Class: Canned::ProfileDsl

Inherits:
Object
  • Object
show all
Defined in:
lib/canned/profile_dsl.rb

Overview

Holds all rules associated to a single user profile.

This class describes the avaliable DSL when defining a new profile. TODO: example

Instance Method Summary collapse

Constructor Details

#initialize(_profile, _loaded_profiles) ⇒ ProfileDsl

Returns a new instance of ProfileDsl.



10
11
12
13
 
# File 'lib/canned/profile_dsl.rb', line 10

def initialize(_profile, _loaded_profiles)
  @profile = _profile
  @loaded_profiles = _loaded_profiles
end

Instance Method Details

#allow(_action = nil, _proc = nil) ⇒ Object

 Adds an “allowance” rule

Examples:
   allow 'index'
   allow 'index', upon(:user) {

Parameters:

  • _action (String|Proc) (defaults to: nil)

    The action to authorize, if no action is given then rule apply to any action.

  • _proc (Proc) (defaults to: nil)

    The test procedure, if not given, then action is always allowed.



33
34
35
36
37
38
39
40
41
 
# File 'lib/canned/profile_dsl.rb', line 33

def allow(_action=nil, _proc=nil)

  if _action.is_a? Proc
    _proc = _action
    _action = nil
  end

  @profile.rules << { type: :allow, action: _action, proc: _proc }
end

#context(_proc = nil, &_block) ⇒ Object

Sets the default context for this profile block.



16
17
18
 
# File 'lib/canned/profile_dsl.rb', line 16

def context(_proc=nil, &_block)
  @profile.context = _proc || _block
end

#continue(_proc) ⇒ Object

Breaks from the current profile scope if condition is not match.

When calling this function from within a scope, it will only break from scope.

Example:
  # The following rules will be tested against every user
  allow 'index', upon(:user) { that(:is_registered) }
  allow 'index', upon(:user) { that(:is_alien) }
  allow 'index', upon(:user) { that(:is_chewbaka) }

  continue upon(:user) { that(:is_jedi) }
  # The following rules will only be tested against jedis
  allow 'index', upon(:user) { with(:force).greater_than(100) }



73
74
75
 
# File 'lib/canned/profile_dsl.rb', line 73

def continue(_proc)
  @profile.rules << { type: :continue, proc: _proc }
end

#expand(_profile) ⇒ Object

 Embedds a _profile inside another one.



79
80
81
82
83
 
# File 'lib/canned/profile_dsl.rb', line 79

def expand(_profile)
  profile = @loaded_profiles[_profile]
  raise SetupError.new "Profile not found '#{_profile}'" if profile.nil?
  @profile.rules << { type: :expand, profile: profile }
end

#forbid(_action = nil, _proc = nil) ⇒ Object

Adds a “forbidden” rule

Works the same way as allow but if rule checks then user is forbidden to access the resource regardles of presenting another profile that passes.



48
49
50
51
52
53
54
55
56
 
# File 'lib/canned/profile_dsl.rb', line 48

def forbid(_action=nil, _proc=nil)

  if _action.is_a? Proc
    _proc = _action
    _action = nil
  end

  @profile.rules << { type: :forbid, action: _action, proc: _proc }
end

#scope(&_block) ⇒ Object

Allows defining a set of rules with common options.

Example:
  # The following group
  scope upon: :user
    # the following only breaks from current scope.
    continue upon { that(:is_jedi) }
    # the following will only forbid jedis that belong to death star (resource).
    forbid 'index', upon { belongs_to(:death_star) }
    allow 'index', upon(:user) { that(:has_pony_tail) }
  end

  # the following rule will be tested against every user.
  allow 'index', upon(:user) { that(:is_registered) }



101
102
103
104
105
 
# File 'lib/canned/profile_dsl.rb', line 101

def scope(&_block)
  child = Profile.new
  ProfileDsl.new(child, @loaded_profiles).instance_eval &_block
  @profile.rules << { type: :scope, profile: child }
end

#upon(*_args, &_block) ⇒ Object

 Same as calling upon { the() … }



110
111
112
113
114
115
116
117
118
 
# File 'lib/canned/profile_dsl.rb', line 110

def upon(*_args, &_block)
  if _args.count == 0
    return _block
  elsif _block
    Proc.new { the(*_args).instance_eval &_block }
  else
    Proc.new { the(*_args) }
  end
end