Module: Zuul::ActiveRecord::Subject::PermissionMethods::InstanceMethods
- Defined in:
- lib/zuul/active_record/subject.rb
Instance Method Summary collapse
-
#assign_permission(permission, context = nil, force_context = nil) ⇒ Object
Assigns a permission to a subject within the provided context.
-
#has_permission?(permission, context = nil, force_context = nil) ⇒ Boolean
(also: #permission?, #can?, #allowed_to?)
Checks whether a subject has a permission within the provided context.
-
#permissions_for(context = nil, force_context = nil) ⇒ Object
Returns all permissions possessed by the subject within the provided context.
-
#permissions_for?(context = nil, force_context = nil) ⇒ Boolean
Check whether the subject possesses any permissions within the specified context.
-
#unassign_permission(permission, context = nil, force_context = nil) ⇒ Object
(also: #remove_permission)
Removes a permission from a subject within the provided context.
Instance Method Details
#assign_permission(permission, context = nil, force_context = nil) ⇒ Object
Assigns a permission to a subject within the provided context.
If a Permission object is provided it’s used directly, otherwise if a permission slug is provided, the permission is looked up in the context chain by target_permission.
151 152 153 154 155 156 157 158 159 |
# File 'lib/zuul/active_record/subject.rb', line 151 def (, context=nil, force_context=nil) auth_scope do context = Zuul::Context.parse(context) target = (, context, force_context) return false unless verify_target_context(target, context, force_context) && .where(subject_foreign_key.to_sym => id, .to_sym => target.id, :context_type => context.class_name, :context_id => context.id).limit(1).first.nil? return .create(subject_foreign_key.to_sym => id, .to_sym => target.id, :context_type => context.class_name, :context_id => context.id) end end |
#has_permission?(permission, context = nil, force_context = nil) ⇒ Boolean Also known as: permission?, can?, allowed_to?
Checks whether a subject has a permission within the provided context.
If a Permission object is provided it’s used directly, otherwise if a permission slug is provided, the permission is looked up in the context chain by target_permission.
The assigned context behaves the same way, in that if the permission is not found to belong to the subject with the specified context, we look up the context chain.
Permissions belonging to roles possessed by the subject are also included.
189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 |
# File 'lib/zuul/active_record/subject.rb', line 189 def (, context=nil, force_context=nil) auth_scope do force_context ||= config.force_context context = Zuul::Context.parse(context) target = (, context, force_context) return false if target.nil? return true unless (context.id.nil? && !force_context) || .where(subject_foreign_key.to_sym => id, .to_sym => target.id, :context_type => context.class_name, :context_id => context.id).first.nil? unless force_context return true unless context.class_name.nil? || .where(subject_foreign_key.to_sym => id, .to_sym => target.id, :context_type => context.class_name, :context_id => nil).first.nil? return true unless .where(subject_foreign_key.to_sym => id, .to_sym => target.id, :context_type => nil, :context_id => nil).first.nil? end return true unless (context.id.nil? && !force_context) || .where(role_foreign_key.to_sym => roles_for(context).map(&:id), .to_sym => target.id, :context_type => context.class_name, :context_id => context.id).first.nil? return false if force_context return true unless context.class_name.nil? || .where(role_foreign_key.to_sym => roles_for(context).map(&:id), .to_sym => target.id, :context_type => context.class_name, :context_id => nil).first.nil? return !.where(role_foreign_key.to_sym => roles_for(context).map(&:id), .to_sym => target.id, :context_type => nil, :context_id => nil).first.nil? end end |
#permissions_for(context = nil, force_context = nil) ⇒ Object
Returns all permissions possessed by the subject within the provided context.
This includes permissions assigned directly to the subject or any roles possessed by the subject, as well as all permissions found by looking up the context chain.
216 217 218 219 220 221 222 223 224 225 226 |
# File 'lib/zuul/active_record/subject.rb', line 216 def (context=nil, force_context=nil) auth_scope do force_context ||= config.force_context context = Zuul::Context.parse(context) if force_context return .joins("LEFT JOIN #{} ON #{}.#{} = #{}.id LEFT JOIN #{} ON #{}.#{} = #{}.id").where("(#{}.#{subject_foreign_key} = ? AND #{}.context_type #{sql_is_or_equal(context.class_name)} ? AND #{}.context_id #{sql_is_or_equal(context.id)} ?) OR (#{}.#{role_foreign_key} IN (?) AND #{}.context_type #{sql_is_or_equal(context.class_name)} ? AND #{}.context_id #{sql_is_or_equal(context.id)} ?)", id, context.class_name, context.id, roles_for(context).map(&:id), context.class_name, context.id) else return .joins("LEFT JOIN #{} ON #{}.#{} = #{}.id LEFT JOIN #{} ON #{}.#{} = #{}.id").where("(#{}.#{subject_foreign_key} = ? AND (#{}.context_type #{sql_is_or_equal(context.class_name)} ? OR #{}.context_type IS NULL) AND (#{}.context_id #{sql_is_or_equal(context.id)} ? OR #{}.context_id IS NULL)) OR (#{}.#{role_foreign_key} IN (?) AND (#{}.context_type #{sql_is_or_equal(context.class_name)} ? OR #{}.context_type IS NULL) AND (#{}.context_id #{sql_is_or_equal(context.id)} ? OR #{}.context_id IS NULL))", id, context.class_name, context.id, roles_for(context).map(&:id), context.class_name, context.id) end end end |
#permissions_for?(context = nil, force_context = nil) ⇒ Boolean
Check whether the subject possesses any permissions within the specified context.
This includes permissions assigned directly to the subject or any roles possessed by the subject, as well as all permissions found by looking up the context chain.
232 233 234 |
# File 'lib/zuul/active_record/subject.rb', line 232 def (context=nil, force_context=nil) (context, force_context).count > 0 end |
#unassign_permission(permission, context = nil, force_context = nil) ⇒ Object Also known as: remove_permission
Removes a permission from a subject within the provided context.
If a Permission object is provided it’s used directly, otherwise if a permission slug is provided, the permission is looked up in the context chain by target_permission.
166 167 168 169 170 171 172 173 174 175 176 |
# File 'lib/zuul/active_record/subject.rb', line 166 def (, context=nil, force_context=nil) auth_scope do context = Zuul::Context.parse(context) target = (, context, force_context) return false if target.nil? = .where(subject_foreign_key.to_sym => id, .to_sym => target.id, :context_type => context.class_name, :context_id => context.id).limit(1).first return false if .nil? return .destroy end end |