Module: Volt::Model::Permissions
- Included in:
- Volt::Model
- Defined in:
- lib/volt/models/permissions.rb
Overview
The permissions module provides helpers for working with Volt permissions.
Defined Under Namespace
Modules: ClassMethods
Class Method Summary collapse
Instance Method Summary collapse
-
#action_allowed?(action_name) ⇒ Boolean
Checks if any denies are in place for an action (read or delete).
- #allow(*fields) ⇒ Object
-
#allow_and_deny_fields(action_name) ⇒ Object
Return the list of allowed fields.
- #deny(*fields) ⇒ Object
-
#filtered_attributes ⇒ Object
Filter fields returns the attributes with any denied or not allowed fields removed based on the current user.
-
#owner?(key = :user_id) ⇒ Boolean
owner? can be called on a model to check if the currently logged in user (“‘Volt.current_user“`) is the owner of this instance.
Class Method Details
.included(base) ⇒ Object
62 63 64 65 |
# File 'lib/volt/models/permissions.rb', line 62 def self.included(base) base.send(:extend, ClassMethods) base.class_attribute :__permissions__ end |
Instance Method Details
#action_allowed?(action_name) ⇒ Boolean
Checks if any denies are in place for an action (read or delete)
118 119 120 121 122 123 124 125 126 127 128 |
# File 'lib/volt/models/permissions.rb', line 118 def action_allowed?(action_name) # TODO: this does some unnecessary work compute_allow_and_deny(action_name).then do deny = @__deny_fields == true || (@__deny_fields && @__deny_fields.size > 0) clear_allow_and_deny !deny end end |
#allow(*fields) ⇒ Object
67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 |
# File 'lib/volt/models/permissions.rb', line 67 def allow(*fields) if @__allow_fields if @__allow_fields != true if fields.size == 0 # No field's were passed, this means we deny all @__allow_fields = true else # Fields were specified, add them to the list @__allow_fields += fields.map(&:to_sym) end end else fail 'allow should be called inside of a permissions block' end end |
#allow_and_deny_fields(action_name) ⇒ Object
Return the list of allowed fields
131 132 133 134 135 136 137 138 139 140 |
# File 'lib/volt/models/permissions.rb', line 131 def allow_and_deny_fields(action_name) compute_allow_and_deny(action_name).then do result = [@__allow_fields, @__deny_fields] clear_allow_and_deny result end end |
#deny(*fields) ⇒ Object
83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 |
# File 'lib/volt/models/permissions.rb', line 83 def deny(*fields) if @__deny_fields if @__deny_fields != true if fields.size == 0 # No field's were passed, this means we deny all @__deny_fields = true else # Fields were specified, add them to the list @__deny_fields += fields.map(&:to_sym) end end else fail 'deny should be called inside of a permissions block' end end |
#filtered_attributes ⇒ Object
Filter fields returns the attributes with any denied or not allowed fields removed based on the current user.
Run with Volt.as_user(…) to change the user
146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 |
# File 'lib/volt/models/permissions.rb', line 146 def filtered_attributes # Run the read permission check allow_and_deny_fields(:read).then do |allow, deny| result = nil if allow && allow != true && allow.size > 0 # always keep id allow << :id # Only keep fields in the allow list result = @attributes.select { |key| allow.include?(key) } elsif deny == true # Only keep id # TODO: Should this be a full reject? result = @attributes.reject { |key| key != :id } elsif deny && deny.size > 0 # Reject any in the deny list result = @attributes.reject { |key| deny.include?(key) } else result = @attributes end # Deeply filter any nested models result.then do |res| keys = [] values = [] res.each do |key, value| if value.is_a?(Model) value = value.filtered_attributes end keys << key values << value end Promise.when(*values).then do |values| keys.zip(values).to_h end end end end |
#owner?(key = :user_id) ⇒ Boolean
owner? can be called on a model to check if the currently logged in user (“‘Volt.current_user“`) is the owner of this instance.
103 104 105 106 107 |
# File 'lib/volt/models/permissions.rb', line 103 def owner?(key = :user_id) # Lookup the original user_id owner_id = was(key) || send(:"_#{key}") !owner_id.nil? && owner_id == Volt.current_user_id end |