Class: Accessly::Policy::Base

Inherits:

Object

• Object
• Accessly::Policy::Base

Defined in:

lib/accessly/policy/base.rb

Constant Summary

ACTIONS_MODULE =

Module that will hold our meta-programmed action methods just above the policy class in the inheritance hierarchy; allowing for them to be overridden in the policy.

:Actions

Instance Attribute Summary

• #actor ⇒ Object readonly

  Returns the value of attribute actor.

Class Method Summary

• .actions(actions) ⇒ Hash

  Meta-programs action methods from actions supplied.

• .actions_on_objects(actions_on_objects) ⇒ Hash

  Meta-programs action_on_objects methods from the actions supplied.

• .model_scope ⇒ Object
• .namespace ⇒ Object

Instance Method Summary

• #accessly_query ⇒ Object
• #actors ⇒ Object

  Specifies all the actors used in permission lookups.

• #can?(action, object = nil) ⇒ Boolean
• #grant!(action, object = nil) ⇒ Object
• #grant_object ⇒ Object
• #initialize(actor) ⇒ Base constructor

  A new instance of Base.

• #list(action) ⇒ Object
• #model_scope ⇒ Object
• #namespace ⇒ Object
• #revoke!(action, object = nil) ⇒ Object
• #revoke_object ⇒ Object
• #segment_id ⇒ Object
• #unrestricted? ⇒ Boolean

Constructor Details

#initialize(actor) ⇒ Base

Returns a new instance of Base.

# File 'lib/accessly/policy/base.rb', line 11

def initialize(actor)
  @actor = actor
end

Instance Attribute Details

#actor ⇒ Object (readonly)

Returns the value of attribute actor.

# File 'lib/accessly/policy/base.rb', line 9

def actor
  @actor
end

Class Method Details

.actions(actions) ⇒ Hash

Meta-programs action methods from actions supplied. Used in policies as a DSL to declare actions.

This defines the actions on the ‘actions_module` so that they are positioned higher in the inheritance tree than methods defined on the class itself. This will allow us to define methods that override these base methods and call `super`.

Examples:

Define Actions

# This example causes the following methods to be defined:
# some_action? : Returns true if the actor has the some_action
#   permission, false otherwise
# flip_the_flop? : Returns true if the actor has the flip_the_flop
#   permission, false otherwise
# create? : Returns true if the actor has the create permission, false
#   otherwise
actions(
  some_action: 1,
  flip_the_flop: 2,
  create: 3
)

Parameters:

• actions (Hash) —

  the actions to define on the policy

Returns:

• (Hash) —

  actions

# File 'lib/accessly/policy/base.rb', line 41

def self.actions(actions)
  _actions.merge!(actions)
  actions.each do |action, action_id|
    actions_module.module_eval do
      define_method(:"#{action}?") do |*args|
        _can_do_action?(action, action_id, args.first)
      end
    end
  end
end

.actions_on_objects(actions_on_objects) ⇒ Hash

Meta-programs action_on_objects methods from the actions supplied. Used in policies as a DSL to declare actions on objects. It is different from actions in that it will also define a method for listing all objects authorized with this action for the given actor and that these actions will always be associated not only with an actor, but with an object of the action.

on the policy

Examples:

Define Actions On Objects

# This example causes the following methods to be defined:
# edit : Returns an ActiveRecord::Relation of the objects on which
#   the actor has the edit permission
# edit?(object) : Returns true if the actor has the edit permission
#   on the given object, false otherwise
# show : Returns an ActiveRecord::Relation of the objects on which
#   the actor has the show permission
# show?(object) : Returns true if the actor has the show permission
#   on the given object, false otherwise
actions_on_objects(
  edit: 1,
  show: 2
)

Parameters:

• actions_on_objects (Hash) —

  the actions on objects to define

Returns:

• (Hash) —

  actions_on_objects

# File 'lib/accessly/policy/base.rb', line 79

def self.actions_on_objects(actions_on_objects)
  _actions_on_objects.merge!(actions_on_objects)
  actions_on_objects.each do |action, action_id|
    actions_module.module_eval do
      define_method(:"#{action}?") do |*args|
        _can_do_action?(action, action_id, args.first)
      end

      define_method(action) do |*args|
        _list_for_action(action, action_id)
      end
    end
  end
end

.model_scope ⇒ Object

Raises:

• (ArgumentError)

# File 'lib/accessly/policy/base.rb', line 102

def self.model_scope
  raise ArgumentError.new("#model_scope is not defined on #{self.name}.")
end

.namespace ⇒ Object

# File 'lib/accessly/policy/base.rb', line 94

def self.namespace
  String(self)
end

Instance Method Details

#accessly_query ⇒ Object

# File 'lib/accessly/policy/base.rb', line 150

def accessly_query
  @_accessly_query ||= begin
    query = Accessly::Query.new(actors)
    query.on_segment(segment_id) unless segment_id.nil?
    query
  end
end

#actors ⇒ Object

Specifies all the actors used in permission lookups. Override this method in child policy classes to specify other actors that the actor given in the initializer may inherit permissions from.

# File 'lib/accessly/policy/base.rb', line 114

def actors
  actor
end

#can?(action, object = nil) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/accessly/policy/base.rb', line 126

def can?(action, object = nil)
  if object.nil?
    send("#{action}?")
  else
    send("#{action}?", object)
  end
end

#grant!(action, object = nil) ⇒ Object

# File 'lib/accessly/policy/base.rb', line 138

def grant!(action, object = nil)
  object_id = _get_object_id(object)
  action_id = _get_action_id(action, object_id)
  grant_object.grant!(action_id, namespace, object_id)
end

#grant_object ⇒ Object

# File 'lib/accessly/policy/base.rb', line 158

def grant_object
  grant_object = Accessly::Permission::Grant.new(actor)
  grant_object.on_segment(segment_id) unless segment_id.nil?

  grant_object
end

#list(action) ⇒ Object

# File 'lib/accessly/policy/base.rb', line 134

def list(action)
  send(action)
end

#model_scope ⇒ Object

# File 'lib/accessly/policy/base.rb', line 106

def model_scope
  self.class.model_scope
end

#namespace ⇒ Object

# File 'lib/accessly/policy/base.rb', line 98

def namespace
  self.class.namespace
end

#revoke!(action, object = nil) ⇒ Object

# File 'lib/accessly/policy/base.rb', line 144

def revoke!(action, object = nil)
  object_id = _get_object_id(object)
  action_id = _get_action_id(action, object_id)
  revoke_object.revoke!(action_id, namespace, object_id)
end

#revoke_object ⇒ Object

# File 'lib/accessly/policy/base.rb', line 165

def revoke_object
  revoke_object = Accessly::Permission::Revoke.new(actor)
  revoke_object.on_segment(segment_id) unless segment_id.nil?

  revoke_object
end

#segment_id ⇒ Object

# File 'lib/accessly/policy/base.rb', line 122

def segment_id
  nil
end

#unrestricted? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/accessly/policy/base.rb', line 118

def unrestricted?
  false
end