Class: Hyrax::AccessControlList

Inherits:
Object
  • Object
show all
Defined in:
app/services/hyrax/access_control_list.rb

Overview

ACLs for ‘Hyrax::Resource` models

Allows managing ‘Hyrax::Permission` entries referring to a specific `Hyrax::Resource` using a simple add/delete model.

Examples:

Using the Grant DSL

my_resource = Hyrax.query_service.find_by(id: 'my_id')

acl = Hyrax::AccessControlList.new(resource: resource)
acl.permissions # => #<Set: {}>

user  = User.first
group = Group.new('public')

acl.grant(:read).to(group)
acl.grant(:edit).to(user)

acl.permissions
# => #<Set: {#<Hyrax::Permission access_to=#<Valkyrie::ID:0x000055628b0ae0b8 @id="my_id"> agent="group/public" mode=:read>,
  #<Hyrax::Permission access_to=#<Valkyrie::ID:0x000055628be41388 @id="my_id"> agent="[email protected]" mode=:edit>}>

acl.revoke(:edit).from(user)

acl.permissions
# => #<Set: {#<Hyrax::Permission access_to=#<Valkyrie::ID:0x000055628b0ae0b8 @id="my_id"> agent="group/public" mode=:read>}>

Defined Under Namespace

Classes: ModeEditor, ModeGrant, ModeRevoke

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(resource:, persister: Hyrax.persister, query_service: Hyrax.query_service) ⇒ AccessControlList

Returns a new instance of AccessControlList.

Parameters:

  • resource (Valkyrie::Resource)
  • persister (#save) (defaults to: Hyrax.persister)

    defaults to the configured Hyrax persister

  • query_service (#find_inverse_references_by) (defaults to: Hyrax.query_service)

    defaults to the configured Hyrax query service



77
78
79
80
81
 
# File 'app/services/hyrax/access_control_list.rb', line 77

def initialize(resource:, persister: Hyrax.persister, query_service: Hyrax.query_service)
  self.resource  = resource
  @persister     = persister
  @query_service = query_service
end

Instance Attribute Details

#persister#save (readonly)

Returns:



57
58
59
 
# File 'app/services/hyrax/access_control_list.rb', line 57

def persister
  @persister
end

#query_serviceObject (readonly) 



57
 
# File 'app/services/hyrax/access_control_list.rb', line 57

attr_reader :persister, :query_service

#resourceValkyrie::Resource

Returns:

  • (Valkyrie::Resource) 


57
 
# File 'app/services/hyrax/access_control_list.rb', line 57

attr_reader :persister, :query_service

Class Method Details

.copy_permissions(source:, target:) ⇒ Hyrax::AccessControlList

Copy and save permissions from source to target

Parameters:

Returns:



90
91
92
93
94
 
# File 'app/services/hyrax/access_control_list.rb', line 90

def self.copy_permissions(source:, target:)
  target = Hyrax::AccessControlList(target)
  target.permissions = Hyrax::AccessControlList(source).permissions
  target.save && target
end

Instance Method Details

#<<(permission) ⇒ Boolean Also known as: add

Parameters:

Returns:

  • (Boolean) 


102
103
104
105
106
107
108
 
# File 'app/services/hyrax/access_control_list.rb', line 102

def <<(permission)
  permission.access_to = resource.id

  change_set.permissions += [permission]

  true
end

#delete(permission) ⇒ Boolean

Parameters:

Returns:

  • (Boolean) 


117
118
119
120
121
 
# File 'app/services/hyrax/access_control_list.rb', line 117

def delete(permission)
  change_set.permissions -= [permission]

  true
end

#destroyBoolean

Deletes the ACL for the resource

Returns:

  • (Boolean) 


200
201
202
203
204
205
 
# File 'app/services/hyrax/access_control_list.rb', line 200

def destroy
  persister.delete(resource: change_set.resource) if change_set.resource.persisted?
  @change_set = nil

  true
end

#grant(mode) ⇒ Object

Examples:

user = User.find('user_id')

acl.grant(:read).to(user)


130
131
132
 
# File 'app/services/hyrax/access_control_list.rb', line 130

def grant(mode)
  ModeGrant.new(self, mode)
end

#pending_changes?Boolean

Returns:

  • (Boolean) 


138
139
140
 
# File 'app/services/hyrax/access_control_list.rb', line 138

def pending_changes?
  change_set.changed?
end

#permissionsSet<Hyrax::Permission>

Returns:



146
147
148
 
# File 'app/services/hyrax/access_control_list.rb', line 146

def permissions
  Set.new(change_set.permissions)
end

#permissions=(new_permissions) ⇒ Array<Hyrax::Permission>

Returns:



154
155
156
157
 
# File 'app/services/hyrax/access_control_list.rb', line 154

def permissions=(new_permissions)
  change_set.permissions = []
  new_permissions.each { |p| self << p }
end

#revoke(mode) ⇒ Object

Examples:

user = User.find('user_id')

acl.revoke(:read).from(user)


166
167
168
 
# File 'app/services/hyrax/access_control_list.rb', line 166

def revoke(mode)
  ModeRevoke.new(self, mode)
end

#saveBoolean

Saves the ACL for the resource, by saving each permission policy

Returns:

  • (Boolean) 


176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
 
# File 'app/services/hyrax/access_control_list.rb', line 176

def save
  return true unless pending_changes?

  change_set.sync

  # change_set.resource is a Hyrax::AccessControl
  #
  # We're setting the once fetched access_control_model to what was returned, so as to avoid
  # a refetch
  @access_control_model = persister.save(resource: change_set.resource)

  # self.resource is a Hyrax::Resource
  Hyrax.publisher.publish('object.acl.updated', acl: self, result: :success)
  @change_set = nil

  true
end