Class: Authorization::Reader::PrivilegesReader

Inherits:
Object
  • Object
show all
Defined in:
lib/declarative_authorization/reader.rb

Overview

The PrivilegeReader handles the part of the authorization DSL in a privileges block. Here, privilege hierarchies are defined.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initializePrivilegesReader

:nodoc:



102
103
104
105
106
107
108
# File 'lib/declarative_authorization/reader.rb', line 102

def initialize # :nodoc:
  @current_priv = nil
  @current_context = nil
  @privileges = []
  # {priv => [[priv,ctx], ...]}
  @privilege_hierarchy = {}
end

Instance Attribute Details

#privilege_hierarchyObject (readonly)

TODO handle privileges with separated context



100
101
102
# File 'lib/declarative_authorization/reader.rb', line 100

def privilege_hierarchy
  @privilege_hierarchy
end

#privilegesObject (readonly)

TODO handle privileges with separated context



100
101
102
# File 'lib/declarative_authorization/reader.rb', line 100

def privileges
  @privileges
end

Instance Method Details

#append_privilege(priv) ⇒ Object

:nodoc:



110
111
112
# File 'lib/declarative_authorization/reader.rb', line 110

def append_privilege (priv) # :nodoc:
  @privileges << priv unless @privileges.include?(priv)
end

#includes(*privileges) ⇒ Object

Specifies privileges that are to be assigned as lower ones. Only to be used inside a privilege block.

Raises:



136
137
138
139
140
141
142
143
# File 'lib/declarative_authorization/reader.rb', line 136

def includes (*privileges)
  raise DSLError, "includes only in privilege block" if @current_priv.nil?
  privileges.each do |priv|
    append_privilege priv
    @privilege_hierarchy[@current_priv] ||= []
    @privilege_hierarchy[@current_priv] << [priv, @current_context]
  end
end

#privilege(privilege, context = nil, options = {}, &block) ⇒ Object

Defines part of a privilege hierarchy. For the given privilege, included privileges may be defined in the block (through includes) or as option :includes. If the optional context is given, the privilege hierarchy is limited to that context.



119
120
121
122
123
124
125
126
127
128
129
130
131
132
# File 'lib/declarative_authorization/reader.rb', line 119

def privilege (privilege, context = nil, options = {}, &block)
  if context.is_a?(Hash)
    options = context
    context = nil
  end
  @current_priv = privilege
  @current_context = context
  append_privilege privilege
  instance_eval(&block) if block
  includes(*options[:includes]) if options[:includes]
ensure
  @current_priv = nil
  @current_context = nil
end