Module: Eaco::Resource

Defined in:
lib/eaco/resource.rb

Overview

A Resource is an object that can be authorized. It has an ACL, that defines the access levels of Designators. Actors have many designators and the highest priority ones that matches the ACL yields the access level of the Actor to this Resource.

If there is no match between the Actor's designators and the ACL, then access is denied.

Authorized resources are defined through the DSL, see DSL::Resource.

TODO Negative authorizations

Defined Under Namespace

Modules: ClassMethods

Instance Method Summary collapse

Instance Method Details

#allows?(action, actor) ⇒ Boolean

Returns whether the given action is allowed to the given actor.

Parameters:

  • action (Symbol)
  • actor (Actor)

Returns:

  • (Boolean)

    whether the given action is allowed to the given actor.


147
148
149
# File 'lib/eaco/resource.rb', line 147

def allows?(action, actor)
  self.class.allows?(action, actor, self)
end

#batch_grant(role, designators) ⇒ ACL

Grants the given set of designators access as to this Resource as the given role.

Parameters:

Returns:

See Also:


199
200
201
202
203
204
205
206
207
208
# File 'lib/eaco/resource.rb', line 199

def batch_grant(role, designators)
  self.check_role!(role)

  change_acl do |acl|
    designators.each do |designator|
      acl.add(role, designator)
    end
    acl
  end
end

#change_acl {|ACL| ... } ⇒ ACL (protected)

Changes the ACL, calling the persistance setter if it changes.

Yields:

  • (ACL)

    the current ACL or a new one if no ACL is set

Returns:

  • (ACL)

    the new ACL


218
219
220
221
222
223
224
# File 'lib/eaco/resource.rb', line 218

def change_acl
  acl = yield self.acl.try(:dup) || self.class.acl.new

  self.acl = acl unless acl == self.acl

  return self.acl
end

#check_role!(role) ⇒ Object (protected)

Checks whether the given role is valid for this Resource.

Parameters:

  • role (Symbol)

    the role name.

Raises:


233
234
235
236
237
238
239
# File 'lib/eaco/resource.rb', line 233

def check_role!(role)
  unless self.class.role?(role)
    raise Error,
      "The `#{role}' role is not valid for `#{self.class.name}' objects. " \
      "Valid roles are: `#{self.class.roles.join(', ')}'"
  end
end

#grant(role, *designator) ⇒ ACL

Grants the given designator access to this Resource as the given role.

Parameters:

  • role (Symbol)
  • designator (Variadic)

    , see ACL#add

Returns:

See Also:


170
171
172
173
174
# File 'lib/eaco/resource.rb', line 170

def grant(role, *designator)
  self.check_role!(role)

  change_acl {|acl| acl.add(role, *designator) }
end

#revoke(*designator) ⇒ ACL

Revokes the given designator access to this Resource.

Parameters:

  • designator (Variadic)

    , see ACL#del

Returns:

See Also:


185
186
187
# File 'lib/eaco/resource.rb', line 185

def revoke(*designator)
  change_acl {|acl| acl.del(*designator) }
end

#role_of(actor) ⇒ Symbol

Returns the role of the given actor.

Parameters:

Returns:

  • (Symbol)

    the role of the given actor


156
157
158
# File 'lib/eaco/resource.rb', line 156

def role_of(actor)
  self.class.role_of(actor, self)
end