Class: Lockdown::Permission

Inherits:
Object
  • Object
show all
Defined in:
lib/lockdown/permission.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(name_symbol) ⇒ Permission

A Permission is a set of rules that are, through UserGroups, assigned to users to allow access to system resources.

Summary of controller oriented methods:

# defines which controller we're talking about
.with_controller(:controller_name)  #all_methods is the default

# only these methods on the controller
.only_methods(:meth1, :meth2)       

# all controller methods except these
.except_methods(:meth1, :meth2)

Summary of model oriented methods:

# defines which model we're talking about
.to_model(:model_name)         

# data_method must be available to the controller
.where(:data_method)           

# model_name.value_method must equal data_method
.equals(:value_method)         

# model_name.values_method.include?(data_method)
.is_in(:values_method)

Example:

# Define a permission called 'Manage Users' that allows users access
# all methods on the users_controller

set_permission(:manage_users).
  with_controller(:users)

# Define a permission called "My Account" that only allows a user access
# to methods show and update and the current_user_id must match the id 
# of the user being modified

set_permission(:my_account).
  with_controller(:users).
  only_methods(:show, :update).
  to_model(:user).
    where(:current_user_id).
    equals(:id)



76
77
78
79
80
81
 
# File 'lib/lockdown/permission.rb', line 76

def initialize(name_symbol)
  @name         = name_symbol
  @controllers  = {}
  @models       = {}
  @current_context = Lockdown::RootContext.new(name_symbol)
end

Instance Attribute Details

#controllersObject (readonly)

Returns the value of attribute controllers.



26
27
28
 
# File 'lib/lockdown/permission.rb', line 26

def controllers
  @controllers
end

#modelsObject (readonly)

Returns the value of attribute models.



26
27
28
 
# File 'lib/lockdown/permission.rb', line 26

def models
  @models
end

#nameObject (readonly)

Returns the value of attribute name.



26
27
28
 
# File 'lib/lockdown/permission.rb', line 26

def name
  @name
end

Instance Method Details

#==(other) ⇒ Object 



180
181
182
 
# File 'lib/lockdown/permission.rb', line 180

def ==(other)
  name == other.name
end

#current_contextObject 



168
169
170
 
# File 'lib/lockdown/permission.rb', line 168

def current_context
  @current_context
end

#current_controllerObject 



172
173
174
 
# File 'lib/lockdown/permission.rb', line 172

def current_controller
  @controllers[current_context.name]
end

#current_modelObject 



176
177
178
 
# File 'lib/lockdown/permission.rb', line 176

def current_model
  @models[current_context.name]
end

#equals(model_method) ⇒ Object 



128
129
130
131
132
133
134
 
# File 'lib/lockdown/permission.rb', line 128

def equals(model_method)
  validate_context

  associate_model_method(model_method, :equals)
  @current_context = Lockdown::RootContext.new(@name)
  self
end

#except_methods(*methods) ⇒ Object 



104
105
106
107
108
109
110
111
 
# File 'lib/lockdown/permission.rb', line 104

def except_methods(*methods)
  validate_context

  current_controller.access_methods = current_controller.access_methods - paths_for(current_controller.name, *methods)

  @current_context = Lockdown::RootContext.new(@name)
  self
end

#is_in(model_method) ⇒ Object Also known as: includes 



136
137
138
139
140
141
142
 
# File 'lib/lockdown/permission.rb', line 136

def is_in(model_method)
  validate_context

  associate_model_method(model_method, :includes)
  @current_context = Lockdown::RootContext.new(@name)
  self
end

#only_methods(*methods) ⇒ Object 



95
96
97
98
99
100
101
102
 
# File 'lib/lockdown/permission.rb', line 95

def only_methods(*methods)
  validate_context

  current_controller.access_methods = paths_for(current_controller.name, 
                                                *methods)
  @current_context = Lockdown::RootContext.new(@name)
  self
end

#protected_access?Boolean

Returns:

  • (Boolean) 


150
151
152
 
# File 'lib/lockdown/permission.rb', line 150

def protected_access?
  @protected_access
end

#public_access?Boolean

Returns:

  • (Boolean) 


146
147
148
 
# File 'lib/lockdown/permission.rb', line 146

def public_access?
  @public_access
end

#set_as_protected_accessObject 



161
162
163
164
165
166
 
# File 'lib/lockdown/permission.rb', line 161

def set_as_protected_access
  if public_access?
    raise PermissionScopeCollision, "Permission: #{name} already marked as public and trying to set as protected."
  end
  @protected_access = true
end

#set_as_public_accessObject 



154
155
156
157
158
159
 
# File 'lib/lockdown/permission.rb', line 154

def set_as_public_access
  if protected_access?
    raise PermissionScopeCollision, "Permission: #{name} already marked as protected and trying to set as public."
  end
  @public_access = true
end

#to_model(name_symbol) ⇒ Object 



113
114
115
116
117
118
119
 
# File 'lib/lockdown/permission.rb', line 113

def to_model(name_symbol)
  validate_context

  @models[name_symbol] = Model.new(name_symbol)
  @current_context = Lockdown::ModelContext.new(name_symbol)
  self
end

#where(controller_method) ⇒ Object 



121
122
123
124
125
126
 
# File 'lib/lockdown/permission.rb', line 121

def where(controller_method)
  validate_context

  @current_context = Lockdown::ModelWhereContext.new(current_context.name)
  self
end

#with_controller(name_symbol) ⇒ Object Also known as: and_controller 



83
84
85
86
87
88
89
90
91
 
# File 'lib/lockdown/permission.rb', line 83

def with_controller(name_symbol)
  validate_context

  controller = Controller.new(name_symbol)
  controller.access_methods = paths_for(name_symbol)
  @controllers[name_symbol] = controller
  @current_context = Lockdown::ControllerContext.new(name_symbol)
  self
end