Method: Permit::PermitRule#initialize

Defined in:
lib/permit/permit_rule.rb

- (PermitRule) initialize(roles, options = {})

Creates a new PermitRule.

:if and :unless conditions may be evaluated for static, dynamic, and named authorizations. They are evaluated after the other rule checks are applied, and only if the rule still matches. The conditionals may make a matching rule not match, but will not make an unmatched rule match. If both :if and :unless are given the :if condition is run first, and if the rule still matches the :unless will be run.

Parameters:

  • roles (:person, :guest, :everyone, Symbol, <Symbol>)

    the role(s) to test against.

    • :person - current_person.guest? == false This person should be authenticated. This indicates a dynamic authorization.

    • :guest - current_person.guest? == true This is a person that is not authenticated. This is a static authorization.

    • :everyone - Any user of the system. This is a static authorization.

    • Symbol/<Symbol> - This is the key or keys of any of the role(s) to match against in the database. This indicates a named authorization.

  • options (Hash) (defaults to: {})

    the options to use to configure the authorization.

Options Hash (options):

  • :who (Symbol)

    Indicates that a method should be checked on the target object to authorize. Checks a variety of possibilities, taking the first variation that the target responds to.

    When the symbol is prefixed with 'is_' then multiple methods will be tried passing the person in. The methods tried for :is_owner would be is_owner(), is_owner?(), owner(), owner, owners.exist?(). If this option is given :of/:on must also be given.

  • :that (Symbol)

    alias for :who

  • :of (Symbol, nil, :any, <Symbol, nil>)

    The name of the instance variable(s) to use as the target resource(s).

    In a dynamic authorization this is the object that will be tested using the value of :who/:that.

    In a named authorization this is the resource the person must be authorized on for one or more of the roles. :any may be given to indicate a match if the person has one of the roles for any resource. If not given, or set to nil, then the match will apply to a person that has a matching role authorization for a nil resource.

  • :on (Symbol, nil, :any, <Symbol, nil>)

    alias for :of

  • :if (Symbol, String, Proc)

    code to evaluate at the end of the match if it is still valid. If it returns false, the rule will not match. If a proc if given, it will be passed the current subject and binding. A method will be called without any arguments.

  • :unless (Symbol, String, Proc)

    code to evaluate at the end of the match if it is still valid. If it returns true, the rule will not match. If a proc if given, it will be passed the current subject and binding. A method will be called without any arguments.

Raises:



61
62
63
64
65
66
67
68
69
70
71
72
73
 
# File 'lib/permit/permit_rule.rb', line 61

def initialize(roles, options = {})
  options.assert_valid_keys *VALID_OPTION_KEYS

  @roles = validate_roles(roles).freeze

  validate_options options

  @method = options[:who] || options[:that]
  @target_vars = permit_arrayify(options[:of] || options[:on]).uniq.freeze

  @if = options[:if]
  @unless = options[:unless]
end

Comments