Class: Authorization::AttributeWithPermission

Inherits:
Attribute
  • Object
show all
Defined in:
lib/declarative_authorization/authorization.rb

Overview

An attribute condition that uses existing rules to decide validation and create obligations.

Instance Method Summary collapse

Constructor Details

#initialize(privilege, attr_or_hash, context = nil) ⇒ AttributeWithPermission

E.g. privilege :read, attr_or_hash either :attribute or { :attribute => :deeper_attribute }



551
552
553
554
555
# File 'lib/declarative_authorization/authorization.rb', line 551

def initialize (privilege, attr_or_hash, context = nil)
  @privilege = privilege
  @context = context
  @attr_hash = attr_or_hash
end

Instance Method Details

#initialize_copy(from) ⇒ Object



557
558
559
# File 'lib/declarative_authorization/authorization.rb', line 557

def initialize_copy (from)
  @attr_hash = deep_hash_clone(@attr_hash) if @attr_hash.is_a?(Hash)
end

#obligation(attr_validator, hash_or_attr = nil, path = []) ⇒ Object

may return an array of obligations to be OR’ed



600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
# File 'lib/declarative_authorization/authorization.rb', line 600

def obligation (attr_validator, hash_or_attr = nil, path = [])
  hash_or_attr ||= @attr_hash
  case hash_or_attr
  when Symbol
    @context ||= begin
      rule_model = attr_validator.context.to_s.classify.constantize
      context_reflection = self.class.reflection_for_path(rule_model, path + [hash_or_attr])
      if context_reflection.klass.respond_to?(:decl_auth_context)
        context_reflection.klass.decl_auth_context
      else
        context_reflection.klass.name.tableize.to_sym
      end
    rescue # missing model, reflections
      hash_or_attr.to_s.pluralize.to_sym
    end
    
    obligations = attr_validator.engine.obligations(@privilege,
                      :context => @context,
                      :user    => attr_validator.user)

    obligations.collect {|obl| {hash_or_attr => obl} }
  when Hash
    obligations_array_attrs = []
    obligations =
        hash_or_attr.inject({}) do |all, pair|
          attr, sub_hash = pair
          all[attr] = obligation(attr_validator, sub_hash, path + [attr])
          if all[attr].length > 1
            obligations_array_attrs << attr
          else
            all[attr] = all[attr].first
          end
          all
        end
    obligations = [obligations]
    obligations_array_attrs.each do |attr|
      next_array_size = obligations.first[attr].length
      obligations = obligations.collect do |obls|
        (0...next_array_size).collect do |idx|
          obls_wo_array = obls.clone
          obls_wo_array[attr] = obls_wo_array[attr][idx]
          obls_wo_array
        end
      end.flatten
    end
    obligations
  when NilClass
    attr_validator.engine.obligations(@privilege,
        :context => attr_validator.context,
        :user    => attr_validator.user)
  else
    raise AuthorizationError, "Wrong conditions hash format: #{hash_or_attr.inspect}"
  end
end

#to_long_sObject



655
656
657
# File 'lib/declarative_authorization/authorization.rb', line 655

def to_long_s
  "if_permitted_to #{@privilege.inspect}, #{@attr_hash.inspect}"
end

#validate?(attr_validator, object = nil, hash_or_attr = nil) ⇒ Boolean

Returns:

  • (Boolean)


561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
# File 'lib/declarative_authorization/authorization.rb', line 561

def validate? (attr_validator, object = nil, hash_or_attr = nil)
  object ||= attr_validator.object
  hash_or_attr ||= @attr_hash
  return false unless object

  case hash_or_attr
  when Symbol
    attr_value = object_attribute_value(object, hash_or_attr)
    case attr_value
    when nil
      raise NilAttributeValueError, "Attribute #{hash_or_attr.inspect} is nil in #{object.inspect}."
    when Enumerable
      attr_value.any? do |inner_value|
        attr_validator.engine.permit? @privilege, :object => inner_value, :user => attr_validator.user
      end
    else
      attr_validator.engine.permit? @privilege, :object => attr_value, :user => attr_validator.user
    end
  when Hash
    hash_or_attr.all? do |attr, sub_hash|
      attr_value = object_attribute_value(object, attr)
      if attr_value == nil
        raise NilAttributeValueError, "Attribute #{attr.inspect} is nil in #{object.inspect}."
      elsif attr_value.is_a?(Enumerable)
        attr_value.any? do |inner_value|
          validate?(attr_validator, inner_value, sub_hash)
        end
      else
        validate?(attr_validator, attr_value, sub_hash)
      end
    end
  when NilClass
    attr_validator.engine.permit? @privilege, :object => object, :user => attr_validator.user
  else
    raise AuthorizationError, "Wrong conditions hash format: #{hash_or_attr.inspect}"
  end
end