Class: Authorization::AttributeWithPermission

Inherits:
Attribute
  • Object
show all
Defined in:
lib/declarative_authorization/authorization.rb

Overview

An attribute condition that uses existing rules to decide validation and create obligations.

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(privilege, attr_or_hash, context = nil) ⇒ AttributeWithPermission

E.g. privilege :read, attr_or_hash either :attribute or { :attribute => :deeper_attribute }



688
689
690
691
692
 
# File 'lib/declarative_authorization/authorization.rb', line 688

def initialize(privilege, attr_or_hash, context = nil)
  @privilege = privilege
  @context = context
  @attr_hash = attr_or_hash
end

Class Method Details

.reflection_for_path(parent_model, path) ⇒ Object 



796
797
798
799
800
801
802
803
804
805
806
807
808
809
 
# File 'lib/declarative_authorization/authorization.rb', line 796

def self.reflection_for_path(parent_model, path)
  reflection = path.empty? ? parent_model : begin
    parent = reflection_for_path(parent_model, path[0..-2])
    if !parent.respond_to?(:proxy_reflection) and parent.respond_to?(:klass)
      parent.klass.reflect_on_association(path.last)
    else
      parent.reflect_on_association(path.last)
    end
  rescue
    parent.reflect_on_association(path.last)
  end
  raise "invalid path #{path.inspect}" if reflection.nil?
  reflection
end

Instance Method Details

#initialize_copy(from) ⇒ Object 



694
695
696
 
# File 'lib/declarative_authorization/authorization.rb', line 694

def initialize_copy(from)
  @attr_hash = deep_hash_clone(@attr_hash) if @attr_hash.is_a?(Hash)
end

#obligation(attr_validator, hash_or_attr = nil, path = []) ⇒ Object

may return an array of obligations to be OR’ed



737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
 
# File 'lib/declarative_authorization/authorization.rb', line 737

def obligation(attr_validator, hash_or_attr = nil, path = [])
  hash_or_attr ||= @attr_hash
  case hash_or_attr
  when Symbol
    @context ||= begin
      rule_model = attr_validator.context.to_s.classify.constantize
      context_reflection = self.class.reflection_for_path(rule_model, path + [hash_or_attr])
      if context_reflection.klass.respond_to?(:decl_auth_context)
        context_reflection.klass.decl_auth_context
      else
        context_reflection.klass.name.tableize.to_sym
      end
    rescue # missing model, reflections
      hash_or_attr.to_s.pluralize.to_sym
    end

    obligations = attr_validator.engine.obligations(@privilege,
                      :context => @context,
                      :user    => attr_validator.user)

    obligations.collect {|obl| {hash_or_attr => obl} }
  when Hash
    obligations_array_attrs = []
    obligations =
        hash_or_attr.inject({}) do |all, pair|
          attr, sub_hash = pair
          all[attr] = obligation(attr_validator, sub_hash, path + [attr])
          if all[attr].length > 1
            obligations_array_attrs << attr
          else
            all[attr] = all[attr].first
          end
          all
        end
    obligations = [obligations]
    obligations_array_attrs.each do |attr|
      next_array_size = obligations.first[attr].length
      obligations = obligations.collect do |obls|
        (0...next_array_size).collect do |idx|
          obls_wo_array = obls.clone
          obls_wo_array[attr] = obls_wo_array[attr][idx]
          obls_wo_array
        end
      end.flatten
    end
    obligations
  when NilClass
    attr_validator.engine.obligations(@privilege,
        :context => attr_validator.context,
        :user    => attr_validator.user)
  else
    raise AuthorizationError, "Wrong conditions hash format: #{hash_or_attr.inspect}"
  end
end

#to_long_sObject 



792
793
794
 
# File 'lib/declarative_authorization/authorization.rb', line 792

def to_long_s
  "if_permitted_to #{@privilege.inspect}, #{@attr_hash.inspect}"
end

#validate?(attr_validator, object = nil, hash_or_attr = nil) ⇒ Boolean

Returns:

  • (Boolean) 


698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
 
# File 'lib/declarative_authorization/authorization.rb', line 698

def validate?(attr_validator, object = nil, hash_or_attr = nil)
  object ||= attr_validator.object
  hash_or_attr ||= @attr_hash
  return false unless object

  case hash_or_attr
  when Symbol
    attr_value = object_attribute_value(object, hash_or_attr)
    case attr_value
    when nil
      raise NilAttributeValueError, "Attribute #{hash_or_attr.inspect} is nil in #{object.inspect}."
    when Enumerable
      attr_value.any? do |inner_value|
        attr_validator.engine.permit? @privilege, :object => inner_value, :user => attr_validator.user
      end
    else
      attr_validator.engine.permit? @privilege, :object => attr_value, :user => attr_validator.user
    end
  when Hash
    hash_or_attr.all? do |attr, sub_hash|
      attr_value = object_attribute_value(object, attr)
      if attr_value == nil
        raise NilAttributeValueError, "Attribute #{attr.inspect} is nil in #{object.inspect}."
      elsif attr_value.is_a?(Enumerable)
        attr_value.any? do |inner_value|
          validate?(attr_validator, inner_value, sub_hash)
        end
      else
        validate?(attr_validator, attr_value, sub_hash)
      end
    end
  when NilClass
    attr_validator.engine.permit? @privilege, :object => object, :user => attr_validator.user
  else
    raise AuthorizationError, "Wrong conditions hash format: #{hash_or_attr.inspect}"
  end
end