Class: LogicalAuthz::AccessControl::Builder

Inherits:

Object

• Object
• LogicalAuthz::AccessControl::Builder

Defined in:

lib/logical_authz/access_control.rb

Class Method Summary

• .register_policy_class(name, klass) ⇒ Object
• .register_policy_helper(name, &block) ⇒ Object

Instance Method Summary

• #add_rule(rule, allows = true, name = nil) ⇒ Object

  TODO DSL needs to allow config of rules.

• #allow(rule = nil, name = nil, &block) ⇒ Object
• #define(&block) ⇒ Object
• #deny(rule = nil, name = nil, &block) ⇒ Object
• #except(policy) ⇒ Object

  This needs a different name.

• #existing_policy ⇒ Object
• #if_allowed(&block) ⇒ Object
• #if_denied(&block) ⇒ Object
• #initialize(helper_mod = nil) ⇒ Builder constructor

  A new instance of Builder.

• #list(existing = nil) ⇒ Object
• #related(&block) ⇒ Object
• #resolve_rule(rule) ⇒ Object
• #with_criteria(policy, &block) ⇒ Object

Constructor Details

#initialize(helper_mod = nil) ⇒ Builder

Returns a new instance of Builder.

# File 'lib/logical_authz/access_control.rb', line 17

def initialize(helper_mod = nil)
  @helper_mod = helper_mod
  @list = @before = []
  @after = []

  (class << self; self; end).instance_eval do
    include(helper_mod) unless helper_mod.nil?
  end
end

Class Method Details

.register_policy_class(name, klass) ⇒ Object

# File 'lib/logical_authz/access_control.rb', line 7

def register_policy_class(name, klass)
  define_method(name) { klass.new }
  define_method("if_#{name}") { klass.new }
end

.register_policy_helper(name, &block) ⇒ Object

# File 'lib/logical_authz/access_control.rb', line 12

def register_policy_helper(name, &block)
  define_method(name, &block)
end

Instance Method Details

#add_rule(rule, allows = true, name = nil) ⇒ Object

TODO DSL needs to allow config of rules

# File 'lib/logical_authz/access_control.rb', line 53

def add_rule(rule, allows = true, name = nil)
  rule = resolve_rule(rule)

  rule.decision = allows
  rule.name = name unless name.nil?
  @list << rule
end

#allow(rule = nil, name = nil, &block) ⇒ Object

# File 'lib/logical_authz/access_control.rb', line 61

def allow(rule = nil, name = nil, &block)
  if rule.nil?
    if block.nil?
      raise "Allow needs to have a rule or a block"
    end
    rule = block
  end
  add_rule(rule, true, name)
end

#define(&block) ⇒ Object

# File 'lib/logical_authz/access_control.rb', line 27

def define(&block)
  instance_eval(&block)
end

#deny(rule = nil, name = nil, &block) ⇒ Object

# File 'lib/logical_authz/access_control.rb', line 71

def deny(rule = nil, name = nil, &block)
  if rule.nil?
    if block.nil?
      raise "Deny needs to have a rule or a block"
    end
    rule = block
  end
  add_rule(rule, false, name)
end

#except(policy) ⇒ Object

This needs a different name

# File 'lib/logical_authz/access_control.rb', line 94

def except(policy) #This needs a different name
  policy = resolve_rule(policy)
  Reversed.new(policy)
end

#existing_policy ⇒ Object

# File 'lib/logical_authz/access_control.rb', line 105

def existing_policy
  @list = @after
end

#if_allowed(&block) ⇒ Object

# File 'lib/logical_authz/access_control.rb', line 81

def if_allowed(&block)
  IfAllows.new(@helper_mod, &block)
end

#if_denied(&block) ⇒ Object

# File 'lib/logical_authz/access_control.rb', line 85

def if_denied(&block)
  IfDenies.new(@helper_mod, &block)
end

#list(existing = nil) ⇒ Object

# File 'lib/logical_authz/access_control.rb', line 109

def list(existing = nil)
  existing ||= []
  result = @before + existing + @after
end

#related(&block) ⇒ Object

Raises:

• (PolicyDefinitionError)

# File 'lib/logical_authz/access_control.rb', line 89

def related(&block)
  raise PolicyDefinitionError, "related called without a block" if block.nil?
  Owner.new(&block)
end

#resolve_rule(rule) ⇒ Object

# File 'lib/logical_authz/access_control.rb', line 31

def resolve_rule(rule)
  case rule
  when Policy #This is the important case, actually
  when Symbol, String
    klass = Policy.names[rule.to_sym]
    raise "Policy name #{rule} not found in #{Policy.names.keys.inspect}" if klass.nil?
    Rails.logger.debug { "Using deprecated string/symbol policy naming: #{rule.inspect}" }
    rule = klass.new
  when Class
    rule = rule.new
    unless rule.responds_to?(:check)
      raise "Policy classes must respond to #check"
    end
  when Proc
    rule = ProcPolicy.new(&rule)
  else
    raise "Authorization Rules have to be Policy objects, a Policy class or a proc"
  end
  rule
end

#with_criteria(policy, &block) ⇒ Object

Raises:

• (PolicyDefinitionError)

# File 'lib/logical_authz/access_control.rb', line 99

def with_criteria(policy, &block)
  raise PolicyDefinitionError, "with_criteria called without a block" if block.nil?
  policy = resolve_rule(policy)
  RemappedCriteria.new(policy, &block)
end