Class: YaAcl::Acl

Inherits:

Object

• Object
• YaAcl::Acl

Defined in:

lib/ya_acl/acl.rb

Instance Attribute Summary

• #asserts ⇒ Object readonly

  Returns the value of attribute asserts.

• #resources ⇒ Object readonly

  Returns the value of attribute resources.

• #roles ⇒ Object readonly

  Returns the value of attribute roles.

Class Method Summary

• .instance ⇒ Object
• .instance=(v) ⇒ Object

Instance Method Summary

• #add_assert(assert) ⇒ Object
• #add_resource(resource) ⇒ Object
• #add_role(role) ⇒ Object
• #allow(resource_name, privilege_name, role_name, assert_name = nil) ⇒ Object
• #allow?(resource_name, privilege_name, roles = [], params = {}) ⇒ Boolean
• #assert(assert_name) ⇒ Object
• #check(resource_name, privilege_name, roles = [], params = {}) ⇒ Object
• #check!(resource_name, privilege_name, roles = [], params = {}) ⇒ Object
• #initialize ⇒ Acl constructor

  A new instance of Acl.

• #privilege(resource_name, privilege_name) ⇒ Object
• #resource(resource_name) ⇒ Object
• #role(role_name) ⇒ Object

Constructor Details

#initialize ⇒ Acl

Returns a new instance of Acl.

# File 'lib/ya_acl/acl.rb', line 16

def initialize()
  @acl = {}
end

Instance Attribute Details

#asserts ⇒ Object (readonly)

Returns the value of attribute asserts.

# File 'lib/ya_acl/acl.rb', line 4

def asserts
  @asserts
end

#resources ⇒ Object (readonly)

Returns the value of attribute resources.

# File 'lib/ya_acl/acl.rb', line 4

def resources
  @resources
end

#roles ⇒ Object (readonly)

Returns the value of attribute roles.

# File 'lib/ya_acl/acl.rb', line 4

def roles
  @roles
end

Class Method Details

.instance ⇒ Object

# File 'lib/ya_acl/acl.rb', line 7

def instance
  @@acl
end

.instance=(v) ⇒ Object

# File 'lib/ya_acl/acl.rb', line 11

def instance=(v)
  @@acl = v
end

Instance Method Details

#add_assert(assert) ⇒ Object

# File 'lib/ya_acl/acl.rb', line 54

def add_assert(assert)
  @asserts ||= {}
  @asserts[assert.name] = assert
end

#add_resource(resource) ⇒ Object

# File 'lib/ya_acl/acl.rb', line 32

def add_resource(resource)
  @resources ||= {}
  @resources[resource.name] = resource
end

#add_role(role) ⇒ Object

# File 'lib/ya_acl/acl.rb', line 20

def add_role(role)
  @roles ||= {}
  @roles[role.name] = role
end

#allow(resource_name, privilege_name, role_name, assert_name = nil) ⇒ Object

# File 'lib/ya_acl/acl.rb', line 66

def allow(resource_name, privilege_name, role_name, assert_name = nil)
  resource  = resource(resource_name).name
  privilege = privilege_name.to_sym
  role      = role(role_name).name

  @acl[resource] ||= {}
  @acl[resource][privilege] ||= {}
  @acl[resource][privilege][role] ||= {}
  if assert_name
    assert = assert(assert_name)
    @acl[resource][privilege][role][assert.name] = assert
  end
end

#allow?(resource_name, privilege_name, roles = [], params = {}) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/ya_acl/acl.rb', line 105

def allow?(resource_name, privilege_name, roles = [], params = {})
  check(resource_name, privilege_name, roles, params).status
end

#assert(assert_name) ⇒ Object

# File 'lib/ya_acl/acl.rb', line 59

def assert(assert_name)
  if !defined?(@asserts) || !@asserts[assert_name.to_sym]
    raise ArgumentError, "#Assert '#{assert_name}' doesn't exists"
  end
  @asserts[assert_name.to_sym]
end

#check(resource_name, privilege_name, roles = [], params = {}) ⇒ Object

# File 'lib/ya_acl/acl.rb', line 80

def check(resource_name, privilege_name, roles = [], params = {})
  a_l = privilege(resource_name, privilege_name)
  roles_for_check = a_l.keys & roles.map(&:to_sym)
  return Result.new(false) if roles_for_check.empty? # return

  role_for_result = nil
  assert_for_result = nil
  roles_for_check.each do |role|
    role_for_result = role
    asserts = a_l[role]
    return Result.new if asserts.empty? #return
    result = true
    asserts.values.each do |assert|
      assert_for_result = assert
      result = assert.allow?(params)
      break unless result
    end
    if result
      return Result.new # return
    end
  end

  Result.new(false, role_for_result, assert_for_result) # return
end

#check!(resource_name, privilege_name, roles = [], params = {}) ⇒ Object

# File 'lib/ya_acl/acl.rb', line 109

def check!(resource_name, privilege_name, roles = [], params = {})
  result = check(resource_name, privilege_name, roles, params)
  return true if result.status

  message = "Access denied for '#{resource_name}', privilege '#{privilege_name}'"
  if result.assert
    raise AssertAccessDeniedError, message + ", role '#{result.role}' and assert '#{result.assert.name}'"
  else
    raise AccessDeniedError, message + " and roles '#{roles.inspect}'"
  end
end

#privilege(resource_name, privilege_name) ⇒ Object

# File 'lib/ya_acl/acl.rb', line 44

def privilege(resource_name, privilege_name)
  r = resource(resource_name)
  p = privilege_name.to_sym
  unless @acl[r.name][p]
    raise ArgumentError, "Undefine privilege '#{privilege_name}' for resource '#{resource_name}'"
  end

  @acl[r.name][p]
end

#resource(resource_name) ⇒ Object

# File 'lib/ya_acl/acl.rb', line 37

def resource(resource_name)
  if !defined?(@resources) || !@resources[resource_name.to_sym]
    raise ArgumentError, "#Resource '#{resource_name}' doesn't exists"
  end
  @resources[resource_name.to_sym]
end

#role(role_name) ⇒ Object

# File 'lib/ya_acl/acl.rb', line 25

def role(role_name)
  if !defined?(@roles) || !@roles[role_name.to_sym]
    raise ArgumentError, "#Role '#{role_name}' doesn't exists"
  end
  @roles[role_name.to_sym]
end