAGE, BODY]



54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
 
# File 'lib/sharing_policy.rb', line 54

def authorize_case(user, user_group, membership_assert, action_assert)
  status_code, message, body = 500, "internal error", []

  if membership_assert.call(user, user_group, self)
    @group_policy = @policy["cases"][user_group]
    required_actions = @group_policy["actions"]

    if required_actions.size >= 1
      required_actions.each { |action| 
        body << action if !action_assert.call(user, action, self)
      }
    end

    if body.empty?
      status_code, message = 200, "authorized as member of #{user_group}"
    else
      status_code = 300
      message = "actions required"
    end

  else

    status_code = 400
    message = "no membership found"
  end

  [status_code, message, body]

end

#init_policy(policy_text) ⇒ Object 



32
33
34
35
 
# File 'lib/sharing_policy.rb', line 32

def init_policy(policy_text)
  require 'json'
  @policy = JSON.parse(policy_text)
end