Module: Permit::Models::PersonExtensions::PersonInstanceMethods

Defined in:
lib/models/person.rb

Instance Method Summary (collapse)

Instance Method Details

- (true) authorize(roles, resource = nil)

Authorizes the current person for all of the roles for the given resource, skipping any authorizations that the person already has. If there are any issues with the authorization an error will be raised.

The authorizations are run in a transaction. If an error is raised, all authorizations for the call will be rolled back.

Parameters:

  • roles (permit_role, String, Symbol, <permit_role, String, Symbol>)

    the roles to authorize the person on.

  • resource (permit_authorizable, nil) (defaults to: nil)

    the resource to authorize the person on.

Returns:

  • (true)

    true if no errors occur during authorization.



78
79
80
81
82
83
84
85
86
87
88
89
90
91
 
# File 'lib/models/person.rb', line 78

def authorize(roles, resource = nil)
  Permit::Config.authorization_class.transaction do
    permit_arrayify(roles).each do |r|
      role = get_role(r)
      next if authorized?(role, resource)

      authz = permit_authorizations_proxy.build
      authz.send("#{Permit::Config.role_class.class_symbol}=", role)
      authz.resource = resource
      authz.save!
    end
  end
  return true
end

- (true, false) authorized?(roles, resources)

Determines if the current person is authorized for any of the given role(s) and resource.

Parameters:

  • roles (Role, String, Symbol, <Role, String, Symbol>)

    the roles to check for authorization on.

  • resources (Authorizable, nil, :any, <Authorizable, nil>)

    the resources to check for authorization on.

Returns:

  • (true, false)

    true if the person is authorized on any of the a roles, false otherwise.



31
32
33
34
35
36
37
38
39
 
# File 'lib/models/person.rb', line 31

def authorized?(roles, resources)
  permit_arrayify(roles).each do |r|
    role = get_role(r)
    next unless role
    conditions = authorization_conditions(role, resources)
    return true if permit_authorizations_proxy.exists?(conditions)
  end
  return false
end

- (true, false) authorized_all?(roles, resources)

Determines if the current person is authorized for all of the given roles and resource.

Parameters:

  • roles (permit_role, String, Symbol, <permit_role, String, Symbol>)

    the roles to check for authorization on.

  • resources (permit_authorizable, nil, :any, <permit_authorizable, nil>)

    the resources to check for authorization on.

Returns:

  • (true, false)

    true if the person is authorized on all of the a roles, false otherwise.



50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
 
# File 'lib/models/person.rb', line 50

def authorized_all?(roles, resources)
  permit_arrayify(roles).each do |r|
    role = get_role(r)
    return false unless role
    conditions = authorization_conditions(role, resources)
    if resources == :any
      # No idea how many authz they should have. As long as they have 
      # something, that's good enough.
      return false unless permit_authorizations_proxy.exists?(conditions)
    else
      return false unless permit_authorizations_proxy.count(:conditions => conditions) == permit_arrayify(resources).size
    end
  end
  return true
end

- (Object) remove_authorizations(roles, resource) (protected) 



144
145
146
147
148
149
 
# File 'lib/models/person.rb', line 144

def remove_authorizations(roles, resource)
  Permit::Config.authorization_class.transaction do
    conditions = authorization_conditions(roles, resource, self)
    yield conditions
  end
end

- (<permit_authorization>) revoke(roles, resource)

Revokes existing authorizations from the current person for the given roles and resource. If there are any issues with the revocation an error will be raised. Otherwise, the operation will return an Array of the Authorizations affected by the operation.

This operation uses ActiveRecord's destroy_all method. For more information on what this means, please reference the ActiveRecord documentation.

The revocations are run in a transaction. If an error is raised, all revocations for the call will be rolled back.

Parameters:

  • roles (permit_role, String, Symbol, <permit_role, String, Symbol>)

    the roles to revoke from the person.

  • resource (permit_authorizable, nil, :any)

    the resource to revoke roles for. If :any is given then any authorizations for the roles will be revoked.

Returns:

  • (<permit_authorization>)

    the authorizations that were revoked.

Raises:

  • any errors that ActiveRecord encounters during processing.



112
113
114
115
116
 
# File 'lib/models/person.rb', line 112

def revoke(roles, resource)
  remove_authorizations roles, resource do |conditions|
    Permit::Config.authorization_class.destroy_all conditions
  end
end

- (Fixnum) revoke!(roles, resource)

Revokes existing authorizations from the current person for the given roles and resource. If there are any issues with the revocation an error will be raised. Otherwise, the operation will return the number of authorizations affected.

This operation uses ActiveRecord's delete_all method. For more information on what this means, please reference the ActiveRecord documentation.

The revocations are run in a transaction. If an error is raised, all revocations for the call will be rolled back.

Parameters:

  • roles (permit_role, String, Symbol, <permit_role, String, Symbol>)

    the roles to revoke from the person.

  • resource (permit_authorizable, nil, :any)

    the resource to revoke roles for. If :any is given then any authorizations for the roles will be revoked.

Returns:

  • (Fixnum)

    the number of authorizations revoked.

Raises:

  • any errors that ActiveRecord encounters during processing.



137
138
139
140
141
 
# File 'lib/models/person.rb', line 137

def revoke!(roles, resource)
  remove_authorizations roles, resource do |conditions|
    Permit::Config.authorization_class.delete_all conditions
  end
end