Class: ArsecurityUtil
- Inherits:
-
Object
- Object
- ArsecurityUtil
- Defined in:
- lib/arsecurity_util.rb
Class Attribute Summary collapse
-
.handler ⇒ Object
Returns the value of attribute handler.
Class Method Summary collapse
- .attribute_condition(argument) ⇒ Object
- .authorized?(operation, target_class_name, instance, invocation) ⇒ Boolean
- .check_permissions(permissions, operation, target_class_name, instance, invocation) ⇒ Object
- .has_permission(permission, operation, target_class_name, instance) ⇒ Object
Class Attribute Details
.handler ⇒ Object
Returns the value of attribute handler.
3 4 5 |
# File 'lib/arsecurity_util.rb', line 3 def handler @handler end |
Class Method Details
.attribute_condition(argument) ⇒ Object
81 82 83 84 85 86 87 88 |
# File 'lib/arsecurity_util.rb', line 81 def attribute_condition(argument) case argument when nil then "IS ?" when Array, ActiveRecord::Associations::AssociationCollection then "IN (?)" when Range then "BETWEEN ? AND ?" else "= ?" end end |
.authorized?(operation, target_class_name, instance, invocation) ⇒ Boolean
4 5 6 7 8 9 10 11 12 13 14 |
# File 'lib/arsecurity_util.rb', line 4 def (operation, target_class_name, instance, invocation) return true if handler.accept? return false if handler.reject? result = false = handler. unless .nil? || .empty? result = (, operation, target_class_name, instance, invocation) end result end |
.check_permissions(permissions, operation, target_class_name, instance, invocation) ⇒ Object
16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 |
# File 'lib/arsecurity_util.rb', line 16 def (, operation, target_class_name, instance, invocation) .each do || = ArsecurityPermission.new() if .is_a?(Hash) next if .target_class_name != target_class_name if .operation.present? next if .operation != operation end #instance not nil mean persist unless instance.nil? if .instance_condition.nil? || .instance_condition.empty? return true else result = ERB.new("<% result = (#{.instance_condition}) ? true : false %><%= result %>").result(instance.send(:binding)) return true if result == 'true' end else #singleton methods, mean has permission to do this action, but check if there is any restriction need be attached unless .sql_condition.nil? || .sql_condition.empty? conditions = handler.get_conditions(invocation) if conditions.nil? || conditions.empty? conditions = .sql_condition elsif conditions.is_a?(String) conditions = "(" << conditions << ") and (" << .sql_condition << ")" elsif conditions.is_a?(Array) conditions[0] = "(" << conditions[0] << ") and (" << .sql_condition << ")" elsif conditions.is_a?(Hash) new_conditions = [] new_conditions[0] = "" conditions.each do |k, v| new_conditions[0] << " #{k} #{attribute_condition(v)}" if v.is_a?(Range) new_conditions << v.first new_conditions << v.last else new_conditions << v end end conditions = new_conditions conditions[0] = "(" << conditions[0] << ") and (" << .sql_condition << ")" end handler.set_conditions(invocation, conditions) end return true end end false end |
.has_permission(permission, operation, target_class_name, instance) ⇒ Object
66 67 68 69 70 71 72 73 74 75 76 77 78 79 |
# File 'lib/arsecurity_util.rb', line 66 def (, operation, target_class_name, instance) return false if .target_class_name != target_class_name if .operation.present? return false if .operation != operation end if .instance_condition.blank? return true else result = ERB.new("<% result = (#{.instance_condition}) ? true : false %><%= result %>").result(instance.send(:binding)) return result == 'true' end end |