Module: Zuul::ActiveRecord::Subject::PermissionMethods::InstanceMethods

Defined in:

lib/zuul/active_record/subject.rb

Instance Method Summary

• #assign_permission(permission, context = nil, force_context = nil) ⇒ Object

  Assigns a permission to a subject within the provided context.

• #has_permission?(permission, context = nil, force_context = nil) ⇒ Boolean (also: #permission?, #can?, #allowed_to?)

  Checks whether a subject has a permission within the provided context.

• #permissions_for(context = nil, force_context = nil) ⇒ Object

  Returns all permissions possessed by the subject within the provided context.

• #permissions_for?(context = nil, force_context = nil) ⇒ Boolean

  Check whether the subject possesses any permissions within the specified context.

• #unassign_permission(permission, context = nil, force_context = nil) ⇒ Object (also: #remove_permission)

  Removes a permission from a subject within the provided context.

Instance Method Details

#assign_permission(permission, context = nil, force_context = nil) ⇒ Object

Assigns a permission to a subject within the provided context.

If a Permission object is provided it’s used directly, otherwise if a permission slug is provided, the permission is looked up in the context chain by target_permission.

# File 'lib/zuul/active_record/subject.rb', line 151

def assign_permission(permission, context=nil, force_context=nil)
  auth_scope do
    context = Zuul::Context.parse(context)
    target = target_permission(permission, context, force_context)
    return false unless verify_target_context(target, context, force_context) && permission_subject_class.where(subject_foreign_key.to_sym => id, permission_foreign_key.to_sym => target.id, :context_type => context.class_name, :context_id => context.id).limit(1).first.nil?

    return permission_subject_class.create(subject_foreign_key.to_sym => id, permission_foreign_key.to_sym => target.id, :context_type => context.class_name, :context_id => context.id)
  end
end

#has_permission?(permission, context = nil, force_context = nil) ⇒ Boolean Also known as: permission?, can?, allowed_to?

Checks whether a subject has a permission within the provided context.

If a Permission object is provided it’s used directly, otherwise if a permission slug is provided, the permission is looked up in the context chain by target_permission.

The assigned context behaves the same way, in that if the permission is not found to belong to the subject with the specified context, we look up the context chain.

Permissions belonging to roles possessed by the subject are also included.

Returns:

• (Boolean)

# File 'lib/zuul/active_record/subject.rb', line 189

def has_permission?(permission, context=nil, force_context=nil)
  auth_scope do
    force_context ||= config.force_context
    context = Zuul::Context.parse(context)
    target = target_permission(permission, context, force_context)
    return false if target.nil?

    return true unless (context.id.nil? && !force_context) || permission_subject_class.where(subject_foreign_key.to_sym => id, permission_foreign_key.to_sym => target.id, :context_type => context.class_name, :context_id => context.id).first.nil?
    unless force_context
      return true unless context.class_name.nil? || permission_subject_class.where(subject_foreign_key.to_sym => id, permission_foreign_key.to_sym => target.id, :context_type => context.class_name, :context_id => nil).first.nil?
      return true unless permission_subject_class.where(subject_foreign_key.to_sym => id, permission_foreign_key.to_sym => target.id, :context_type => nil, :context_id => nil).first.nil?
    end

    return true unless (context.id.nil? && !force_context) || permission_role_class.where(role_foreign_key.to_sym => roles_for(context).map(&:id), permission_foreign_key.to_sym => target.id, :context_type => context.class_name, :context_id => context.id).first.nil?
    return false if force_context
    return true unless context.class_name.nil? || permission_role_class.where(role_foreign_key.to_sym => roles_for(context).map(&:id), permission_foreign_key.to_sym => target.id, :context_type => context.class_name, :context_id => nil).first.nil?
    return !permission_role_class.where(role_foreign_key.to_sym => roles_for(context).map(&:id), permission_foreign_key.to_sym => target.id, :context_type => nil, :context_id => nil).first.nil?
  end
end

#permissions_for(context = nil, force_context = nil) ⇒ Object

Returns all permissions possessed by the subject within the provided context.

This includes permissions assigned directly to the subject or any roles possessed by the subject, as well as all permissions found by looking up the context chain.

# File 'lib/zuul/active_record/subject.rb', line 216

def permissions_for(context=nil, force_context=nil)
  auth_scope do
    force_context ||= config.force_context
    context = Zuul::Context.parse(context)
    if force_context
      return permission_class.joins("LEFT JOIN #{permission_roles_table_name} ON #{permission_roles_table_name}.#{permission_foreign_key} = #{permissions_table_name}.id LEFT JOIN #{permission_subjects_table_name} ON #{permission_subjects_table_name}.#{permission_foreign_key} = #{permissions_table_name}.id").where("(#{permission_subjects_table_name}.#{subject_foreign_key} = ? AND #{permission_subjects_table_name}.context_type #{sql_is_or_equal(context.class_name)} ? AND #{permission_subjects_table_name}.context_id #{sql_is_or_equal(context.id)} ?) OR (#{permission_roles_table_name}.#{role_foreign_key} IN (?) AND #{permission_roles_table_name}.context_type #{sql_is_or_equal(context.class_name)} ? AND #{permission_roles_table_name}.context_id #{sql_is_or_equal(context.id)} ?)", id, context.class_name, context.id, roles_for(context).map(&:id), context.class_name, context.id)
    else
      return permission_class.joins("LEFT JOIN #{permission_roles_table_name} ON #{permission_roles_table_name}.#{permission_foreign_key} = #{permissions_table_name}.id LEFT JOIN #{permission_subjects_table_name} ON #{permission_subjects_table_name}.#{permission_foreign_key} = #{permissions_table_name}.id").where("(#{permission_subjects_table_name}.#{subject_foreign_key} = ? AND (#{permission_subjects_table_name}.context_type #{sql_is_or_equal(context.class_name)} ? OR #{permission_subjects_table_name}.context_type IS NULL) AND (#{permission_subjects_table_name}.context_id #{sql_is_or_equal(context.id)} ? OR #{permission_subjects_table_name}.context_id IS NULL)) OR (#{permission_roles_table_name}.#{role_foreign_key} IN (?) AND (#{permission_roles_table_name}.context_type #{sql_is_or_equal(context.class_name)} ? OR #{permission_roles_table_name}.context_type IS NULL) AND (#{permission_roles_table_name}.context_id #{sql_is_or_equal(context.id)} ? OR #{permission_roles_table_name}.context_id IS NULL))", id, context.class_name, context.id, roles_for(context).map(&:id), context.class_name, context.id)
    end
  end
end

#permissions_for?(context = nil, force_context = nil) ⇒ Boolean

Check whether the subject possesses any permissions within the specified context.

This includes permissions assigned directly to the subject or any roles possessed by the subject, as well as all permissions found by looking up the context chain.

Returns:

• (Boolean)

# File 'lib/zuul/active_record/subject.rb', line 232

def permissions_for?(context=nil, force_context=nil)
  permissions_for(context, force_context).count > 0
end

#unassign_permission(permission, context = nil, force_context = nil) ⇒ Object Also known as: remove_permission

Removes a permission from a subject within the provided context.

If a Permission object is provided it’s used directly, otherwise if a permission slug is provided, the permission is looked up in the context chain by target_permission.

# File 'lib/zuul/active_record/subject.rb', line 166

def unassign_permission(permission, context=nil, force_context=nil)
  auth_scope do
    context = Zuul::Context.parse(context)
    target = target_permission(permission, context, force_context)
    return false if target.nil?
    
    assigned_permission = permission_subject_class.where(subject_foreign_key.to_sym => id, permission_foreign_key.to_sym => target.id, :context_type => context.class_name, :context_id => context.id).limit(1).first
    return false if assigned_permission.nil?
    return assigned_permission.destroy
  end
end