Module: Aclatraz::Guard::InstanceMethods

Defined in:

lib/aclatraz/guard.rb

Overview

ClassMethods

Instance Method Summary

• #assert_permission(permission) ⇒ Object

  Check if current suspect has given permissions.

• #guard!(*actions, &block) ⇒ Object (also: #authorize!)

  Check if current suspect have permissions to execute following code.

• #suspect ⇒ Object

  Returns suspected object.

Instance Method Details

#assert_permission(permission) ⇒ Object

Check if current suspect has given permissions.

Examples

assert_permission(:admin)
assert_permission(:manager_of => ClassName)
assert_permission(:owner_of => "object")

# File 'lib/aclatraz/guard.rb', line 149

def assert_permission(permission)
  case permission
  when String, Symbol, true
    suspect.roles.has?(permission)
  when Hash
    permission.each do |role, object| 
      if object.is_a?(String)
        object = instance_variable_get(object[0] ? "@#{object}" : object) 
      elsif object.is_a?(Symbol) 
        object = send(object)
      end
      return true if suspect.roles.has?(role, object)
    end
    return false
  else
    raise Aclatraz::InvalidPermission, "Invalid ACL permission: #{permission.inspect}"
  end
end

#guard!(*actions, &block) ⇒ Object Also known as: authorize!

Check if current suspect have permissions to execute following code. If suspect hasn’t required permissions, or access for any of his roles is denied then raises Aclatraz::AccessDenied error. You can also specify additional permission inside given block:

guard! do 
  deny :foo
  allow :bar
end

# File 'lib/aclatraz/guard.rb', line 105

def guard!(*actions, &block)
  acl = Aclatraz.acl[self.class.name] or raise UndefinedAccessControlList, "No ACL for #{self.class.name} class"
  suspect.respond_to?(:acl_suspect?)  or raise Aclatraz::InvalidSuspect, "Invalid ACL suspect: #{suspect.inspect}"
  authorized = false
  permissions = Dictionary.new
  actions.unshift(:_)

  if block_given?
    aname = "#{__FILE__}:#{__LINE__}"
    acl.on(aname, &block)
    actions.push(aname)
  end

  actions.each do |action| 
    acl.actions[action].permissions.each_pair do |key, value|     
      permissions.delete(key)
      permissions.push(key, value)
    end
  end
  
  permissions.each do |permission, allow|
    if permission == true
      authorized = allow ? true : false
      next
    end
    if allow
      authorized ||= assert_permission(permission)  
    else
      authorized = false if assert_permission(permission)
    end
  end
  
  authorized or raise Aclatraz::AccessDenied, "Access Denied"
  return true
end

#suspect ⇒ Object

Returns suspected object.

• when suspect name is a String then will return instance variable

• when suspect name is a Symbol then will be returned value of instance method

• otherwise suspect name will be treated as suspect object.

Examples

class Bar
  suspects(:foo) { ... }
  def foo; @foo = Foo.new; end 
end
Bar.new.suspect.class # => Foo

class Bla
  suspects("foo") { ... }
  def init; @foo = Foo.new; end
end 
Bla.new.suspect.class # => Foo

class Spam
  foo = Foo.new
  suspects(foo) { ... }
end
Spam.new.suspect.class # => Foo

You can also override this method in your protected class, and skip passing arguments to #suspects method, eg.

class Eggs
  suspects { ... }
  def suspect; @foo = Foo.new; end
end

# File 'lib/aclatraz/guard.rb', line 83

def suspect
  @suspect ||= if acl = Aclatraz.acl[self.class.name]
    case acl.suspect
    when Symbol 
      send(acl.suspect)
    when String 
      instance_variable_get("@#{acl.suspect}")
    else 
      acl.suspect
    end
  end
end