Module: Vigilante::WatchedOperator

Defined in:

lib/vigilante/watched_operator.rb

Class Method Summary

• .included(base) ⇒ Object

Instance Method Summary

• #add_authorization(role, extent = nil) ⇒ Object
• #add_role(role) ⇒ Object

  convenience method: needed?.

• #add_to_extent(extent, role = nil) ⇒ Object

  Extent-specific.

• #extent_role(extent) ⇒ Object
• #extent_roles ⇒ Object
• #find_authorization(role, extent = nil) ⇒ Object
• #find_or_create_authorization(role, extent = nil) ⇒ Object
• #has_extent? ⇒ Boolean
• #permits ⇒ Object
• #permits=(permissions) ⇒ Object

  keep permits.

• #roles ⇒ Object

  convenience method: list all assigned roles (without extent?).

• #roles=(roles_arr) ⇒ Object

  an array containing any of existing ability-names will add the corresponding ability.

• #show_roles ⇒ Object

Class Method Details

.included(base) ⇒ Object

# File 'lib/vigilante/watched_operator.rb', line 4

def self.included(base)
  base.has_many :authorizations, :foreign_key => 'operator_id', :dependent => :destroy
  base.has_many :abilities, :through => :authorizations

  base.accepts_nested_attributes_for :authorizations, :reject_if => proc {|x| x[:ability_id].blank?}, :allow_destroy => true
  base.attr_accessible :authorizations_attributes
end

Instance Method Details

#add_authorization(role, extent = nil) ⇒ Object

Raises:

• (StandardError)

# File 'lib/vigilante/watched_operator.rb', line 12

def add_authorization(role, extent=nil)
  ability = Ability.find_by_name(role.downcase)
  raise StandardError.new("Role #{role} is not converted to a corresponding authorization. It does not exist.") if ability.nil?

  #    extent_params = {}
  #    unless extent.nil?
  #      extent_params[:extent] = extent.id
  #      extent_params[:extent_type] = extent.class.name
  #    end

  new_authorization = ::Authorization.create(:operator_id => self.id, :ability_id => ability.id)
  unless extent.nil?
    new_authorization.add_extent(extent)
  end
  authorizations << new_authorization
  new_authorization
end

#add_role(role) ⇒ Object

convenience method: needed?

# File 'lib/vigilante/watched_operator.rb', line 62

def add_role(role)
  find_or_create_authorization(role)
end

#add_to_extent(extent, role = nil) ⇒ Object

Extent-specific

# File 'lib/vigilante/watched_operator.rb', line 79

def add_to_extent(extent, role = nil)
  #### TODO: configure default role!!!
  role = 'can-read-all' if role.nil?
  find_or_create_authorization(role, extent)
end

#extent_role(extent) ⇒ Object

# File 'lib/vigilante/watched_operator.rb', line 85

def extent_role(extent)
  return nil if extent.nil?
  self.reload.authorizations.each do |auth|
    if auth.has_extent?
      return auth.ability.name if auth.match_extent(extent)
    end
  end
  nil
end

#extent_roles ⇒ Object

# File 'lib/vigilante/watched_operator.rb', line 99

def extent_roles
  self.authorizations.select{|x| x.has_extent? }.collect{|x| x.ability.name }
end

#find_authorization(role, extent = nil) ⇒ Object

# File 'lib/vigilante/watched_operator.rb', line 30

def find_authorization(role, extent=nil)
  authorizations.each do |auth|
    return auth if auth.ability.name.downcase == role.downcase && (auth.match_extent(extent) || extent == :any)
  end
  nil
end

#find_or_create_authorization(role, extent = nil) ⇒ Object

# File 'lib/vigilante/watched_operator.rb', line 37

def find_or_create_authorization(role, extent = nil)
  auth = find_authorization(role, :any)
  if auth.nil?
    auth = add_authorization(role, extent)
  elsif extent.present?
    auth.add_extent(extent)
  end
  auth
end

#has_extent? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/vigilante/watched_operator.rb', line 95

def has_extent?
  asp_roles.count >= 1
end

#permits ⇒ Object

# File 'lib/vigilante/watched_operator.rb', line 112

def permits
  @permissions ||= build_permissions_hash
end

#permits=(permissions) ⇒ Object

keep permits

# File 'lib/vigilante/watched_operator.rb', line 107

def permits=(permissions)
  # make a copy!
  @permissions = {}.merge(permissions)
end

#roles ⇒ Object

convenience method: list all assigned roles (without extent?)

# File 'lib/vigilante/watched_operator.rb', line 67

def roles
  # we can't use abilities as those are not defined when creating a new operator that is not yet saved
  #result = abilities.collect(&:name)
  authorizations.collect{|auth| auth.ability.try(:name)}
end

#roles=(roles_arr) ⇒ Object

an array containing any of existing ability-names

will add the corresponding ability

# File 'lib/vigilante/watched_operator.rb', line 54

def roles=(roles_arr)
  self.authorizations = []
  roles_arr.each do |role|
    find_or_create_authorization(role) unless role.blank?
  end
end

#show_roles ⇒ Object

# File 'lib/vigilante/watched_operator.rb', line 73

def show_roles
  authorizations.collect {|a| a.ability.try(:name) + "[" + a.authorization_extents.collect{|e| e.extent}.join(',') + "]"}
end