Module: Vigilante::WatchedOperator

Defined in:

lib/vigilante/watched_operator.rb

Class Method Summary

• .included(base) ⇒ Object

Instance Method Summary

• #add_authorization(role, extent = nil) ⇒ Object
• #add_role(role) ⇒ Object

  convenience method: needed?.

• #add_to_extent(extent, role = nil) ⇒ Object

  Extent-specific.

• #authorizations_by_ability_name(ability_name) ⇒ Object
• #distinct_authorizations ⇒ Object
• #extent_role(extent) ⇒ Object
• #extent_roles ⇒ Object
• #extents_with_roles ⇒ Object
• #find_authorization(role, extent = nil) ⇒ Object
• #find_or_create_authorization(role, extent = nil) ⇒ Object
• #has_extent? ⇒ Boolean
• #max_ability(extent = nil) ⇒ Object
• #minimize_authorizations ⇒ Object
• #permits ⇒ Object
• #permits=(permissions) ⇒ Object

  keep permits.

• #roles ⇒ Object

  convenience method: list all assigned roles (without extent?).

• #roles=(roles_arr) ⇒ Object

  an array containing any of existing ability-names will add the corresponding ability.

• #show_roles ⇒ Object
• #simplify_authorizations ⇒ Object
• #validate_authorizations(max_allowed_importance, only_with_extents) ⇒ Object

Class Method Details

.included(base) ⇒ Object

# File 'lib/vigilante/watched_operator.rb', line 4

def self.included(base)
  base.has_many :authorizations, :foreign_key => 'operator_id', :dependent => :destroy
  base.has_many :abilities, :through => :authorizations

  base.accepts_nested_attributes_for :authorizations, :reject_if => proc {|x| x[:ability_id].blank?}, :allow_destroy => true
  base.attr_accessible :authorizations_attributes if base.respond_to?(:attr_accessible)
end

Instance Method Details

#add_authorization(role, extent = nil) ⇒ Object

Raises:

• (StandardError)

# File 'lib/vigilante/watched_operator.rb', line 12

def add_authorization(role, extent=nil)
  ability = Ability.find_by_name(role.downcase)
  raise StandardError.new("Role #{role} is not converted to a corresponding authorization. It does not exist.") if ability.nil?

  #    extent_params = {}
  #    unless extent.nil?
  #      extent_params[:extent] = extent.id
  #      extent_params[:extent_type] = extent.class.name
  #    end

  new_authorization = ::Authorization.create(:operator_id => self.id, :ability_id => ability.id)
  unless extent.nil?
    new_authorization.add_extent(extent)
  end
  authorizations << new_authorization
  new_authorization
end

#add_role(role) ⇒ Object

convenience method: needed?

# File 'lib/vigilante/watched_operator.rb', line 62

def add_role(role)
  find_or_create_authorization(role)
end

#add_to_extent(extent, role = nil) ⇒ Object

Extent-specific

# File 'lib/vigilante/watched_operator.rb', line 94

def add_to_extent(extent, role = nil)
  #### TODO: configure default role!!!
  role = 'can-read-all' if role.nil?
  find_or_create_authorization(role, extent)
end

#authorizations_by_ability_name(ability_name) ⇒ Object

# File 'lib/vigilante/watched_operator.rb', line 168

def authorizations_by_ability_name(ability_name)
  #TODO: this can be written with better perfomance by using an SQL select instead of the ruby method select
  authorizations.select{|authorization|authorization.ability.name == ability_name}
end

#distinct_authorizations ⇒ Object

# File 'lib/vigilante/watched_operator.rb', line 164

def distinct_authorizations
  authorizations.joins(:ability).select('distinct(name)')
end

#extent_role(extent) ⇒ Object

# File 'lib/vigilante/watched_operator.rb', line 100

def extent_role(extent)
  return nil if extent.nil?
  self.reload.authorizations.each do |auth|
    if auth.has_extent?
      return auth.ability.name if auth.match_extent(extent)
    end
  end
  nil
end

#extent_roles ⇒ Object

# File 'lib/vigilante/watched_operator.rb', line 114

def extent_roles
  self.authorizations.select{|x| x.has_extent? }.collect{|x| x.ability.name }
end

#extents_with_roles ⇒ Object

# File 'lib/vigilante/watched_operator.rb', line 118

def extents_with_roles
  extent_hash = Hash.new { |h, k| h[k] = [] }
  self.authorizations.each do |authorization|
    if authorization.has_extent?
      authorization.authorization_extents.each do |x|
        extent_hash[x.extent_objid] << authorization.ability.name
      end
    else
      extent_hash[:all] << authorization.ability.name
    end
  end
  extent_hash
end

#find_authorization(role, extent = nil) ⇒ Object

# File 'lib/vigilante/watched_operator.rb', line 30

def find_authorization(role, extent=nil)
  authorizations.each do |auth|
    return auth if auth.ability.name.downcase == role.downcase && (auth.match_extent(extent) || extent == :any)
  end
  nil
end

#find_or_create_authorization(role, extent = nil) ⇒ Object

# File 'lib/vigilante/watched_operator.rb', line 37

def find_or_create_authorization(role, extent = nil)
  auth = find_authorization(role, :any)
  if auth.nil?
    auth = add_authorization(role, extent)
  elsif extent.present?
    auth.add_extent(extent)
  end
  auth
end

#has_extent? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/vigilante/watched_operator.rb', line 110

def has_extent?
  extent_roles.count >= 1
end

#max_ability(extent = nil) ⇒ Object

# File 'lib/vigilante/watched_operator.rb', line 77

def max_ability(extent=nil)
  if extent && has_extent?
    result_max = 0
    self.reload.authorizations.each do |auth|
      if auth.has_extent?
        result_max = auth.ability.importance if auth.match_extent(extent) && auth.ability.importance > result_max
      end
    end
    result_max
  else
    @max_importance ||= abilities.maximum(:importance)
  end
end

#minimize_authorizations ⇒ Object

# File 'lib/vigilante/watched_operator.rb', line 173

def minimize_authorizations
  distinct_authorizations.each do |ability|
    authorizations_with_possible_duplicates = authorizations_by_ability_name(ability.name)
    if authorizations_with_possible_duplicates.size > 1
      keep_auth = authorizations_with_possible_duplicates.delete_at(0)
      authorizations_with_possible_duplicates.each do |dup_auth|
        dup_auth.authorization_extents.each do |auth_ext|
          keep_auth.authorization_extents.create(:extent_objid => auth_ext.extent_objid, :extent_type => auth_ext.extent_type)
        end
        dup_auth.destroy
      end
    end
  end
end

#permits ⇒ Object

# File 'lib/vigilante/watched_operator.rb', line 198

def permits
  @permissions ||= build_permissions_hash
end

#permits=(permissions) ⇒ Object

keep permits

# File 'lib/vigilante/watched_operator.rb', line 193

def permits=(permissions)
  # make a copy!
  @permissions = {}.merge(permissions)
end

#roles ⇒ Object

convenience method: list all assigned roles (without extent?)

# File 'lib/vigilante/watched_operator.rb', line 67

def roles
  # we can't use abilities as those are not defined when creating a new operator that is not yet saved
  #result = abilities.collect(&:name)
  authorizations.collect{|auth| auth.ability.try(:name)}
end

#roles=(roles_arr) ⇒ Object

an array containing any of existing ability-names

will add the corresponding ability

# File 'lib/vigilante/watched_operator.rb', line 54

def roles=(roles_arr)
  self.authorizations = []
  roles_arr.each do |role|
    find_or_create_authorization(role) unless role.blank?
  end
end

#show_roles ⇒ Object

# File 'lib/vigilante/watched_operator.rb', line 73

def show_roles
  authorizations.collect {|a| a.ability.try(:name) + "[" + a.authorization_extents.collect{|e| e.extent}.join(',') + "]"}
end

#simplify_authorizations ⇒ Object

# File 'lib/vigilante/watched_operator.rb', line 157

def simplify_authorizations
  if authorizations.count != distinct_authorizations.count
    minimize_authorizations
    self.reload
  end
end

#validate_authorizations(max_allowed_importance, only_with_extents) ⇒ Object

# File 'lib/vigilante/watched_operator.rb', line 133

def validate_authorizations(max_allowed_importance, only_with_extents)
  authorizations = self.authorizations

  authorizations.each do |auth|
    ability = auth.ability

    if ability.needs_extent? && auth.authorization_extents.empty?
      errors.add(:authorizations, "ability #{ability.name} requires an organisation!")
    end
    if ability.importance > max_allowed_importance || (!ability.needs_extent? && only_with_extents)
      errors.add(:authorizations, "you do not have the necessary permission to add ability #{ability.name}")
    end
  end

  logger.debug "###### Validate_operator_authorizations: authorizations = #{authorizations.inspect}"
  logger.debug "###### Validate_operator_authorizations: authorizations = #{abilities.inspect}"

  if authorizations.empty?
    valid? # add the other errors, if any
    errors.add(:authorizations, 'must have at least one ability')
  end
end