Class: SkinnyControllers::Policy::Base

Inherits:

Object

• Object
• SkinnyControllers::Policy::Base

Defined in:

lib/skinny_controllers/policy/base.rb

Direct Known Subclasses

AllowAll, Default, DenyAll

Instance Attribute Summary

• #authorized_via_parent ⇒ Object

  Returns the value of attribute authorized_via_parent.

• #object ⇒ Object

  Returns the value of attribute object.

• #user ⇒ Object

  Returns the value of attribute user.

Instance Method Summary

• #default? ⇒ Boolean

  if a method is not defined for a particular verb or action, this will be used.

• #initialize(user, object, authorized_via_parent: false) ⇒ Base constructor

  A new instance of Base.

• #read?(o = object) ⇒ Boolean

  this should be used when checking access to a single object.

• #read_all? ⇒ Boolean

  this should be used when checking access to multilpe objects it will call read? on each object of the array.

Constructor Details

#initialize(user, object, authorized_via_parent: false) ⇒ Base

Returns a new instance of Base.

Parameters:

• user (User) —

  the being to check if they have access to object

• object (ActiveRecord::Base) —

  the object that we are wanting to check the authorization of user for

• authorized_via_parent (Boolean) (defaults to: false) —

  if this object is authorized via a prior authorization from a parent class / association

# File 'lib/skinny_controllers/policy/base.rb', line 11

def initialize(user, object, authorized_via_parent: false)
  self.user = user
  self.object = object
  self.authorized_via_parent = authorized_via_parent
end

Instance Attribute Details

#authorized_via_parent ⇒ Object

Returns the value of attribute authorized_via_parent.

# File 'lib/skinny_controllers/policy/base.rb', line 4

def authorized_via_parent
  @authorized_via_parent
end

#object ⇒ Object

Returns the value of attribute object.

# File 'lib/skinny_controllers/policy/base.rb', line 4

def object
  @object
end

#user ⇒ Object

Returns the value of attribute user.

# File 'lib/skinny_controllers/policy/base.rb', line 4

def user
  @user
end

Instance Method Details

#default? ⇒ Boolean

if a method is not defined for a particular verb or action, this will be used.

Examples:

Operation::Object::SendReceipt.run is called, since

`send_receipt` doesn't exist in this class, this `default?`
method will be used.

Returns:

• (Boolean)

# File 'lib/skinny_controllers/policy/base.rb', line 23

def default?
  SkinnyControllers.allow_by_default
end

#read?(o = object) ⇒ Boolean

this should be used when checking access to a single object

Returns:

• (Boolean)

# File 'lib/skinny_controllers/policy/base.rb', line 28

def read?(o = object)
  o.send(accessible_method, user)
end

#read_all? ⇒ Boolean

this should be used when checking access to multilpe objects it will call read? on each object of the array

if the operation used a scope to find records from an association, then authorized_via_parent could be true, in which case, the loop would be skipped.

TODO: think of a way to override the authorized_via_parent functionality

Returns:

• (Boolean)

# File 'lib/skinny_controllers/policy/base.rb', line 40

def read_all?
  return true if authorized_via_parent
  # This is expensive, so try to avoid it
  # TODO: look in to creating a cache for
  # these look ups that's invalidated upon
  # object save
  accessible = object.map { |ea| read?(ea) }
  accessible.all?
end