Module: Volt::Model::Permissions

Included in:

Volt::Model

Defined in:

lib/volt/models/permissions.rb

Overview

The permissions module provides helpers for working with Volt permissions.

Defined Under Namespace

Modules: ClassMethods

Class Method Summary

• .included(base) ⇒ Object

Instance Method Summary

• #action_allowed?(action_name) ⇒ Boolean

  Checks if any denies are in place for an action (read or delete).

• #allow(*fields) ⇒ Object
• #allow_and_deny_fields(action_name) ⇒ Object

  Return the list of allowed fields.

• #can_create? ⇒ Boolean
• #can_delete? ⇒ Boolean

  Returns boolean if the model can be deleted.

• #can_read? ⇒ Boolean

  Checks the read permissions.

• #deny(*fields) ⇒ Object
• #filtered_attributes ⇒ Object

  Filter fields returns the attributes with any denied or not allowed fields removed based on the current user.

• #owner?(key = :user_id) ⇒ Boolean

  owner? can be called on a model to check if the currently logged in user (“‘Volt.current_user“`) is the owner of this instance.

Class Method Details

.included(base) ⇒ Object

# File 'lib/volt/models/permissions.rb', line 62

def self.included(base)
  base.send(:extend, ClassMethods)
  base.class_attribute :__permissions__
end

Instance Method Details

#action_allowed?(action_name) ⇒ Boolean

Checks if any denies are in place for an action (read or delete)

Returns:

• (Boolean)

# File 'lib/volt/models/permissions.rb', line 124

def action_allowed?(action_name)
  # TODO: this does some unnecessary work
  compute_allow_and_deny(action_name)

  deny = @__deny_fields == true || (@__deny_fields && @__deny_fields.size > 0)

  clear_allow_and_deny

  !deny
end

#allow(*fields) ⇒ Object

# File 'lib/volt/models/permissions.rb', line 67

def allow(*fields)
  if @__allow_fields
    if @__allow_fields != true
      if fields.size == 0
        # No field's were passed, this means we deny all
        @__allow_fields = true
      else
        # Fields were specified, add them to the list
        @__allow_fields += fields.map(&:to_sym)
      end
    end
  else
    fail 'allow should be called inside of a permissions block'
  end
end

#allow_and_deny_fields(action_name) ⇒ Object

Return the list of allowed fields

# File 'lib/volt/models/permissions.rb', line 136

def allow_and_deny_fields(action_name)
  compute_allow_and_deny(action_name)

  result = [@__allow_fields, @__deny_fields]

  clear_allow_and_deny

  result
end

#can_create? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/volt/models/permissions.rb', line 119

def can_create?
  action_allowed?(:create)
end

#can_delete? ⇒ Boolean

Returns boolean if the model can be deleted

Returns:

• (Boolean)

# File 'lib/volt/models/permissions.rb', line 110

def can_delete?
  action_allowed?(:delete)
end

#can_read? ⇒ Boolean

Checks the read permissions

Returns:

• (Boolean)

# File 'lib/volt/models/permissions.rb', line 115

def can_read?
  action_allowed?(:read)
end

#deny(*fields) ⇒ Object

# File 'lib/volt/models/permissions.rb', line 83

def deny(*fields)
  if @__deny_fields
    if @__deny_fields != true
      if fields.size == 0
        # No field's were passed, this means we deny all
        @__deny_fields = true
      else
        # Fields were specified, add them to the list
        @__deny_fields += fields.map(&:to_sym)
      end
    end
  else
    fail 'deny should be called inside of a permissions block'
  end
end

#filtered_attributes ⇒ Object

Filter fields returns the attributes with any denied or not allowed fields removed based on the current user.

Run with Volt.as_user(…) to change the user

# File 'lib/volt/models/permissions.rb', line 150

def filtered_attributes
  # Run the read permission check
  allow, deny = allow_and_deny_fields(:read)

  result = nil

  if allow && allow != true && allow.size > 0
    # always keep id
    allow << :id

    # Only keep fields in the allow list
    result = @attributes.select { |key| allow.include?(key) }
  elsif deny == true
    # Only keep id
    # TODO: Should this be a full reject?
    result = @attributes.reject { |key| key != :id }
  elsif deny && deny.size > 0
    # Reject any in the deny list
    result = @attributes.reject { |key| deny.include?(key) }
  else
    result = @attributes
  end

  # Deeply filter any nested models
  return result.map do |key, value|
    if value.is_a?(Model)
      value = value.filtered_attributes
    end

    [key, value]
  end.to_h
end

#owner?(key = :user_id) ⇒ Boolean

owner? can be called on a model to check if the currently logged in user (“‘Volt.current_user“`) is the owner of this instance.

Parameters:

• key (Symbol) (defaults to: :user_id) —

  the name of the attribute where the user_id is stored

Returns:

• (Boolean)

# File 'lib/volt/models/permissions.rb', line 103

def owner?(key = :user_id)
  # Lookup the original user_id
  owner_id = was(key) || send(:"_#{key}")
  !owner_id.nil? && owner_id == Volt.current_user_id
end