Module: Aclatraz::Guard::InstanceMethods
- Defined in:
- lib/aclatraz/guard.rb
Overview
ClassMethods
Instance Method Summary collapse
-
#assert_permission(permission) ⇒ Object
Check if current suspect has given permissions.
-
#guard!(*actions, &block) ⇒ Object
(also: #authorize!)
Check if current suspect have permissions to execute following code.
-
#suspect ⇒ Object
Returns suspected object.
Instance Method Details
#assert_permission(permission) ⇒ Object
Check if current suspect has given permissions.
Examples
(:admin)
(:manager_of => ClassName)
(:owner_of => "object")
149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 |
# File 'lib/aclatraz/guard.rb', line 149 def () case when String, Symbol, true suspect.roles.has?() when Hash .each do |role, object| if object.is_a?(String) object = instance_variable_get(object[0] ? "@#{object}" : object) elsif object.is_a?(Symbol) object = send(object) end return true if suspect.roles.has?(role, object) end return false else raise Aclatraz::InvalidPermission, "Invalid ACL permission: #{.inspect}" end end |
#guard!(*actions, &block) ⇒ Object Also known as:
Check if current suspect have permissions to execute following code. If suspect hasn’t required permissions, or access for any of his roles is denied then raises Aclatraz::AccessDenied
error. You can also specify additional permission inside given block:
guard! do
deny :foo
allow :bar
end
105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 |
# File 'lib/aclatraz/guard.rb', line 105 def guard!(*actions, &block) acl = Aclatraz.acl[self.class.name] or raise UndefinedAccessControlList, "No ACL for #{self.class.name} class" suspect.respond_to?(:acl_suspect?) or raise Aclatraz::InvalidSuspect, "Invalid ACL suspect: #{suspect.inspect}" = false = Dictionary.new actions.unshift(:_) if block_given? aname = "#{__FILE__}:#{__LINE__}" acl.on(aname, &block) actions.push(aname) end actions.each do |action| acl.actions[action]..each_pair do |key, value| .delete(key) .push(key, value) end end .each do |, allow| if == true = allow ? true : false next end if allow ||= () else = false if () end end or raise Aclatraz::AccessDenied, "Access Denied" return true end |
#suspect ⇒ Object
Returns suspected object.
-
when suspect name is a String then will return instance variable
-
when suspect name is a Symbol then will be returned value of instance method
-
otherwise suspect name will be treated as suspect object.
Examples
class Bar
suspects(:foo) { ... }
def foo; @foo = Foo.new; end
end
Bar.new.suspect.class # => Foo
class Bla
suspects("foo") { ... }
def init; @foo = Foo.new; end
end
Bla.new.suspect.class # => Foo
class Spam
foo = Foo.new
suspects(foo) { ... }
end
Spam.new.suspect.class # => Foo
You can also override this method in your protected class, and skip passing arguments to #suspects
method, eg.
class Eggs
suspects { ... }
def suspect; @foo = Foo.new; end
end
83 84 85 86 87 88 89 90 91 92 93 94 |
# File 'lib/aclatraz/guard.rb', line 83 def suspect @suspect ||= if acl = Aclatraz.acl[self.class.name] case acl.suspect when Symbol send(acl.suspect) when String instance_variable_get("@#{acl.suspect}") else acl.suspect end end end |