Class: Authorization::AttributeWithPermission
- Defined in:
- lib/declarative_authorization/authorization.rb
Overview
An attribute condition that uses existing rules to decide validation and create obligations.
Class Method Summary collapse
Instance Method Summary collapse
-
#initialize(privilege, attr_or_hash, context = nil) ⇒ AttributeWithPermission
constructor
E.g.
- #initialize_copy(from) ⇒ Object
-
#obligation(attr_validator, hash_or_attr = nil, path = []) ⇒ Object
may return an array of obligations to be OR’ed.
- #to_long_s ⇒ Object
- #validate?(attr_validator, object = nil, hash_or_attr = nil) ⇒ Boolean
Constructor Details
#initialize(privilege, attr_or_hash, context = nil) ⇒ AttributeWithPermission
E.g. privilege :read, attr_or_hash either :attribute or { :attribute => :deeper_attribute }
688 689 690 691 692 |
# File 'lib/declarative_authorization/authorization.rb', line 688 def initialize(privilege, attr_or_hash, context = nil) @privilege = privilege @context = context @attr_hash = attr_or_hash end |
Class Method Details
.reflection_for_path(parent_model, path) ⇒ Object
796 797 798 799 800 801 802 803 804 805 806 807 808 809 |
# File 'lib/declarative_authorization/authorization.rb', line 796 def self.reflection_for_path(parent_model, path) reflection = path.empty? ? parent_model : begin parent = reflection_for_path(parent_model, path[0..-2]) if !parent.respond_to?(:proxy_reflection) and parent.respond_to?(:klass) parent.klass.reflect_on_association(path.last) else parent.reflect_on_association(path.last) end rescue parent.reflect_on_association(path.last) end raise "invalid path #{path.inspect}" if reflection.nil? reflection end |
Instance Method Details
#initialize_copy(from) ⇒ Object
694 695 696 |
# File 'lib/declarative_authorization/authorization.rb', line 694 def initialize_copy(from) @attr_hash = deep_hash_clone(@attr_hash) if @attr_hash.is_a?(Hash) end |
#obligation(attr_validator, hash_or_attr = nil, path = []) ⇒ Object
may return an array of obligations to be OR’ed
737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 |
# File 'lib/declarative_authorization/authorization.rb', line 737 def obligation(attr_validator, hash_or_attr = nil, path = []) hash_or_attr ||= @attr_hash case hash_or_attr when Symbol @context ||= begin rule_model = attr_validator.context.to_s.classify.constantize context_reflection = self.class.reflection_for_path(rule_model, path + [hash_or_attr]) if context_reflection.klass.respond_to?(:decl_auth_context) context_reflection.klass.decl_auth_context else context_reflection.klass.name.tableize.to_sym end rescue # missing model, reflections hash_or_attr.to_s.pluralize.to_sym end obligations = attr_validator.engine.obligations(@privilege, :context => @context, :user => attr_validator.user) obligations.collect {|obl| {hash_or_attr => obl} } when Hash obligations_array_attrs = [] obligations = hash_or_attr.inject({}) do |all, pair| attr, sub_hash = pair all[attr] = obligation(attr_validator, sub_hash, path + [attr]) if all[attr].length > 1 obligations_array_attrs << attr else all[attr] = all[attr].first end all end obligations = [obligations] obligations_array_attrs.each do |attr| next_array_size = obligations.first[attr].length obligations = obligations.collect do |obls| (0...next_array_size).collect do |idx| obls_wo_array = obls.clone obls_wo_array[attr] = obls_wo_array[attr][idx] obls_wo_array end end.flatten end obligations when NilClass attr_validator.engine.obligations(@privilege, :context => attr_validator.context, :user => attr_validator.user) else raise AuthorizationError, "Wrong conditions hash format: #{hash_or_attr.inspect}" end end |
#to_long_s ⇒ Object
792 793 794 |
# File 'lib/declarative_authorization/authorization.rb', line 792 def to_long_s "if_permitted_to #{@privilege.inspect}, #{@attr_hash.inspect}" end |
#validate?(attr_validator, object = nil, hash_or_attr = nil) ⇒ Boolean
698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 |
# File 'lib/declarative_authorization/authorization.rb', line 698 def validate?(attr_validator, object = nil, hash_or_attr = nil) object ||= attr_validator.object hash_or_attr ||= @attr_hash return false unless object case hash_or_attr when Symbol attr_value = object_attribute_value(object, hash_or_attr) case attr_value when nil raise NilAttributeValueError, "Attribute #{hash_or_attr.inspect} is nil in #{object.inspect}." when Enumerable attr_value.any? do |inner_value| attr_validator.engine.permit? @privilege, :object => inner_value, :user => attr_validator.user end else attr_validator.engine.permit? @privilege, :object => attr_value, :user => attr_validator.user end when Hash hash_or_attr.all? do |attr, sub_hash| attr_value = object_attribute_value(object, attr) if attr_value == nil raise NilAttributeValueError, "Attribute #{attr.inspect} is nil in #{object.inspect}." elsif attr_value.is_a?(Enumerable) attr_value.any? do |inner_value| validate?(attr_validator, inner_value, sub_hash) end else validate?(attr_validator, attr_value, sub_hash) end end when NilClass attr_validator.engine.permit? @privilege, :object => object, :user => attr_validator.user else raise AuthorizationError, "Wrong conditions hash format: #{hash_or_attr.inspect}" end end |