Class: AnnotationSecurity::Rule
- Defined in:
- lib/annotation_security/policy/rule.rb
Overview
AnnotationSecurity::Rule
A right or a relation that belongs to a policy.
Rules can be static or dynamic or both. If the rule is a right, these values will be evaluated lazily.
Instance Method Summary collapse
-
#copy(policy_class) ⇒ Object
Creates a copy for policy class.
-
#dynamic? ⇒ Boolean
Return if this rule can be evaluated with a resource.
-
#evaluate(policy, *args) ⇒ Object
Evaluate proc for policy.
-
#extend_class(klass) ⇒ Object
Creates a method for a policy class that evaluates this rule *
klass
either @policy_class or its static partner. -
#flag_s ⇒ Object
:nodoc:.
-
#full_name ⇒ Object
:nodoc:.
-
#initialize(name, policy_class, *args, &block) ⇒ Rule
constructor
Initialize a rule.
-
#name ⇒ Object
:nodoc:.
-
#requires_credential? ⇒ Boolean
:nodoc:.
-
#right? ⇒ Boolean
Return if this rule was defined as right.
-
#static? ⇒ Boolean
Return if this rule can be evaluated without a resource.
-
#to_s ⇒ Object
:nodoc:.
Constructor Details
#initialize(name, policy_class, *args, &block) ⇒ Rule
Initialize a rule
15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
# File 'lib/annotation_security/policy/rule.rb', line 15 def initialize(name,policy_class,*args,&block) # :nodoc: super() @name = name.to_sym @policy_class = policy_class @proc = block read_flags(args) (args) if @proc initialize_for_proc(args) else initialize_for_string(args) end raise ArgumentError, "#{self}: Unexpected Arguments: #{args.join ','}" unless args.blank? #puts self end |
Instance Method Details
#copy(policy_class) ⇒ Object
Creates a copy for policy class
128 129 130 131 |
# File 'lib/annotation_security/policy/rule.rb', line 128 def copy(policy_class) # :nodoc: args = [name, policy_class,flag,,@condition].compact self.class.new(*args,&@proc) end |
#dynamic? ⇒ Boolean
Return if this rule can be evaluated with a resource
63 64 65 66 67 |
# File 'lib/annotation_security/policy/rule.rb', line 63 def dynamic? # :nodoc: return @dynamic unless @dynamic.nil? lazy_initialize @dynamic end |
#evaluate(policy, *args) ⇒ Object
Evaluate proc for policy
115 116 117 118 119 120 121 122 123 124 |
# File 'lib/annotation_security/policy/rule.rb', line 115 def evaluate(policy,*args) # :nodoc: raise AnnotationSecurity::RuleError, "#{self}: This rule has no proc" unless @proc if @arity == 0 policy.instance_exec(&@proc) elsif @arity > 0 policy.instance_exec(*(args[0..@arity-1]),&@proc) else policy.instance_exec(*args,&@proc) end end |
#extend_class(klass) ⇒ Object
Creates a method for a policy class that evaluates this rule
-
klass
either @policy_class or its static partner
78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 |
# File 'lib/annotation_security/policy/rule.rb', line 78 def extend_class(klass) # :nodoc: # Arguments passed to AbstractPolicy#user_roles # * +role+ symbol identifying the role a user must have (or nil) # * +user_required+ if false, the rule will also be # evaluated if the user is nil user_args = "#{@as ? ":#@as" : 'nil'},#{requires_credential?}" # Actual logic of the rule rule_code = @proc ? code_for_proc : code_for_string # Arguments passed to RuleExecutionError#new if an error occured # while evaluating the rule # * +rule+ full name of the rule # * +proc+ true iif this rule is defined with a proc # * +ex+ the original exeption ex_args = "'#{full_name}',#{@proc ? true : false},$!" code = "def #@name(*args) \n" # If parameter :is is given, @user.is_{@is}? has to return true. # code << "return false if @user.nil? || [email protected]_#@is?\n" if @is code << %{ # __resource__ = @resource return user_roles(#{user_args}).any? do |__user__| #{rule_code} end rescue StandardError raise $! if $!.is_a? AnnotationSecurity::SecurityError raise AnnotationSecurity::RuleExecutionError.new(#{ex_args}) end} klass.class_eval(code) self end |
#flag_s ⇒ Object
:nodoc:
40 41 42 43 44 45 |
# File 'lib/annotation_security/policy/rule.rb', line 40 def flag_s # :nodoc: (@right ? 'r' : '-') + (@static.nil? ? '?' : (@static ? 's' : '-')) + (@dynamic.nil? ? '?' : (@dynamic ? 'd' : '-')) + (@req_user.nil? ? '?' : (@req_user ? 'u' : '-')) end |
#full_name ⇒ Object
:nodoc:
36 37 38 |
# File 'lib/annotation_security/policy/rule.rb', line 36 def full_name # :nodoc: "#@policy_class##@name" end |
#name ⇒ Object
:nodoc:
133 134 135 |
# File 'lib/annotation_security/policy/rule.rb', line 133 def name # :nodoc: @name end |
#requires_credential? ⇒ Boolean
:nodoc:
69 70 71 72 73 |
# File 'lib/annotation_security/policy/rule.rb', line 69 def requires_credential? # :nodoc: return @req_user unless @req_user.nil? lazy_initialize @req_user end |
#right? ⇒ Boolean
Return if this rule was defined as right
49 50 51 |
# File 'lib/annotation_security/policy/rule.rb', line 49 def right? # :nodoc: @right end |
#static? ⇒ Boolean
Return if this rule can be evaluated without a resource
55 56 57 58 59 |
# File 'lib/annotation_security/policy/rule.rb', line 55 def static? # :nodoc: return @static unless @static.nil? lazy_initialize @static end |
#to_s ⇒ Object
:nodoc:
32 33 34 |
# File 'lib/annotation_security/policy/rule.rb', line 32 def to_s # :nodoc: "<#{full_name}[#{flag_s}]>" end |