Class: Authorization::AuthorizationRule
- Inherits:
-
Object
- Object
- Authorization::AuthorizationRule
- Defined in:
- lib/declarative_authorization/authorization.rb
Instance Attribute Summary collapse
-
#attributes ⇒ Object
readonly
Returns the value of attribute attributes.
-
#contexts ⇒ Object
readonly
Returns the value of attribute contexts.
-
#join_operator ⇒ Object
readonly
Returns the value of attribute join_operator.
-
#privileges ⇒ Object
readonly
Returns the value of attribute privileges.
-
#role ⇒ Object
readonly
Returns the value of attribute role.
-
#source_file ⇒ Object
readonly
Returns the value of attribute source_file.
-
#source_line ⇒ Object
readonly
Returns the value of attribute source_line.
Instance Method Summary collapse
- #append_attribute(attribute) ⇒ Object
- #append_privileges(privs) ⇒ Object
-
#initialize(role, privileges = [], contexts = nil, join_operator = :or, options = {}) ⇒ AuthorizationRule
constructor
A new instance of AuthorizationRule.
- #initialize_copy(from) ⇒ Object
- #matches?(roles, privs, context = nil) ⇒ Boolean
- #obligations(attr_validator) ⇒ Object
- #to_long_s ⇒ Object
- #validate?(attr_validator, skip_attribute = false) ⇒ Boolean
Constructor Details
#initialize(role, privileges = [], contexts = nil, join_operator = :or, options = {}) ⇒ AuthorizationRule
Returns a new instance of AuthorizationRule.
441 442 443 444 445 446 447 448 449 450 |
# File 'lib/declarative_authorization/authorization.rb', line 441 def initialize(role, privileges = [], contexts = nil, join_operator = :or, = {}) @role = role @privileges = Set.new(privileges) @contexts = Set.new((contexts && !contexts.is_a?(Array) ? [contexts] : contexts)) @join_operator = join_operator @attributes = [] @source_file = [:source_file] @source_line = [:source_line] end |
Instance Attribute Details
#attributes ⇒ Object (readonly)
Returns the value of attribute attributes.
438 439 440 |
# File 'lib/declarative_authorization/authorization.rb', line 438 def attributes @attributes end |
#contexts ⇒ Object (readonly)
Returns the value of attribute contexts.
438 439 440 |
# File 'lib/declarative_authorization/authorization.rb', line 438 def contexts @contexts end |
#join_operator ⇒ Object (readonly)
Returns the value of attribute join_operator.
438 439 440 |
# File 'lib/declarative_authorization/authorization.rb', line 438 def join_operator @join_operator end |
#privileges ⇒ Object (readonly)
Returns the value of attribute privileges.
438 439 440 |
# File 'lib/declarative_authorization/authorization.rb', line 438 def privileges @privileges end |
#role ⇒ Object (readonly)
Returns the value of attribute role.
438 439 440 |
# File 'lib/declarative_authorization/authorization.rb', line 438 def role @role end |
#source_file ⇒ Object (readonly)
Returns the value of attribute source_file.
438 439 440 |
# File 'lib/declarative_authorization/authorization.rb', line 438 def source_file @source_file end |
#source_line ⇒ Object (readonly)
Returns the value of attribute source_line.
438 439 440 |
# File 'lib/declarative_authorization/authorization.rb', line 438 def source_line @source_line end |
Instance Method Details
#append_attribute(attribute) ⇒ Object
462 463 464 |
# File 'lib/declarative_authorization/authorization.rb', line 462 def append_attribute(attribute) @attributes << attribute end |
#append_privileges(privs) ⇒ Object
458 459 460 |
# File 'lib/declarative_authorization/authorization.rb', line 458 def append_privileges(privs) @privileges.merge(privs) end |
#initialize_copy(from) ⇒ Object
452 453 454 455 456 |
# File 'lib/declarative_authorization/authorization.rb', line 452 def initialize_copy(from) @privileges = @privileges.clone @contexts = @contexts.clone @attributes = @attributes.collect {|attribute| attribute.clone } end |
#matches?(roles, privs, context = nil) ⇒ Boolean
466 467 468 469 |
# File 'lib/declarative_authorization/authorization.rb', line 466 def matches?(roles, privs, context = nil) roles = Hash[[*roles].map { |r| [r, true] }] unless roles.is_a?(Hash) @contexts.include?(context) && roles.include?(@role) && privs.any? { |priv| @privileges.include?(priv) } end |
#obligations(attr_validator) ⇒ Object
482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 |
# File 'lib/declarative_authorization/authorization.rb', line 482 def obligations(attr_validator) exceptions = [] obligations = @attributes.collect do |attr| begin attr.obligation(attr_validator) rescue NotAuthorized => e exceptions << e nil end end if exceptions.length > 0 and (@join_operator == :and or exceptions.length == @attributes.length) raise NotAuthorized, "Missing authorization in collecting obligations: #{exceptions.map(&:to_s) * ", "}" end if @join_operator == :and and !obligations.empty? # cross product of OR'ed obligations in arrays arrayed_obligations = obligations.map {|obligation| obligation.is_a?(Hash) ? [obligation] : obligation} merged_obligations = arrayed_obligations.first arrayed_obligations[1..-1].each do |inner_obligations| previous_merged_obligations = merged_obligations merged_obligations = inner_obligations.collect do |inner_obligation| previous_merged_obligations.collect do |merged_obligation| merged_obligation.deep_merge(inner_obligation) end end.flatten end obligations = merged_obligations else obligations = obligations.flatten.compact end obligations.empty? ? [{}] : obligations end |
#to_long_s ⇒ Object
516 517 518 |
# File 'lib/declarative_authorization/authorization.rb', line 516 def to_long_s attributes.collect {|attr| attr.to_long_s } * "; " end |
#validate?(attr_validator, skip_attribute = false) ⇒ Boolean
471 472 473 474 475 476 477 478 479 480 |
# File 'lib/declarative_authorization/authorization.rb', line 471 def validate?(attr_validator, skip_attribute = false) skip_attribute or @attributes.empty? or @attributes.send(@join_operator == :and ? :all? : :any?) do |attr| begin attr.validate?(attr_validator) rescue NilAttributeValueError => e nil # Bumping up against a nil attribute value flunks the rule. end end end |