Class: Canned::Profile

Inherits:

Object

Object
Canned::Profile

show all

Defined in:: lib/canned/profile.rb

Overview

Holds a profile definition and provides the validate method

This class instances are populated using the ProfileDsl.

profile :hola do

context { the(:user) }
context { a(:raffle) }

allow 'index', upon(:admin) { loads(:) where {  } } }
allow 'index', upon { the(:user_id) { is } and a(:raffle).is

end

Instance Attribute Summary collapse

#context ⇒ Object

Returns the value of attribute context.
#rules ⇒ Object

Returns the value of attribute rules.

Instance Method Summary collapse

#initialize ⇒ Profile constructor

A new instance of Profile.
#validate(_base, _actions) ⇒ Object

Constructor Details

#initialize ⇒ `Profile`

Returns a new instance of Profile.

# File 'lib/canned/profile.rb', line 21

def initialize
  @context = nil
  @rules = []
end

Instance Attribute Details

#context ⇒ `Object`

Returns the value of attribute context.



18
19
20

# File 'lib/canned/profile.rb', line 18

def context
  @context
end

#rules ⇒ `Object`

Returns the value of attribute rules.



19
20
21

# File 'lib/canned/profile.rb', line 19

def rules
  @rules
end

Instance Method Details

#validate(_base, _actions) ⇒ `Object`

# File 'lib/canned/profile.rb', line 26

def validate(_base, _actions)

  # TODO: optimize, do not process allow rules if already allowed.

  # run the context block if given
  # TODO: check base type when a context is used?
  _base = _base.instance_eval &@context if @context

  @rules.each do |rule|
    case rule[:type]
    when :allow
      if rule[:action].nil? or _actions.include? rule[:action]
        return :allowed if rule[:proc].nil? or _base.instance_eval(&rule[:proc])
      end
    when :forbid
      if rule[:action].nil? or _actions.include? rule[:action]
        return :forbidden if rule[:proc].nil? or _base.instance_eval(&rule[:proc])
      end
    when :continue
      # continue block's interrupt flow if false
      return :break unless _base.instance_eval(&rule[:proc])
    when :expand
      # when evaluating an cross profile call, any special condition will cause to break.
      result = rule[:profile].validate(_base, _actions)
      return result if result != :default
    when :scope
      # when evaluating a child block, only break if a matching allow or forbid is found.
      result = rule[:profile].validate(_base, _actions)
      return result if result != :default and result != :break
    end
  end

  # No rule matched, return not allowed.
  return :default
end