Class: Accessly::Query

Inherits:

Base

• Object
• Base
• Accessly::Query

Defined in:

lib/accessly/query.rb

Overview

Accessly::Query is the interface that hides the implementation of the data layer. Ask Accessly::Query whether an actor has permission on a record, ask it for a list of permitted records for the record type, and ask it whether an actor has a general permission not related to any certain record or record type.

Instance Method Summary

• #can?(action_id, object_type, object_id = nil) ⇒ Boolean

  Check whether an actor has a given permission.

• #initialize(actors) ⇒ Query constructor

  Create an instance of Accessly::Query.

• #list(action_id, namespace) ⇒ ActiveRecord::Relation

  Returns an ActiveRecord::Relation of ids in the namespace for which the actor has permission to perform action_id.

Methods inherited from Base

#on_segment

Constructor Details

#initialize(actors) ⇒ Query

Create an instance of Accessly::Query. Lookups are cached in inherited object(s) to prevent redundant calls to the database. Pass in a Hash or ActiveRecord::Base for actors if the actor(s) inherit some permissions from other actors in the system. This may happen when you have a user in one or more groups or organizations with their own access control permissions.

Examples:

# Create a new object with a single actor
Accessly::Query.new(user)

# Create a new object with multiple actors
Accessly::Query.new(User => user.id, Group => [1,2], Organization => Organization.where(user_id: user.id).pluck(:id))

Parameters:

• actors (Hash, ActiveRecord::Base) —

  The actor(s) we’re checking permission(s)

# File 'lib/accessly/query.rb', line 26

def initialize(actors)
  super(actors)
end

Instance Method Details

#can?(action_id, namespace) ⇒ Boolean #can?(action_id, object_type, object_id) ⇒ Boolean

Check whether an actor has a given permission.

Overloads:

• #can?(action_id, namespace) ⇒ Boolean

  Ask whether the actor has permission to perform action_id in the given namespace. Multiple actions can have the same id as long as their namespace is different. The namespace can be any String. We recommend using namespace to group a class of permissions, such as to group parts of a particular feature in your application.

  Examples:

  # Can the user perform the action with id 3 for posts?
  Accessly.can?(user, 3, "posts")

  # Can the user perform the action with id 5 for Posts?
  Accessly::Query.new(user).can?(5, Post)

  # Can the sets of actors perform the action with id 5 for Posts?
  Accessly::Query.new(User => user.id, Group => [1,2]).can?(5, Post)

  # Can the user on segment 1 perform the action with id 5 for Posts
  Accessly::Query.new(user).on_segment(1).can?(5, Post)

  # Can the sets of actors on segment 1 perform the action with id 5 for Posts
  Accessly::Query.new(User => user.id, Group => [1,2]).on_segment(1).can?(5, Post)

  Parameters:

  • action_id (Integer, Array<Integer>) —

    The action or actions we’re checking whether the actor has. If this is an array, then the check is ORed.

  • namespace (String) —

    The namespace of the given action_id.

  Returns:

  • (Boolean) —

    Returns true if actor has been granted the permission, false otherwise.

• #can?(action_id, object_type, object_id) ⇒ Boolean

  Ask whether the actor has permission to perform action_id on a given record.

  Examples:

  # Can the user perform the action with id 5 for the Post with id 7?
  Accessly::Query.new(user).can?(5, Post, 7)

  # Can the sets of actors perform the action with id 5 for the Post with id 7?
  Accessly::Query.new(User => user.id, Group => [1,2]).can?(5, Post, 7)

  # Can the user on segment 1 perform the action with id 5 for the Post with id 7?
  Accessly::Query.new(user).on_segment(1).can?(5, Post, 7)

  # Can the sets of actors on segment 1 perform the action with id 5 for the Post with id 7?
  Accessly::Query.new(User => user.id, Group => [1,2]).on_segment(1).can?(5, Post, 7)

  Parameters:

  • action_id (Integer, Array<Integer>) —

    The action or actions we’re checking whether the actor has. If this is an array, then the check is ORed.

  • object_type (ActiveRecord::Base) —

    The ActiveRecord model which we’re checking for permission on.

  • object_id (Integer) —

    The id of the ActiveRecord object which we’re checking for permission on.

  Returns:

  • (Boolean) —

    Returns true if actor has been granted the permission on the specified record, false otherwise.

Returns:

• (Boolean)

# File 'lib/accessly/query.rb', line 81

def can?(action_id, object_type, object_id = nil)
  if object_id.nil?
    permitted_action_query.can?(action_id, object_type)
  else
    permitted_action_on_object_query.can?(action_id, object_type, object_id)
  end
end

#list(action_id, namespace) ⇒ ActiveRecord::Relation

Returns an ActiveRecord::Relation of ids in the namespace for which the actor has permission to perform action_id.

Examples:

# Give me the list of Post ids on which the user has permission to perform action_id 3
Accessly::Query.new(user).list(3, Post)

# Give me the list of Post ids on which the user has permission to perform action_id 3 on segment 1
Accessly::Query.new(user).on_segment(1).list(3, Post)

# Give me the list of Post ids on which the user and its groups has permission to perform action_id 3
Accessly::Query.new(User => user.id, Group => [1,2]).list(3, Post)

# Give me the list of Post ids on which the user and its groups has permission to perform action_id 3 on segment 1
Accessly::Query.new(User => user.id, Group => [1,2]).on_segment(1).list(3, Post)

Parameters:

• action_id (Integer) —

  The action we’re checking on the actor in the namespace.

• namespace (String) —

  The namespace to check actor permissions.

Returns:

• (ActiveRecord::Relation)

# File 'lib/accessly/query.rb', line 108

def list(action_id, namespace)
  permitted_action_on_object_query.list(action_id, namespace)
end