Module: Volt::Model::Permissions

Included in:

Volt::Model

Defined in:

lib/volt/models/permissions.rb

Overview

The permissions module provides helpers for working with Volt permissions.

Defined Under Namespace

Modules: ClassMethods

Class Method Summary

• .included(base) ⇒ Object

Instance Method Summary

• #action_allowed?(action_name) ⇒ Boolean

  Checks if any denies are in place for an action (read or delete).

• #allow(*fields) ⇒ Object
• #allow_and_deny_fields(action_name) ⇒ Object

  Return the list of allowed fields.

• #deny(*fields) ⇒ Object
• #filtered_attributes ⇒ Object

  Filter fields returns the attributes with any denied or not allowed fields removed based on the current user.

• #owner?(key = :user_id) ⇒ Boolean

  owner? can be called on a model to check if the currently logged in user (“‘Volt.current_user“`) is the owner of this instance.

Class Method Details

.included(base) ⇒ Object

# File 'lib/volt/models/permissions.rb', line 62

def self.included(base)
  base.send(:extend, ClassMethods)
  base.class_attribute :__permissions__
end

Instance Method Details

#action_allowed?(action_name) ⇒ Boolean

Checks if any denies are in place for an action (read or delete)

Returns:

• (Boolean)

# File 'lib/volt/models/permissions.rb', line 118

def action_allowed?(action_name)
  # TODO: this does some unnecessary work
  compute_allow_and_deny(action_name).then do

    deny = @__deny_fields == true || (@__deny_fields && @__deny_fields.size > 0)

    clear_allow_and_deny

    !deny
  end
end

#allow(*fields) ⇒ Object

# File 'lib/volt/models/permissions.rb', line 67

def allow(*fields)
  if @__allow_fields
    if @__allow_fields != true
      if fields.size == 0
        # No field's were passed, this means we deny all
        @__allow_fields = true
      else
        # Fields were specified, add them to the list
        @__allow_fields += fields.map(&:to_sym)
      end
    end
  else
    fail 'allow should be called inside of a permissions block'
  end
end

#allow_and_deny_fields(action_name) ⇒ Object

Return the list of allowed fields

# File 'lib/volt/models/permissions.rb', line 131

def allow_and_deny_fields(action_name)
  compute_allow_and_deny(action_name).then do

    result = [@__allow_fields, @__deny_fields]

    clear_allow_and_deny

    result
  end
end

#deny(*fields) ⇒ Object

# File 'lib/volt/models/permissions.rb', line 83

def deny(*fields)
  if @__deny_fields
    if @__deny_fields != true
      if fields.size == 0
        # No field's were passed, this means we deny all
        @__deny_fields = true
      else
        # Fields were specified, add them to the list
        @__deny_fields += fields.map(&:to_sym)
      end
    end
  else
    fail 'deny should be called inside of a permissions block'
  end
end

#filtered_attributes ⇒ Object

Filter fields returns the attributes with any denied or not allowed fields removed based on the current user.

Run with Volt.as_user(…) to change the user

# File 'lib/volt/models/permissions.rb', line 146

def filtered_attributes
  # Run the read permission check
  allow_and_deny_fields(:read).then do |allow, deny|

    result = nil

    if allow && allow != true && allow.size > 0
      # always keep id
      allow << :id

      # Only keep fields in the allow list
      result = @attributes.select { |key| allow.include?(key) }
    elsif deny == true
      # Only keep id
      # TODO: Should this be a full reject?
      result = @attributes.reject { |key| key != :id }
    elsif deny && deny.size > 0
      # Reject any in the deny list
      result = @attributes.reject { |key| deny.include?(key) }
    else
      result = @attributes
    end

    # Deeply filter any nested models
    result.then do |res|
      keys = []
      values = []
      res.each do |key, value|
        if value.is_a?(Model)
          value = value.filtered_attributes
        end
        keys << key
        values << value
      end

      Promise.when(*values).then do |values|
        keys.zip(values).to_h
      end
    end
  end
end

#owner?(key = :user_id) ⇒ Boolean

owner? can be called on a model to check if the currently logged in user (“‘Volt.current_user“`) is the owner of this instance.

Parameters:

• key (Symbol) (defaults to: :user_id) —

  the name of the attribute where the user_id is stored

Returns:

• (Boolean)

# File 'lib/volt/models/permissions.rb', line 103

def owner?(key = :user_id)
  # Lookup the original user_id
  owner_id = was(key) || send(:"_#{key}")
  !owner_id.nil? && owner_id == Volt.current_user_id
end