Class: Hyrax::AccessControlList

Inherits:

Object

• Object
• Hyrax::AccessControlList

Defined in:

app/services/hyrax/access_control_list.rb

Overview

ACLs for ‘Hyrax::Resource` models

Allows managing ‘Hyrax::Permission` entries referring to a specific `Hyrax::Resource` using a simple add/delete model.

Examples:

Using the Grant DSL

my_resource = Hyrax.query_service.find_by(id: 'my_id')

acl = Hyrax::AccessControlList.new(resource: resource)
acl.permissions # => #<Set: {}>

user  = User.first
group = Group.new('public')

acl.grant(:read).to(group)
acl.grant(:edit).to(user)

acl.permissions
# => #<Set: {#<Hyrax::Permission access_to=#<Valkyrie::ID:0x000055628b0ae0b8 @id="my_id"> agent="group/public" mode=:read>,
  #<Hyrax::Permission access_to=#<Valkyrie::ID:0x000055628be41388 @id="my_id"> agent="user1@example.com" mode=:edit>}>

acl.revoke(:edit).from(user)

acl.permissions
# => #<Set: {#<Hyrax::Permission access_to=#<Valkyrie::ID:0x000055628b0ae0b8 @id="my_id"> agent="group/public" mode=:read>}>

Defined Under Namespace

Classes: ModeEditor, ModeGrant, ModeRevoke

Instance Attribute Summary

• #persister ⇒ #save readonly
• #query_service ⇒ Object readonly
• #resource ⇒ Valkyrie::Resource

Class Method Summary

• .copy_permissions(source:, target:) ⇒ Hyrax::AccessControlList

  Copy and save permissions from source to target.

Instance Method Summary

• #<<(permission) ⇒ Boolean (also: #add)
• #delete(permission) ⇒ Boolean
• #destroy ⇒ Boolean

  Deletes the ACL for the resource.

• #grant(mode) ⇒ Object
• #initialize(resource:, persister: Hyrax.persister, query_service: Hyrax.query_service) ⇒ AccessControlList constructor

  A new instance of AccessControlList.

• #pending_changes? ⇒ Boolean
• #permissions ⇒ Set<Hyrax::Permission>
• #permissions=(new_permissions) ⇒ Array<Hyrax::Permission>
• #revoke(mode) ⇒ Object
• #save ⇒ Boolean

  Saves the ACL for the resource, by saving each permission policy.

Constructor Details

#initialize(resource:, persister: Hyrax.persister, query_service: Hyrax.query_service) ⇒ AccessControlList

Returns a new instance of AccessControlList.

Parameters:

• resource (Valkyrie::Resource)
• persister (#save) (defaults to: Hyrax.persister) —

  defaults to the configured Hyrax persister

• query_service (#find_inverse_references_by) (defaults to: Hyrax.query_service) —

  defaults to the configured Hyrax query service

# File 'app/services/hyrax/access_control_list.rb', line 67

def initialize(resource:, persister: Hyrax.persister, query_service: Hyrax.query_service)
  self.resource  = resource
  @persister     = persister
  @query_service = query_service
end

Instance Attribute Details

#persister ⇒ #save (readonly)

Returns:

• (#save)

# File 'app/services/hyrax/access_control_list.rb', line 57

def persister
  @persister
end

#query_service ⇒ Object (readonly)

# File 'app/services/hyrax/access_control_list.rb', line 57

attr_reader :persister, :query_service

#resource ⇒ Valkyrie::Resource

Returns:

• (Valkyrie::Resource)

# File 'app/services/hyrax/access_control_list.rb', line 57

attr_reader :persister, :query_service

Class Method Details

.copy_permissions(source:, target:) ⇒ Hyrax::AccessControlList

Copy and save permissions from source to target

Parameters:

• source (Valkyrie::Resource, Hyrax::AccessControlList)
• target (Valkyrie::Resource, Hyrax::AccessControlList)

Returns:

• (Hyrax::AccessControlList) —

  an acl for ‘target` with the updated permissions

# File 'app/services/hyrax/access_control_list.rb', line 80

def self.copy_permissions(source:, target:)
  target = Hyrax::AccessControlList(target)
  target.permissions = Hyrax::AccessControlList(source).permissions
  target.save && target
end

Instance Method Details

#<<(permission) ⇒ Boolean Also known as: add

Parameters:

• permission (Hyrax::Permission)

Returns:

• (Boolean)

# File 'app/services/hyrax/access_control_list.rb', line 92

def <<(permission)
  permission.access_to = resource.id

  change_set.permissions += [permission]

  true
end

#delete(permission) ⇒ Boolean

Parameters:

• permission (Hyrax::Permission)

Returns:

• (Boolean)

# File 'app/services/hyrax/access_control_list.rb', line 107

def delete(permission)
  change_set.permissions -= [permission]

  true
end

#destroy ⇒ Boolean

Deletes the ACL for the resource

Returns:

• (Boolean)

# File 'app/services/hyrax/access_control_list.rb', line 183

def destroy
  persister.delete(resource: change_set.resource) if change_set.resource.persisted?
  @change_set = nil

  true
end

#grant(mode) ⇒ Object

Examples:

user = User.find('user_id')

acl.grant(:read).to(user)

# File 'app/services/hyrax/access_control_list.rb', line 120

def grant(mode)
  ModeGrant.new(self, mode)
end

#pending_changes? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/services/hyrax/access_control_list.rb', line 128

def pending_changes?
  change_set.changed?
end

#permissions ⇒ Set<Hyrax::Permission>

Returns:

• (Set<Hyrax::Permission>)

# File 'app/services/hyrax/access_control_list.rb', line 136

def permissions
  Set.new(change_set.permissions)
end

#permissions=(new_permissions) ⇒ Array<Hyrax::Permission>

Returns:

• (Array<Hyrax::Permission>)

# File 'app/services/hyrax/access_control_list.rb', line 144

def permissions=(new_permissions)
  change_set.permissions = []
  new_permissions.each { |p| self << p }
end

#revoke(mode) ⇒ Object

Examples:

user = User.find('user_id')

acl.revoke(:read).from(user)

# File 'app/services/hyrax/access_control_list.rb', line 156

def revoke(mode)
  ModeRevoke.new(self, mode)
end

#save ⇒ Boolean

Saves the ACL for the resource, by saving each permission policy

Returns:

• (Boolean)

# File 'app/services/hyrax/access_control_list.rb', line 166

def save
  return true unless pending_changes?

  change_set.sync
  persister.save(resource: change_set.resource)
  Hyrax.publisher.publish('object.acl.updated', acl: self, result: :success)
  @change_set = nil

  true
end