Class: Authorize::Permission

Inherits:

ActiveRecord::Base

• Object
• ActiveRecord::Base
• Authorize::Permission

Defined in:

lib/authorize/permission.rb

Defined Under Namespace

Classes: Mask

Class Method Summary

• .aggregate_mask ⇒ Object

  Find the aggregate permission mask for the current scope This calculation could be more effectively performed at the database using an aggregate function.

• .permit?(requested_modes) ⇒ Boolean

  Determine if the aggregate mask includes the requested modes.

Instance Method Summary

• #mask(reload = false) ⇒ Object
• #resource ⇒ Object

  Virtual attribute that expands the common belongs_to association with a three-level hierarchy.

• #resource=(res) ⇒ Object
• #set_mandatory_list_mode ⇒ Object

  Because the list mode is always assumed to be set for performance, we expose that assumption explicitly.

• #to_s ⇒ Object

Class Method Details

.aggregate_mask ⇒ Object

Find the aggregate permission mask for the current scope This calculation could be more effectively performed at the database using an aggregate function. For MySQL, a bit_or function exists. For SQLite3, it is necessary to code an extension. For an example, see: snippets.dzone.com/posts/show/3717

# File 'lib/authorize/permission.rb', line 64

def self.aggregate_mask
  Mask.new(all.inject(Set.new){|memo, p| memo | p.mask})
end

.permit?(requested_modes) ⇒ Boolean

Determine if the aggregate mask includes the requested modes.

Returns:

• (Boolean)

# File 'lib/authorize/permission.rb', line 56

def self.permit?(requested_modes)
  requested_modes.subset?(aggregate_mask)
end

Instance Method Details

#mask(reload = false) ⇒ Object

# File 'lib/authorize/permission.rb', line 88

def mask(reload = false)
  cached = @attributes_cache['mask'] # undocumented hash of cache nicely invalidated by write_attribute
  return cached if cached && !reload
  @attributes_cache['mask'] = Mask.new(read_attribute('mask')) # Ensure we always return a Mask instance
end

#resource ⇒ Object

Virtual attribute that expands the common belongs_to association with a three-level hierarchy

# File 'lib/authorize/permission.rb', line 75

def resource
  return Object unless resource_type
  return resource_type.constantize unless resource_id
  return _resource
end

#resource=(res) ⇒ Object

# File 'lib/authorize/permission.rb', line 81

def resource=(res)
  return self._resource = res unless res.kind_of?(Class)
  self.resource_id = nil
  return self[:resource_type] = nil if res == Object
  return self[:resource_type] = res.to_s
end

#set_mandatory_list_mode ⇒ Object

Because the list mode is always assumed to be set for performance, we expose that assumption explicitly.

# File 'lib/authorize/permission.rb', line 69

def set_mandatory_list_mode
  self['mask'] |= Mask.name_values[:list]
  @attributes_cache.delete('mask')
end

#to_s ⇒ Object

# File 'lib/authorize/permission.rb', line 94

def to_s
  "#{role} over #{resource} (#{mask})"
end