Class: ViewModel::AccessControl::Tree

Inherits:

ViewModel::AccessControl

• Object
• ViewModel::AccessControl
• ViewModel::AccessControl::Tree

Defined in:

lib/view_model/access_control/tree.rb

Overview

Defines an access control discipline for a given action against a tree of viewmodels.

Extends the basic AccessControl to offer different checking based on the view type and position in a viewmodel tree.

Access checks for each given node type are specified at class level as ‘ComposedAccessControl`s, using `view` blocks. Checks that apply to all node types are specified in an `always` block.

In addition, node types can be marked as a ‘root’. Root types may permit and veto access to their non-root tree descendents with the additional access checks ‘root_children_editable,visible_if!` and `root_children_ editable,visible_unless!`. The results of evaluating these checks on entry to the root node.object_id will be cached and used when evaluating `visible` and `editable` on children.

Defined Under Namespace

Classes: Node

Constant Summary

Constants included from Callbacks

Callbacks::ALWAYS

Class Attribute Summary

• .view_policies ⇒ Object readonly

  Returns the value of attribute view_policies.

Class Method Summary

• .always(&block) ⇒ Object
• .create_policy(view_name) ⇒ Object

  implementation.

• .find_or_create_policy(view_name) ⇒ Object
• .include_from(ancestor) ⇒ Object
• .inherited(subclass) ⇒ Object
• .initialize_as_tree_access_control ⇒ Object
• .inspect ⇒ Object
• .view(view_name, &block) ⇒ Object

  Definition language.

Instance Method Summary

• #cleanup_descendent_results(view) ⇒ Object
• #editable_check(traversal_env) ⇒ Object
• #fetch_descendent_editability(view) ⇒ Object
• #fetch_descendent_visibility(view) ⇒ Object
• #initialize ⇒ Tree constructor

  A new instance of Tree.

• #store_descendent_editability(view, descendent_editability) ⇒ Object
• #store_descendent_visibility(view, descendent_visibility) ⇒ Object
• #valid_edit_check(traversal_env) ⇒ Object
• #visible_check(traversal_env) ⇒ Object

  Evaluation entry points.

Methods inherited from ViewModel::AccessControl

#editable!, #visible!

Methods included from Callbacks

#ineligible, #run_callback, wrap_deserialize, wrap_serialize

Constructor Details

#initialize ⇒ Tree

Returns a new instance of Tree.

# File 'lib/view_model/access_control/tree.rb', line 78

def initialize
  super()
  @always_policy_instance = self.class::AlwaysPolicy.new(self)
  @view_policy_instances  = self.class.view_policies.each_with_object({}) { |(name, policy), h| h[name] = policy.new(self) }
  @root_visibility_store  = {}
  @root_editability_store = {}
end

Class Attribute Details

.view_policies ⇒ Object (readonly)

Returns the value of attribute view_policies.

# File 'lib/view_model/access_control/tree.rb', line 19

def view_policies
  @view_policies
end

Class Method Details

.always(&block) ⇒ Object

# File 'lib/view_model/access_control/tree.rb', line 52

def always(&block)
  self::AlwaysPolicy.instance_exec(&block)
end

.create_policy(view_name) ⇒ Object

implementation

# File 'lib/view_model/access_control/tree.rb', line 58

def create_policy(view_name)
  policy = Class.new(Node)
  # View names are not necessarily rails constants, but we want
  # `const_set` them so they show up in stack traces.
  mangled_name = view_name.tr('.', '_')
  const_set(:"#{mangled_name}Policy", policy)
  view_policies[view_name] = policy
  policy.include_from(self::AlwaysPolicy)
  policy
end

.find_or_create_policy(view_name) ⇒ Object

# File 'lib/view_model/access_control/tree.rb', line 69

def find_or_create_policy(view_name)
  view_policies.fetch(view_name) { create_policy(view_name) }
end

.include_from(ancestor) ⇒ Object

# File 'lib/view_model/access_control/tree.rb', line 32

def include_from(ancestor)
  unless ancestor < ViewModel::AccessControl::Tree
    raise ArgumentError.new("Invalid ancestor: #{ancestor}")
  end

  @included_checkers << ancestor

  self::AlwaysPolicy.include_from(ancestor::AlwaysPolicy)
  ancestor.view_policies.each do |view_name, ancestor_policy|
    policy = find_or_create_policy(view_name)
    policy.include_from(ancestor_policy)
  end
end

.inherited(subclass) ⇒ Object

# File 'lib/view_model/access_control/tree.rb', line 21

def inherited(subclass)
  super
  subclass.initialize_as_tree_access_control
end

.initialize_as_tree_access_control ⇒ Object

# File 'lib/view_model/access_control/tree.rb', line 26

def initialize_as_tree_access_control
  @included_checkers = []
  @view_policies     = {}
  const_set(:AlwaysPolicy, Class.new(Node))
end

.inspect ⇒ Object

# File 'lib/view_model/access_control/tree.rb', line 73

def inspect
  "#{super}(checks:\n#{@view_policies.values.map(&:inspect).join("\n")}\n#{self::AlwaysPolicy.inspect}\nincluded checkers: #{@included_checkers})"
end

.view(view_name, &block) ⇒ Object

Definition language

# File 'lib/view_model/access_control/tree.rb', line 47

def view(view_name, &block)
  policy = find_or_create_policy(view_name)
  policy.instance_exec(&block)
end

Instance Method Details

#cleanup_descendent_results(view) ⇒ Object

# File 'lib/view_model/access_control/tree.rb', line 125

def cleanup_descendent_results(view)
  @root_visibility_store.delete(view.object_id)
  @root_editability_store.delete(view.object_id)
end

#editable_check(traversal_env) ⇒ Object

# File 'lib/view_model/access_control/tree.rb', line 91

def editable_check(traversal_env)
  policy_instance_for(traversal_env.view).editable_check(traversal_env)
end

#fetch_descendent_editability(view) ⇒ Object

# File 'lib/view_model/access_control/tree.rb', line 106

def fetch_descendent_editability(view)
  @root_editability_store.fetch(view.object_id) do
    raise RuntimeError.new("No root access control data recorded for root")
  end
end

#fetch_descendent_visibility(view) ⇒ Object

# File 'lib/view_model/access_control/tree.rb', line 119

def fetch_descendent_visibility(view)
  @root_visibility_store.fetch(view.object_id) do
    raise RuntimeError.new("No root access control data recorded for root")
  end
end

#store_descendent_editability(view, descendent_editability) ⇒ Object

# File 'lib/view_model/access_control/tree.rb', line 99

def store_descendent_editability(view, descendent_editability)
  if @root_editability_store.has_key?(view.object_id)
    raise RuntimeError.new("Root access control data already saved for root")
  end
  @root_editability_store[view.object_id] = descendent_editability
end

#store_descendent_visibility(view, descendent_visibility) ⇒ Object

# File 'lib/view_model/access_control/tree.rb', line 112

def store_descendent_visibility(view, descendent_visibility)
  if @root_visibility_store.has_key?(view.object_id)
    raise RuntimeError.new("Root access control data already saved for root")
  end
  @root_visibility_store[view.object_id] = descendent_visibility
end

#valid_edit_check(traversal_env) ⇒ Object

# File 'lib/view_model/access_control/tree.rb', line 95

def valid_edit_check(traversal_env)
  policy_instance_for(traversal_env.view).valid_edit_check(traversal_env)
end

#visible_check(traversal_env) ⇒ Object

Evaluation entry points

# File 'lib/view_model/access_control/tree.rb', line 87

def visible_check(traversal_env)
  policy_instance_for(traversal_env.view).visible_check(traversal_env)
end