Class: AccessPolicy::PolicyCheck

Inherits:

Object

• Object
• AccessPolicy::PolicyCheck

Defined in:

lib/access_policy/policy_check.rb

Instance Attribute Summary

• #default_error_policy ⇒ Object

  Returns the value of attribute default_error_policy.

• #scope_storage ⇒ Object

  Returns the value of attribute scope_storage.

Instance Method Summary

• #authorize(object_to_guard, action_to_guard, error_policy: default_error_policy) ⇒ Object
• #current_user_or_role_for_policy ⇒ Object
• #current_user_or_role_for_policy=(new_user) ⇒ Object
• #initialize(default_error_policy: ->(*) { raise }, scope_storage: ScopedStorage::ThreadLocalStorage) ⇒ PolicyCheck constructor

  A new instance of PolicyCheck.

• #policy_authorized=(new_value) ⇒ Object
• #policy_authorized? ⇒ Boolean
• #policy_for(object_or_class, error_policy = default_error_policy) ⇒ Object
• #with_user_or_role(new_current_user_or_role_for_policy, error_policy = default_error_policy) ⇒ Object

Constructor Details

#initialize(default_error_policy: ->(*) { raise }, scope_storage: ScopedStorage::ThreadLocalStorage) ⇒ PolicyCheck

Returns a new instance of PolicyCheck.

# File 'lib/access_policy/policy_check.rb', line 7

def initialize(default_error_policy: ->(*) { raise },
    scope_storage: ScopedStorage::ThreadLocalStorage)

  self.default_error_policy = default_error_policy
  self.scope_storage = scope_storage
end

Instance Attribute Details

#default_error_policy ⇒ Object

Returns the value of attribute default_error_policy.

# File 'lib/access_policy/policy_check.rb', line 5

def default_error_policy
  @default_error_policy
end

#scope_storage ⇒ Object

Returns the value of attribute scope_storage.

# File 'lib/access_policy/policy_check.rb', line 5

def scope_storage
  @scope_storage
end

Instance Method Details

#authorize(object_to_guard, action_to_guard, error_policy: default_error_policy) ⇒ Object

# File 'lib/access_policy/policy_check.rb', line 15

def authorize(object_to_guard, action_to_guard, error_policy: default_error_policy)
  PolicyEnforcer.new(current_user_or_role_for_policy, object_to_guard, action_to_guard).authorize(error_policy) do
    self.policy_authorized=true
  end
end

#current_user_or_role_for_policy ⇒ Object

# File 'lib/access_policy/policy_check.rb', line 42

def current_user_or_role_for_policy
  scope['current_user_or_role_for_policy']
end

#current_user_or_role_for_policy=(new_user) ⇒ Object

# File 'lib/access_policy/policy_check.rb', line 38

def current_user_or_role_for_policy=(new_user)
  scope['current_user_or_role_for_policy'] = new_user
end

#policy_authorized=(new_value) ⇒ Object

# File 'lib/access_policy/policy_check.rb', line 46

def policy_authorized=(new_value)
  scope['policy_authorized'] = new_value
end

#policy_authorized? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/access_policy/policy_check.rb', line 50

def policy_authorized?
  !!policy_authorized
end

#policy_for(object_or_class, error_policy = default_error_policy) ⇒ Object

# File 'lib/access_policy/policy_check.rb', line 21

def policy_for(object_or_class, error_policy = default_error_policy)
  PolicyEnforcer.new(current_user_or_role_for_policy, object_or_class).policy(error_policy)
end

#with_user_or_role(new_current_user_or_role_for_policy, error_policy = default_error_policy) ⇒ Object

# File 'lib/access_policy/policy_check.rb', line 25

def with_user_or_role(new_current_user_or_role_for_policy, error_policy = default_error_policy)
  self.policy_authorized = false

  switched_user_or_role(new_current_user_or_role_for_policy) do
    begin
      yield if block_given?
      raise(PolicyEnforcer::NotAuthorizedError, "#{new_current_user_or_role_for_policy}") unless policy_authorized?
    rescue => e
      error_policy.call(e)
    end
  end
end