Class: Hyrax::AccessControlList

Inherits:
Object
  • Object
show all
Defined in:
app/services/hyrax/access_control_list.rb

Overview

ACLs for `Hyrax::Resource` models

Allows managing `Hyrax::Permission` entries referring to a specific `Hyrax::Resource` using a simple add/delete model.

Examples:

Using the Grant DSL

my_resource = Hyrax.query_service.find_by(id: 'my_id')

acl = Hyrax::AccessControlList.new(resource: resource)
acl.permissions # => #<Set: {}>

user  = User.first
group = Group.new('public')

acl.grant(:read).to(group)
acl.grant(:edit).to(user)

acl.permissions
# => #<Set: {#<Hyrax::Permission access_to=#<Valkyrie::ID:0x000055628b0ae0b8 @id="my_id"> agent="group/public" mode=:read>,
  #<Hyrax::Permission access_to=#<Valkyrie::ID:0x000055628be41388 @id="my_id"> agent="[email protected]" mode=:edit>}>

acl.revoke(:edit).from(user)

acl.permissions
# => #<Set: {#<Hyrax::Permission access_to=#<Valkyrie::ID:0x000055628b0ae0b8 @id="my_id"> agent="group/public" mode=:read>}>

Defined Under Namespace

Classes: ModeEditor, ModeGrant, ModeRevoke

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(resource:, persister: Hyrax.persister, query_service: Hyrax.query_service) ⇒ AccessControlList

Returns a new instance of AccessControlList.

Parameters:

  • resource (Valkyrie::Resource)
  • persister (#save) (defaults to: Hyrax.persister)

    defaults to the configured Hyrax persister

  • query_service (#find_inverse_references_by) (defaults to: Hyrax.query_service)

    defaults to the configured Hyrax query service


67
68
69
70
71
# File 'app/services/hyrax/access_control_list.rb', line 67

def initialize(resource:, persister: Hyrax.persister, query_service: Hyrax.query_service)
  self.resource  = resource
  @persister     = persister
  @query_service = query_service
end

Instance Attribute Details

#persister#save (readonly)

Returns:


57
58
59
# File 'app/services/hyrax/access_control_list.rb', line 57

def persister
  @persister
end

#query_serviceObject (readonly)


57
# File 'app/services/hyrax/access_control_list.rb', line 57

attr_reader :persister, :query_service

#resourceValkyrie::Resource

Returns:

  • (Valkyrie::Resource)

57
# File 'app/services/hyrax/access_control_list.rb', line 57

attr_reader :persister, :query_service

Class Method Details

.copy_permissions(source:, target:) ⇒ Hyrax::AccessControlList

Copy and save permissions from source to target

Parameters:

Returns:


80
81
82
83
84
# File 'app/services/hyrax/access_control_list.rb', line 80

def self.copy_permissions(source:, target:)
  target = Hyrax::AccessControlList(target)
  target.permissions = Hyrax::AccessControlList(source).permissions
  target.save && target
end

Instance Method Details

#<<(permission) ⇒ Boolean Also known as: add

Parameters:

Returns:

  • (Boolean)

92
93
94
95
96
97
98
# File 'app/services/hyrax/access_control_list.rb', line 92

def <<(permission)
  permission.access_to = resource.id

  change_set.permissions += [permission]

  true
end

#delete(permission) ⇒ Boolean

Parameters:

Returns:

  • (Boolean)

107
108
109
110
111
# File 'app/services/hyrax/access_control_list.rb', line 107

def delete(permission)
  change_set.permissions -= [permission]

  true
end

#grant(mode) ⇒ Object

Examples:

user = User.find('user_id')

acl.grant(:read).to(user)

120
121
122
# File 'app/services/hyrax/access_control_list.rb', line 120

def grant(mode)
  ModeGrant.new(self, mode)
end

#pending_changes?Boolean

Returns:

  • (Boolean)

128
129
130
# File 'app/services/hyrax/access_control_list.rb', line 128

def pending_changes?
  change_set.changed?
end

#permissionsSet<Hyrax::Permission>

Returns:


136
137
138
# File 'app/services/hyrax/access_control_list.rb', line 136

def permissions
  Set.new(change_set.permissions)
end

#permissions=(new_permissions) ⇒ Array<Hyrax::Permission>

Returns:


144
145
146
147
# File 'app/services/hyrax/access_control_list.rb', line 144

def permissions=(new_permissions)
  change_set.permissions = []
  new_permissions.each { |p| self << p }
end

#revoke(mode) ⇒ Object

Examples:

user = User.find('user_id')

acl.revoke(:read).from(user)

156
157
158
# File 'app/services/hyrax/access_control_list.rb', line 156

def revoke(mode)
  ModeRevoke.new(self, mode)
end

#saveBoolean

Saves the ACL for the resource, by saving each permission policy

Returns:

  • (Boolean)

166
167
168
169
170
171
172
173
174
175
# File 'app/services/hyrax/access_control_list.rb', line 166

def save
  return true unless pending_changes?

  change_set.sync
  persister.save(resource: change_set.resource)
  Hyrax.publisher.publish('object.acl.updated', acl: self, result: :success)
  @change_set = nil

  true
end