Module: AccessGranted::Policy

Included in:: AccessPolicy

Defined in:: lib/access-granted/policy.rb

Instance Attribute Summary collapse

#cache ⇒ Object

Returns the value of attribute cache.
#roles ⇒ Object

Returns the value of attribute roles.
#user ⇒ Object readonly

Returns the value of attribute user.

Instance Method Summary collapse

Instance Attribute Details

#cache ⇒ `Object`

Returns the value of attribute cache.



3
4
5

# File 'lib/access-granted/policy.rb', line 3

def cache
  @cache
end

#roles ⇒ `Object`

Returns the value of attribute roles.



3
4
5

# File 'lib/access-granted/policy.rb', line 3

def roles
  @roles
end

#user ⇒ `Object` (readonly)

Returns the value of attribute user.



4
5
6

# File 'lib/access-granted/policy.rb', line 4

def user
  @user
end

Instance Method Details

#authorize!(action, subject) ⇒ `Object`

# File 'lib/access-granted/policy.rb', line 48

def authorize!(action, subject)
  if cannot?(action, subject)
    raise AccessDenied
  end
  subject
end

#can?(action, subject = nil) ⇒ `Boolean`

Returns:

(Boolean)

# File 'lib/access-granted/policy.rb', line 30

def can?(action, subject = nil)
  cache[action] ||= {}
  cache[action][subject] ||= check_permission(action, subject)
end

#cannot?(*args) ⇒ `Boolean`

Returns:

(Boolean)



44
45
46

# File 'lib/access-granted/policy.rb', line 44

def cannot?(*args)
  !can?(*args)
end

#check_permission(action, subject) ⇒ `Object`

# File 'lib/access-granted/policy.rb', line 35

def check_permission(action, subject)
  applicable_roles.each do |role|
    permission = role.find_permission(action, subject)
    return permission.granted if permission
  end

  false
end

#configure ⇒ `Object`



13
14

# File 'lib/access-granted/policy.rb', line 13

def configure
end

#initialize(user, cache_enabled = true) ⇒ `Object`

# File 'lib/access-granted/policy.rb', line 6

def initialize(user, cache_enabled = true)
  @user          = user
  @roles         = []
  @cache         = {}
  configure
end

#role(name, conditions_or_klass = nil, conditions = nil, &block) ⇒ `Object`

# File 'lib/access-granted/policy.rb', line 16

def role(name, conditions_or_klass = nil, conditions = nil, &block)
  name = name.to_sym
  if roles.select {|r| r.name == name }.any?
    raise DuplicateRole, "Role '#{name}' already defined"
  end
  r = if conditions_or_klass.is_a?(Class) && conditions_or_klass <= AccessGranted::Role
    conditions_or_klass.new(name, conditions, user, block)
  else
    Role.new(name, conditions_or_klass, user, block)
  end
  roles << r
  r
end

Module: AccessGranted::Policy

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#cache ⇒ Object

#roles ⇒ Object

#user ⇒ Object (readonly)

Instance Method Details

#authorize!(action, subject) ⇒ Object

#can?(action, subject = nil) ⇒ Boolean

#cannot?(*args) ⇒ Boolean

#check_permission(action, subject) ⇒ Object

#configure ⇒ Object

#initialize(user, cache_enabled = true) ⇒ Object

#role(name, conditions_or_klass = nil, conditions = nil, &block) ⇒ Object

#cache ⇒ `Object`

#roles ⇒ `Object`

#user ⇒ `Object` (readonly)

#authorize!(action, subject) ⇒ `Object`

#can?(action, subject = nil) ⇒ `Boolean`

#cannot?(*args) ⇒ `Boolean`

#check_permission(action, subject) ⇒ `Object`

#configure ⇒ `Object`

#initialize(user, cache_enabled = true) ⇒ `Object`

#role(name, conditions_or_klass = nil, conditions = nil, &block) ⇒ `Object`