Class: ViewModel::AccessControl::Tree

Inherits:

ViewModel::AccessControl

• Object
• ViewModel::AccessControl
• ViewModel::AccessControl::Tree

Defined in:

lib/view_model/access_control/tree.rb

Overview

Defines an access control discipline for a given action against a tree of viewmodels.

Extends the basic AccessControl to offer different checking based on the view type and position in a viewmodel tree.

Access checks for each given node type are specified at class level as ‘ComposedAccessControl`s, using `view` blocks. Checks that apply to all node types are specified in an `always` block.

In addition, node types can be marked as a ‘root’. Root types may permit and veto access to their non-root tree descendents with the additional access checks ‘root_children_editable,visible_if!` and `root_children_ editable,visible_unless!`. The results of evaluating these checks on entry to the root node.object_id will be cached and used when evaluating `visible` and `editable` on children.

Defined Under Namespace

Classes: Node

Constant Summary

Constants included from Callbacks

Callbacks::ALWAYS

Class Attribute Summary

• .view_policies ⇒ Object readonly

  Returns the value of attribute view_policies.

Class Method Summary

• .always(&block) ⇒ Object
• .create_policy(view_name) ⇒ Object

  implementation.

• .find_or_create_policy(view_name) ⇒ Object
• .include_from(ancestor) ⇒ Object
• .inherited(subclass) ⇒ Object
• .initialize_as_tree_access_control ⇒ Object
• .inspect ⇒ Object
• .view(view_name, &block) ⇒ Object

  Definition language.

Instance Method Summary

• #cleanup_descendent_results(view) ⇒ Object
• #editable_check(traversal_env) ⇒ Object
• #fetch_descendent_editability(view) ⇒ Object
• #fetch_descendent_visibility(view) ⇒ Object
• #initialize ⇒ Tree constructor

  A new instance of Tree.

• #store_descendent_editability(view, descendent_editability) ⇒ Object
• #store_descendent_visibility(view, descendent_visibility) ⇒ Object
• #valid_edit_check(traversal_env) ⇒ Object
• #visible_check(traversal_env) ⇒ Object

  Evaluation entry points.

Methods inherited from ViewModel::AccessControl

#editable!, #visible!

Methods included from Callbacks

#ineligible, #run_callback, wrap_deserialize, wrap_serialize

Constructor Details

#initialize ⇒ Tree

Returns a new instance of Tree.

# File 'lib/view_model/access_control/tree.rb', line 80

def initialize
  super()
  @always_policy_instance = self.class::AlwaysPolicy.new(self)
  @view_policy_instances  = self.class.view_policies.transform_values { |policy| policy.new(self) }
  @root_visibility_store  = {}
  @root_editability_store = {}
end

Class Attribute Details

.view_policies ⇒ Object (readonly)

Returns the value of attribute view_policies.

# File 'lib/view_model/access_control/tree.rb', line 21

def view_policies
  @view_policies
end

Class Method Details

.always(&block) ⇒ Object

# File 'lib/view_model/access_control/tree.rb', line 54

def always(&block)
  self::AlwaysPolicy.instance_exec(&block)
end

.create_policy(view_name) ⇒ Object

implementation

# File 'lib/view_model/access_control/tree.rb', line 60

def create_policy(view_name)
  policy = Class.new(Node)
  # View names are not necessarily rails constants, but we want
  # `const_set` them so they show up in stack traces.
  mangled_name = view_name.tr('.', '_')
  const_set(:"#{mangled_name}Policy", policy)
  view_policies[view_name] = policy
  policy.include_from(self::AlwaysPolicy)
  policy
end

.find_or_create_policy(view_name) ⇒ Object

# File 'lib/view_model/access_control/tree.rb', line 71

def find_or_create_policy(view_name)
  view_policies.fetch(view_name) { create_policy(view_name) }
end

.include_from(ancestor) ⇒ Object

# File 'lib/view_model/access_control/tree.rb', line 34

def include_from(ancestor)
  unless ancestor < ViewModel::AccessControl::Tree
    raise ArgumentError.new("Invalid ancestor: #{ancestor}")
  end

  @included_checkers << ancestor

  self::AlwaysPolicy.include_from(ancestor::AlwaysPolicy)
  ancestor.view_policies.each do |view_name, ancestor_policy|
    policy = find_or_create_policy(view_name)
    policy.include_from(ancestor_policy)
  end
end

.inherited(subclass) ⇒ Object

# File 'lib/view_model/access_control/tree.rb', line 23

def inherited(subclass)
  super
  subclass.initialize_as_tree_access_control
end

.initialize_as_tree_access_control ⇒ Object

# File 'lib/view_model/access_control/tree.rb', line 28

def initialize_as_tree_access_control
  @included_checkers = []
  @view_policies     = {}
  const_set(:AlwaysPolicy, Class.new(Node))
end

.inspect ⇒ Object

# File 'lib/view_model/access_control/tree.rb', line 75

def inspect
  "#{super}(checks:\n#{@view_policies.values.map(&:inspect).join("\n")}\n#{self::AlwaysPolicy.inspect}\nincluded checkers: #{@included_checkers})"
end

.view(view_name, &block) ⇒ Object

Definition language

# File 'lib/view_model/access_control/tree.rb', line 49

def view(view_name, &block)
  policy = find_or_create_policy(view_name)
  policy.instance_exec(&block)
end

Instance Method Details

#cleanup_descendent_results(view) ⇒ Object

# File 'lib/view_model/access_control/tree.rb', line 129

def cleanup_descendent_results(view)
  @root_visibility_store.delete(view.object_id)
  @root_editability_store.delete(view.object_id)
end

#editable_check(traversal_env) ⇒ Object

# File 'lib/view_model/access_control/tree.rb', line 93

def editable_check(traversal_env)
  policy_instance_for(traversal_env.view).editable_check(traversal_env)
end

#fetch_descendent_editability(view) ⇒ Object

# File 'lib/view_model/access_control/tree.rb', line 109

def fetch_descendent_editability(view)
  @root_editability_store.fetch(view.object_id) do
    raise RuntimeError.new('No root access control data recorded for root')
  end
end

#fetch_descendent_visibility(view) ⇒ Object

# File 'lib/view_model/access_control/tree.rb', line 123

def fetch_descendent_visibility(view)
  @root_visibility_store.fetch(view.object_id) do
    raise RuntimeError.new('No root access control data recorded for root')
  end
end

#store_descendent_editability(view, descendent_editability) ⇒ Object

# File 'lib/view_model/access_control/tree.rb', line 101

def store_descendent_editability(view, descendent_editability)
  if @root_editability_store.has_key?(view.object_id)
    raise RuntimeError.new('Root access control data already saved for root')
  end

  @root_editability_store[view.object_id] = descendent_editability
end

#store_descendent_visibility(view, descendent_visibility) ⇒ Object

# File 'lib/view_model/access_control/tree.rb', line 115

def store_descendent_visibility(view, descendent_visibility)
  if @root_visibility_store.has_key?(view.object_id)
    raise RuntimeError.new('Root access control data already saved for root')
  end

  @root_visibility_store[view.object_id] = descendent_visibility
end

#valid_edit_check(traversal_env) ⇒ Object

# File 'lib/view_model/access_control/tree.rb', line 97

def valid_edit_check(traversal_env)
  policy_instance_for(traversal_env.view).valid_edit_check(traversal_env)
end

#visible_check(traversal_env) ⇒ Object

Evaluation entry points

# File 'lib/view_model/access_control/tree.rb', line 89

def visible_check(traversal_env)
  policy_instance_for(traversal_env.view).visible_check(traversal_env)
end