Class: Tuersteher::BaseAccessRule

Inherits:

Object

• Object
• Tuersteher::BaseAccessRule

Defined in:

lib/tuersteher.rb

Overview

Abstracte base class for Access-Rules

Direct Known Subclasses

ModelAccessRule, PathAccessRule

Instance Attribute Summary

• #rule_spezifications ⇒ Object readonly

  Returns the value of attribute rule_spezifications.

Instance Method Summary

• #deny ⇒ Object

  mark this rule as deny-rule.

• #deny? ⇒ Boolean

  is this rule a deny-rule.

• #extension(method_name, expected_value = nil) ⇒ Object

  add extension-definition parmaters: method_name: Symbol with the name of the method to call for addional check expected_value: optional expected value for the result of the with metho_name specified method, defalt is true.

• #fired?(path_or_model, method, login_ctx) ⇒ Boolean

  check, if this rule fired for specified parameter.

• #grant ⇒ Object

  mark this rule as grant-rule.

• #initialize ⇒ BaseAccessRule constructor

  A new instance of BaseAccessRule.

• #method(access_method) ⇒ Object

  set methode for access access_method Name of Methode for access as Symbol.

• #not ⇒ Object

  negate role followed rule specification (role or extension.

• #right(right_name) ⇒ Object

  add right.

• #role(role_name) ⇒ Object

  add role.

• #roles(*role_names) ⇒ Object

  add list of roles.

• #to_s ⇒ Object

Constructor Details

#initialize ⇒ BaseAccessRule

# File 'lib/tuersteher.rb', line 547

def initialize
  @rule_spezifications = []
  @last_role_specification
  @last_right_specification
end

Instance Attribute Details

#rule_spezifications ⇒ Object (readonly)

Returns the value of attribute rule_spezifications.

# File 'lib/tuersteher.rb', line 545

def rule_spezifications
  @rule_spezifications
end

Instance Method Details

#deny ⇒ Object

mark this rule as deny-rule

# File 'lib/tuersteher.rb', line 624

def deny
  @deny = true
  self
end

#deny? ⇒ Boolean

is this rule a deny-rule

# File 'lib/tuersteher.rb', line 630

def deny?
  @deny
end

#extension(method_name, expected_value = nil) ⇒ Object

add extension-definition parmaters:

method_name:      Symbol with the name of the method to call for addional check
expected_value:   optional expected value for the result of the with metho_name specified method, defalt is true

# File 'lib/tuersteher.rb', line 602

def extension method_name, expected_value=nil
  @rule_spezifications << ExtensionSpecification.new(method_name, @negation, expected_value)
  @negation = false if @negation
  self
end

#fired?(path_or_model, method, login_ctx) ⇒ Boolean

check, if this rule fired for specified parameter

# File 'lib/tuersteher.rb', line 642

def fired? path_or_model, method, login_ctx
  login_ctx = nil if login_ctx==:false # manche Authenticate-System setzen den login_ctx/login_contex auf :false
  @rule_spezifications.all?{|spec| spec.grant?(path_or_model, method, login_ctx)}
end

#grant ⇒ Object

mark this rule as grant-rule

# File 'lib/tuersteher.rb', line 619

def grant
  self
end

#method(access_method) ⇒ Object

set methode for access access_method Name of Methode for access as Symbol

# File 'lib/tuersteher.rb', line 610

def method(access_method)
  return self if access_method==:all  # :all is only syntax sugar
  @rule_spezifications << MethodSpecification.new(access_method, @negation)
  @negation = false if @negation
  self
end

#not ⇒ Object

negate role followed rule specification (role or extension

# File 'lib/tuersteher.rb', line 636

def not
  @negation = true
  self
end

#right(right_name) ⇒ Object

add right

# File 'lib/tuersteher.rb', line 554

def right(right_name)
  return self if right_name==:all  # :all is only syntax sugar
  raise "wrong right '#{right_name}'! Must be a symbol " unless right_name.is_a?(Symbol)
  # rights are OR-linked (per default)
  # => add the right to RightSpecification, create only new RightSpecification if not exist
  if @last_right_specification
    raise("Mixin of right and not.right are yet not implemented!") if @negation != @last_right_specification.negation
    @last_right_specification.rights << right_name
  else
    @last_right_specification = RightSpecification.new(right_name, @negation)
    @rule_spezifications << @last_right_specification
  end
  @negation = false if @negation
  self
end

#role(role_name) ⇒ Object

add role

# File 'lib/tuersteher.rb', line 571

def role(role_name)
  return self if role_name==:all  # :all is only syntax sugar
  raise "wrong role '#{role_name}'! Must be a symbol " unless role_name.is_a?(Symbol)
  # roles are OR-linked (per default)
  # => add the role to RolesSpecification, create only new RolesSpecification if not exist
  if @last_role_specification
    raise("Mixin of role and not.role are yet not implemented!") if @negation != @last_role_specification.negation
    @last_role_specification.roles << role_name
  else
    @last_role_specification = RolesSpecification.new(role_name, @negation)
    @rule_spezifications << @last_role_specification
  end
  @negation = false if @negation
  self
end

#roles(*role_names) ⇒ Object

add list of roles

# File 'lib/tuersteher.rb', line 588

def roles(*role_names)
  negation_state = @negation
  role_names.flatten.each do |role_name|
    self.role(role_name)
    @negation = negation_state # keep Negation-State for all roles
  end
  @negation = false if @negation
  self
end

#to_s ⇒ Object

# File 'lib/tuersteher.rb', line 648

def to_s
  "Rule[#{@deny ? 'deny' : 'grant'}.#{@rule_spezifications.map(&:to_s).join('.')}]"
end