Module: Eaco::Resource

Defined in:

lib/eaco/resource.rb

Overview

A Resource is an object that can be authorized. It has an ACL, that defines the access levels of Designators. Actors have many designators and the highest priority ones that matches the ACL yields the access level of the Actor to this Resource.

If there is no match between the Actor‘s designators and the ACL, then access is denied.

Authorized resources are defined through the DSL, see DSL::Resource.

TODO Negative authorizations

See Also:

• ACL
• Actor
• Designator
• DSL::Resource

Defined Under Namespace

Modules: ClassMethods

Instance Method Summary

• #allows?(action, actor) ⇒ Boolean

  Whether the given action is allowed to the given actor.

• #batch_grant(role, designators) ⇒ ACL

  Grants the given set of designators access as to this Resource as the given role.

• #change_acl {|ACL| ... } ⇒ ACL protected

  Changes the ACL, calling the persistance setter if it changes.

• #check_role!(role) ⇒ Object protected

  Checks whether the given role is valid for this Resource.

• #grant(role, *designator) ⇒ ACL

  Grants the given designator access to this Resource as the given role.

• #revoke(*designator) ⇒ ACL

  Revokes the given designator access to this Resource.

• #role_of(actor) ⇒ Symbol

  The role of the given actor.

Instance Method Details

#allows?(action, actor) ⇒ Boolean

# File 'lib/eaco/resource.rb', line 147

def allows?(action, actor)
  self.class.allows?(action, actor, self)
end

#batch_grant(role, designators) ⇒ ACL

Grants the given set of designators access as to this Resource as the given role.

See Also:

• #change_acl

# File 'lib/eaco/resource.rb', line 199

def batch_grant(role, designators)
  self.check_role!(role)

  change_acl do |acl|
    designators.each do |designator|
      acl.add(role, designator)
    end
    acl
  end
end

#change_acl {|ACL| ... } ⇒ ACL (protected)

Changes the ACL, calling the persistance setter if it changes.

Yields:

• (ACL) —

  the current ACL or a new one if no ACL is set

# File 'lib/eaco/resource.rb', line 218

def change_acl
  acl = yield self.acl.try(:dup) || self.class.acl.new

  self.acl = acl unless acl == self.acl

  return self.acl
end

#check_role!(role) ⇒ Object (protected)

Checks whether the given role is valid for this Resource.

Raises:

• (Eaco::Error) —

  if not valid.

# File 'lib/eaco/resource.rb', line 233

def check_role!(role)
  unless self.class.role?(role)
    raise Error,
      "The `#{role}' role is not valid for `#{self.class.name}' objects. " \
      "Valid roles are: `#{self.class.roles.join(', ')}'"
  end
end

#grant(role, *designator) ⇒ ACL

Grants the given designator access to this Resource as the given role.

See Also:

• #change_acl

# File 'lib/eaco/resource.rb', line 170

def grant(role, *designator)
  self.check_role!(role)

  change_acl {|acl| acl.add(role, *designator) }
end

#revoke(*designator) ⇒ ACL

Revokes the given designator access to this Resource.

See Also:

• #change_acl

# File 'lib/eaco/resource.rb', line 185

def revoke(*designator)
  change_acl {|acl| acl.del(*designator) }
end

#role_of(actor) ⇒ Symbol

# File 'lib/eaco/resource.rb', line 156

def role_of(actor)
  self.class.role_of(actor, self)
end