Class: Authorization::AttributeWithPermission

Inherits:
Attribute
  • Object
show all
Defined in:
lib/declarative_authorization/authorization.rb

Overview

An attribute condition that uses existing rules to decide validation and create obligations.

Instance Method Summary collapse

Constructor Details

#initialize(privilege, attr_or_hash, context = nil) ⇒ AttributeWithPermission

E.g. privilege :read, attr_or_hash either :attribute or { :attribute => :deeper_attribute }



547
548
549
550
551
 
# File 'lib/declarative_authorization/authorization.rb', line 547

def initialize (privilege, attr_or_hash, context = nil)
  @privilege = privilege
  @context = context
  @attr_hash = attr_or_hash
end

Instance Method Details

#initialize_copy(from) ⇒ Object 



553
554
555
 
# File 'lib/declarative_authorization/authorization.rb', line 553

def initialize_copy (from)
  @attr_hash = deep_hash_clone(@attr_hash) if @attr_hash.is_a?(Hash)
end

#obligation(attr_validator, hash_or_attr = nil, path = []) ⇒ Object

may return an array of obligations to be OR’ed



596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
 
# File 'lib/declarative_authorization/authorization.rb', line 596

def obligation (attr_validator, hash_or_attr = nil, path = [])
  hash_or_attr ||= @attr_hash
  case hash_or_attr
  when Symbol
    @context ||= begin
      rule_model = attr_validator.context.to_s.classify.constantize
      context_reflection = self.class.reflection_for_path(rule_model, path + [hash_or_attr])
      if context_reflection.klass.respond_to?(:decl_auth_context)
        context_reflection.klass.decl_auth_context
      else
        context_reflection.klass.name.tableize.to_sym
      end
    rescue # missing model, reflections
      hash_or_attr.to_s.pluralize.to_sym
    end
    
    obligations = attr_validator.engine.obligations(@privilege,
                      :context => @context,
                      :user    => attr_validator.user)

    obligations.collect {|obl| {hash_or_attr => obl} }
  when Hash
    obligations_array_attrs = []
    obligations =
        hash_or_attr.inject({}) do |all, pair|
          attr, sub_hash = pair
          all[attr] = obligation(attr_validator, sub_hash, path + [attr])
          if all[attr].length > 1
            obligations_array_attrs << attr
          else
            all[attr] = all[attr].first
          end
          all
        end
    obligations = [obligations]
    obligations_array_attrs.each do |attr|
      next_array_size = obligations.first[attr].length
      obligations = obligations.collect do |obls|
        (0...next_array_size).collect do |idx|
          obls_wo_array = obls.clone
          obls_wo_array[attr] = obls_wo_array[attr][idx]
          obls_wo_array
        end
      end.flatten
    end
    obligations
  when NilClass
    attr_validator.engine.obligations(@privilege,
        :context => attr_validator.context,
        :user    => attr_validator.user)
  else
    raise AuthorizationError, "Wrong conditions hash format: #{hash_or_attr.inspect}"
  end
end

#to_long_sObject 



651
652
653
 
# File 'lib/declarative_authorization/authorization.rb', line 651

def to_long_s
  "if_permitted_to #{@privilege.inspect}, #{@attr_hash.inspect}"
end

#validate?(attr_validator, object = nil, hash_or_attr = nil) ⇒ Boolean

Returns:

  • (Boolean) 


557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
 
# File 'lib/declarative_authorization/authorization.rb', line 557

def validate? (attr_validator, object = nil, hash_or_attr = nil)
  object ||= attr_validator.object
  hash_or_attr ||= @attr_hash
  return false unless object

  case hash_or_attr
  when Symbol
    attr_value = object_attribute_value(object, hash_or_attr)
    case attr_value
    when nil
      raise NilAttributeValueError, "Attribute #{hash_or_attr.inspect} is nil in #{object.inspect}."
    when Enumerable
      attr_value.any? do |inner_value|
        attr_validator.engine.permit? @privilege, :object => inner_value, :user => attr_validator.user
      end
    else
      attr_validator.engine.permit? @privilege, :object => attr_value, :user => attr_validator.user
    end
  when Hash
    hash_or_attr.all? do |attr, sub_hash|
      attr_value = object_attribute_value(object, attr)
      if attr_value == nil
        raise NilAttributeValueError, "Attribute #{attr.inspect} is nil in #{object.inspect}."
      elsif attr_value.is_a?(Enumerable)
        attr_value.any? do |inner_value|
          validate?(attr_validator, inner_value, sub_hash)
        end
      else
        validate?(attr_validator, attr_value, sub_hash)
      end
    end
  when NilClass
    attr_validator.engine.permit? @privilege, :object => object, :user => attr_validator.user
  else
    raise AuthorizationError, "Wrong conditions hash format: #{hash_or_attr.inspect}"
  end
end