Module: Zuul::ActiveRecord::Role::PermissionMethods
- Defined in:
- lib/zuul/active_record/role.rb
Instance Method Summary collapse
-
#assign_permission(permission, context = nil, force_context = nil) ⇒ Object
Assigns a permission to a role within the provided context.
-
#has_permission?(permission, context = nil, force_context = nil) ⇒ Boolean
(also: #permission?, #can?, #allowed_to?)
Checks whether a role has a permission within the provided context.
-
#permissions_for(context = nil, force_context = nil) ⇒ Object
Returns all permissions possessed by the role within the provided context.
-
#permissions_for?(context = nil, force_context = nil) ⇒ Boolean
Check whether the role possesses any permissions within the specified context.
-
#unassign_permission(permission, context = nil, force_context = nil) ⇒ Object
(also: #remove_permission)
Removes a permission from a role within the provided context.
Instance Method Details
#assign_permission(permission, context = nil, force_context = nil) ⇒ Object
Assigns a permission to a role within the provided context.
If a Permission object is provided it’s used directly, otherwise if a permission slug is provided, the permission is looked up in the context chain by target_permission.
52 53 54 55 56 57 58 59 60 |
# File 'lib/zuul/active_record/role.rb', line 52 def (, context=nil, force_context=nil) auth_scope do context = Zuul::Context.parse(context) target = (, context, force_context) return false unless verify_target_context(target, context, force_context) && verify_target_context(self, context, false) && .where(role_foreign_key.to_sym => id, .to_sym => target.id, :context_type => context.class_name, :context_id => context.id).limit(1).first.nil? return .create(role_foreign_key.to_sym => id, .to_sym => target.id, :context_type => context.class_name, :context_id => context.id) end end |
#has_permission?(permission, context = nil, force_context = nil) ⇒ Boolean Also known as: permission?, can?, allowed_to?
Checks whether a role has a permission within the provided context.
If a Permission object is provided it’s used directly, otherwise if a permission slug is provided, the permission is looked up in the context chain by target_permission.
The assigned context behaves the same way, in that if the permission is not found to belong to the role with the specified context, we look up the context chain.
TODO add options to force context, not go up the chain
90 91 92 93 94 95 96 97 98 99 100 101 102 103 |
# File 'lib/zuul/active_record/role.rb', line 90 def (, context=nil, force_context=nil) auth_scope do force_context ||= config.force_context context = Zuul::Context.parse(context) target = (, context, force_context) return false if target.nil? return true unless (context.id.nil? && !force_context) || .where(role_foreign_key.to_sym => id, .to_sym => target.id, :context_type => context.class_name, :context_id => context.id).first.nil? unless force_context return true unless context.class_name.nil? || .where(role_foreign_key.to_sym => id, .to_sym => target.id, :context_type => context.class_name, :context_id => nil).first.nil? return !.where(role_foreign_key.to_sym => id, .to_sym => target.id, :context_type => nil, :context_id => nil).first.nil? end end end |
#permissions_for(context = nil, force_context = nil) ⇒ Object
Returns all permissions possessed by the role within the provided context.
109 110 111 112 113 114 115 116 117 118 119 |
# File 'lib/zuul/active_record/role.rb', line 109 def (context=nil, force_context=nil) auth_scope do force_context ||= config.force_context context = Zuul::Context.parse(context) if force_context return .joins().where( => {role_foreign_key.to_sym => id, :context_type => context.class_name, :context_id => context.id}) else return .joins("LEFT JOIN #{} ON #{}.#{} = #{}.id").where("#{}.#{role_foreign_key} = ? AND (#{}.context_type #{sql_is_or_equal(context.class_name)} ? OR #{}.context_type IS NULL) AND (#{}.context_id #{sql_is_or_equal(context.id)} ? OR #{}.context_id IS NULL)", id, context.class_name, context.id) end end end |
#permissions_for?(context = nil, force_context = nil) ⇒ Boolean
Check whether the role possesses any permissions within the specified context.
122 123 124 |
# File 'lib/zuul/active_record/role.rb', line 122 def (context=nil, force_context=nil) (context, force_context).count > 0 end |
#unassign_permission(permission, context = nil, force_context = nil) ⇒ Object Also known as: remove_permission
Removes a permission from a role within the provided context.
If a Permission object is provided it’s used directly, otherwise if a permission slug is provided, the permission is looked up in the context chain by target_permission.
67 68 69 70 71 72 73 74 75 76 77 |
# File 'lib/zuul/active_record/role.rb', line 67 def (, context=nil, force_context=nil) auth_scope do context = Zuul::Context.parse(context) target = (, context, force_context) return false if target.nil? = .where(role_foreign_key.to_sym => id, .to_sym => target.id, :context_type => context.class_name, :context_id => context.id).limit(1).first return false if .nil? return .destroy end end |