Module: Zuul::ActiveRecord::Role::PermissionMethods

Defined in:

lib/zuul/active_record/role.rb

Instance Method Summary

• #assign_permission(permission, context = nil, force_context = nil) ⇒ Object

  Assigns a permission to a role within the provided context.

• #has_permission?(permission, context = nil, force_context = nil) ⇒ Boolean (also: #permission?, #can?, #allowed_to?)

  Checks whether a role has a permission within the provided context.

• #permissions_for(context = nil, force_context = nil) ⇒ Object

  Returns all permissions possessed by the role within the provided context.

• #permissions_for?(context = nil, force_context = nil) ⇒ Boolean

  Check whether the role possesses any permissions within the specified context.

• #unassign_permission(permission, context = nil, force_context = nil) ⇒ Object (also: #remove_permission)

  Removes a permission from a role within the provided context.

Instance Method Details

#assign_permission(permission, context = nil, force_context = nil) ⇒ Object

Assigns a permission to a role within the provided context.

If a Permission object is provided it’s used directly, otherwise if a permission slug is provided, the permission is looked up in the context chain by target_permission.

# File 'lib/zuul/active_record/role.rb', line 52

def assign_permission(permission, context=nil, force_context=nil)
  auth_scope do
    context = Zuul::Context.parse(context)
    target = target_permission(permission, context, force_context)
    return false unless verify_target_context(target, context, force_context) && verify_target_context(self, context, false) && permission_role_class.where(role_foreign_key.to_sym => id, permission_foreign_key.to_sym => target.id, :context_type => context.class_name, :context_id => context.id).limit(1).first.nil?

    return permission_role_class.create(role_foreign_key.to_sym => id, permission_foreign_key.to_sym => target.id, :context_type => context.class_name, :context_id => context.id)
  end
end

#has_permission?(permission, context = nil, force_context = nil) ⇒ Boolean Also known as: permission?, can?, allowed_to?

Checks whether a role has a permission within the provided context.

If a Permission object is provided it’s used directly, otherwise if a permission slug is provided, the permission is looked up in the context chain by target_permission.

The assigned context behaves the same way, in that if the permission is not found to belong to the role with the specified context, we look up the context chain.

TODO add options to force context, not go up the chain

Returns:

• (Boolean)

# File 'lib/zuul/active_record/role.rb', line 90

def has_permission?(permission, context=nil, force_context=nil)
  auth_scope do
    force_context ||= config.force_context
    context = Zuul::Context.parse(context)
    target = target_permission(permission, context, force_context)
    return false if target.nil?

    return true unless (context.id.nil? && !force_context) || permission_role_class.where(role_foreign_key.to_sym => id, permission_foreign_key.to_sym => target.id, :context_type => context.class_name, :context_id => context.id).first.nil?
    unless force_context
      return true unless context.class_name.nil? || permission_role_class.where(role_foreign_key.to_sym => id, permission_foreign_key.to_sym => target.id, :context_type => context.class_name, :context_id => nil).first.nil?
      return !permission_role_class.where(role_foreign_key.to_sym => id, permission_foreign_key.to_sym => target.id, :context_type => nil, :context_id => nil).first.nil?
    end
  end
end

#permissions_for(context = nil, force_context = nil) ⇒ Object

Returns all permissions possessed by the role within the provided context.

# File 'lib/zuul/active_record/role.rb', line 109

def permissions_for(context=nil, force_context=nil)
  auth_scope do
    force_context ||= config.force_context
    context = Zuul::Context.parse(context)
    if force_context
      return permission_class.joins(permission_role_plural_key).where(permission_role_plural_key => {role_foreign_key.to_sym => id, :context_type => context.class_name, :context_id => context.id})
    else
      return permission_class.joins("LEFT JOIN #{permission_roles_table_name} ON #{permission_roles_table_name}.#{permission_foreign_key} = #{permissions_table_name}.id").where("#{permission_roles_table_name}.#{role_foreign_key} = ? AND (#{permission_roles_table_name}.context_type #{sql_is_or_equal(context.class_name)} ? OR #{permission_roles_table_name}.context_type IS NULL) AND (#{permission_roles_table_name}.context_id #{sql_is_or_equal(context.id)} ? OR #{permission_roles_table_name}.context_id IS NULL)", id, context.class_name, context.id)
    end
  end
end

#permissions_for?(context = nil, force_context = nil) ⇒ Boolean

Check whether the role possesses any permissions within the specified context.

Returns:

• (Boolean)

# File 'lib/zuul/active_record/role.rb', line 122

def permissions_for?(context=nil, force_context=nil)
  permissions_for(context, force_context).count > 0
end

#unassign_permission(permission, context = nil, force_context = nil) ⇒ Object Also known as: remove_permission

Removes a permission from a role within the provided context.

If a Permission object is provided it’s used directly, otherwise if a permission slug is provided, the permission is looked up in the context chain by target_permission.

# File 'lib/zuul/active_record/role.rb', line 67

def unassign_permission(permission, context=nil, force_context=nil)
  auth_scope do
    context = Zuul::Context.parse(context)
    target = target_permission(permission, context, force_context)
    return false if target.nil?

    assigned_permission = permission_role_class.where(role_foreign_key.to_sym => id, permission_foreign_key.to_sym => target.id, :context_type => context.class_name, :context_id => context.id).limit(1).first
    return false if assigned_permission.nil?
    return assigned_permission.destroy
  end
end