Module: ActiveScaffold::ActiveRecordPermissions::Permissions::SecurityMethods
- Defined in:
- lib/active_scaffold/active_record_permissions.rb
Instance Method Summary collapse
-
#authorized_for?(options = {}) ⇒ Boolean
A generic authorization query.
- #authorized_for_methods(options) ⇒ Object
- #cached_authorized_for_methods(options) ⇒ Object
Instance Method Details
#authorized_for?(options = {}) ⇒ Boolean
A generic authorization query. This is what will be called programatically, since the actual permission methods can’t be guaranteed to exist. And because we want to intelligently combine multiple applicable methods.
options should be a CRUD verb (:create, :read, :update, :destroy) options should be the name of a model attribute options is the name of a method
94 95 96 97 98 99 100 101 102 103 104 105 |
# File 'lib/active_scaffold/active_record_permissions.rb', line 94 def ( = {}) raise ArgumentError, "unknown crud type #{[:crud_type]}" if [:crud_type] && ![:create, :read, :update, :delete].include?([:crud_type]) # collect other possibly-related methods that actually exist methods = () return ActiveRecordPermissions. if methods.empty? return send(methods.first) if methods.one? # if any method returns false, then return false return false if methods.any? { |m| !send(m) } true end |
#authorized_for_methods(options) ⇒ Object
118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 |
# File 'lib/active_scaffold/active_record_permissions.rb', line 118 def () # column_authorized_for_crud_type? has the highest priority over other methods, # you can disable a crud verb and enable that verb for a column # (for example, disable update and enable inplace_edit in a column) method = column_and_crud_type_security_method([:column], [:crud_type]) return [method] if method && respond_to?(method) # authorized_for_action? has higher priority than other methods, # you can disable a crud verb and enable an action with that crud verb # (for example, disable update and enable an action with update as crud type) method = action_security_method([:action]) return [method] if method && respond_to?(method) # collect other possibly-related methods that actually exist [ column_security_method([:column]), crud_type_security_method([:crud_type]) ].compact.select { |m| respond_to?(m) } end |
#cached_authorized_for_methods(options) ⇒ Object
107 108 109 110 111 112 113 114 115 116 |
# File 'lib/active_scaffold/active_record_permissions.rb', line 107 def () key = "#{[:crud_type]}##{[:column]}##{[:action]}" if self.is_a? Class self.class_security_methods ||= {} self.class_security_methods[key] ||= () else self.class.instance_security_methods ||= {} self.class.instance_security_methods[key] ||= () end end |