Class: AnnotationSecurity::RightLoader

Inherits:

Object
AnnotationSecurity::RightLoader

Defined in:: lib/annotation_security/manager/right_loader.rb

Overview

AnnotationSecurity::RightLoader

Contains the right loader class, which is responsible for loading right definitions for resources. Load rights from a yaml file or a hash.

Example YAML

The file config/security/rights.yml inside a rails app might look like this:

picture:
  # a user may show a picture if he fulfils the 'related'-relation
  show: if related
comment:
  # you have to be logged in to view comments
  show: if logged_in
user:
  # like in ruby, 'unless' is equivalent to 'if not'
  register: unless logged_in
  delete: if administrator # comments are also possible behind a line
user_content:
  # all rights of 'user_content' are defined for 'picture' and 'comment' too
  applies_to: picture, comment
  create: if logged_in
  edit: if owner
  delete: if owner or administrator

The file can be loaded via AnnotationSecurity#load_rights('rights').

A right’s condition can use the keywords if, unless, and, or and not, brackets, other rights and all of the resource’s relations (see AnnotationSecurity::RelationLoader). For better readability you may add the prefixes may, is, can or has, or append one of the suffixes for, in, of or to.

user_content:
  edit: if is_owner_of
  delete: if may_edit or is_administrator

However, it is recommended to use this feature sparingly.

Class Method Summary collapse

.define_rights(hash) ⇒ Object

Goes through all resources of hash and load the defined rights.

Instance Method Summary collapse

#define_rights(hash) ⇒ Object

Goes through all rights in hash and creates rules for all policies these rights apply to.
#initialize(resource) ⇒ RightLoader constructor

An instance of RightLoader is responsible for loading the rights of a resource class.

Constructor Details

#initialize(resource) ⇒ `RightLoader`

An instance of RightLoader is responsible for loading the rights of a resource class.



58
59
60

# File 'lib/annotation_security/manager/right_loader.rb', line 58

def initialize(resource) # :nodoc:
  @factory = AnnotationSecurity::PolicyManager.policy_factory(resource)
end

Class Method Details

.define_rights(hash) ⇒ `Object`

Goes through all resources of hash and load the defined rights.

# File 'lib/annotation_security/manager/right_loader.rb', line 47

def self.define_rights(hash) # :nodoc:
  if hash
    hash.each_pair do |resource_class, rights|
      new(resource_class).define_rights(rights)
    end
  end
end

Instance Method Details

#define_rights(hash) ⇒ `Object`

Goes through all rights in hash and creates rules for all policies these rights apply to.

# File 'lib/annotation_security/manager/right_loader.rb', line 65

def define_rights(hash) # :nodoc:
  factories = extract_applies_to(hash) << @factory
  hash.each_pair do |right,condition|
    # Important: set the :right-flag to activate automatic detection of
    # the other flags (static,dynamic,require_user)
    factories.each { |f| f.add_rule(right,:right,condition) }
  end
end