Class: Lockdown::Permission

Inherits:
Object
  • Object
show all
Defined in:
lib/lockdown/permission.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(name_symbol) ⇒ Permission

A Permission is a set of rules that are, through UserGroups, assigned to users to allow access to system resources.

Summary of controller oriented methods:

# defines which controller we're talking about
.with_controller(:controller_name)  #all_methods is the default

# only these methods on the controller
.only_methods(:meth1, :meth2)       

# all controller methods except these
.except_methods(:meth1, :meth2)

Summary of model oriented methods:

# defines which model we're talking about
.to_model(:model)         

# model_method is simply a public method on :model
.where(:model_method)           

# controller_method must equal model_method
.equals(:controller_method)         

# controller_method.include?(model_method)
.is_in(:controller_method)

Example:

# Define a permission called 'Manage Users' that allows users access
# all methods on the users_controller

set_permission(:manage_users).
  with_controller(:users)

# Define a permission called "My Account" that only allows a user access
# to methods show and update and the current_user_id must match the id 
# of the user being modified

set_permission(:my_account).
  with_controller(:users).
  only_methods(:show, :update).
  to_model(:user).
    where(:current_user_id).
    equals(:id)



97
98
99
100
101
102
103
104
 
# File 'lib/lockdown/permission.rb', line 97

def initialize(name_symbol)
  @name             = name_symbol
  @controllers      = {}
  @models           = {}
  @current_context  = Lockdown::RootContext.new(name_symbol)
  @public_access    = false
  @protected_access = false
end

Instance Attribute Details

#controllersObject (readonly)

Returns the value of attribute controllers.



47
48
49
 
# File 'lib/lockdown/permission.rb', line 47

def controllers
  @controllers
end

#modelsObject (readonly)

Returns the value of attribute models.



47
48
49
 
# File 'lib/lockdown/permission.rb', line 47

def models
  @models
end

#nameObject (readonly)

Returns the value of attribute name.



47
48
49
 
# File 'lib/lockdown/permission.rb', line 47

def name
  @name
end

Instance Method Details

#==(other) ⇒ Object 



202
203
204
 
# File 'lib/lockdown/permission.rb', line 202

def ==(other)
  name == other.name
end

#current_contextObject 



190
191
192
 
# File 'lib/lockdown/permission.rb', line 190

def current_context
  @current_context
end

#current_controllerObject 



194
195
196
 
# File 'lib/lockdown/permission.rb', line 194

def current_controller
  @controllers[current_context.name]
end

#current_modelObject 



198
199
200
 
# File 'lib/lockdown/permission.rb', line 198

def current_model
  @models[current_context.name]
end

#equals(controller_method) ⇒ Object 



150
151
152
153
154
155
156
 
# File 'lib/lockdown/permission.rb', line 150

def equals(controller_method)
  validate_context

  associate_controller_method(controller_method, :==)
  @current_context = Lockdown::RootContext.new(@name)
  self
end

#except_methods(*methods) ⇒ Object 



125
126
127
128
129
130
131
132
 
# File 'lib/lockdown/permission.rb', line 125

def except_methods(*methods)
  validate_context

  current_controller.except_methods = methods

  @current_context = Lockdown::RootContext.new(@name)
  self
end

#is_in(controller_method) ⇒ Object Also known as: includes 



158
159
160
161
162
163
164
 
# File 'lib/lockdown/permission.rb', line 158

def is_in(controller_method)
  validate_context

  associate_controller_method(controller_method, :include?)
  @current_context = Lockdown::RootContext.new(@name)
  self
end

#only_methods(*methods) ⇒ Object 



117
118
119
120
121
122
123
 
# File 'lib/lockdown/permission.rb', line 117

def only_methods(*methods)
  validate_context

  current_controller.only_methods = methods
  @current_context = Lockdown::RootContext.new(@name)
  self
end

#protected_access?Boolean

Returns:

  • (Boolean) 


172
173
174
 
# File 'lib/lockdown/permission.rb', line 172

def protected_access?
  @protected_access
end

#public_access?Boolean

Returns:

  • (Boolean) 


168
169
170
 
# File 'lib/lockdown/permission.rb', line 168

def public_access?
  @public_access
end

#set_as_protected_accessObject 



183
184
185
186
187
188
 
# File 'lib/lockdown/permission.rb', line 183

def set_as_protected_access
  if public_access?
    raise Lockdown::PermissionScopeCollision, "Permission: #{name} already marked as public and trying to set as protected."
  end
  @protected_access = true
end

#set_as_public_accessObject 



176
177
178
179
180
181
 
# File 'lib/lockdown/permission.rb', line 176

def set_as_public_access
  if protected_access?
    raise Lockdown::PermissionScopeCollision, "Permission: #{name} already marked as protected and trying to set as public."
  end
  @public_access = true
end

#to_model(name_symbol, param = :id) ⇒ Object 



134
135
136
137
138
139
140
 
# File 'lib/lockdown/permission.rb', line 134

def to_model(name_symbol, param = :id)
  validate_context

  @models[name_symbol] = Model.new(name_symbol, param)
  @current_context = Lockdown::ModelContext.new(name_symbol)
  self
end

#where(model_method) ⇒ Object 



142
143
144
145
146
147
148
 
# File 'lib/lockdown/permission.rb', line 142

def where(model_method)
  validate_context

  current_model.model_method = model_method
  @current_context = Lockdown::ModelWhereContext.new(current_context.name)
  self
end

#with_controller(name_symbol) ⇒ Object Also known as: and_controller 



106
107
108
109
110
111
112
113
 
# File 'lib/lockdown/permission.rb', line 106

def with_controller(name_symbol)
  validate_context

  controller = Controller.new(name_symbol)
  @controllers[name_symbol] = controller
  @current_context = Lockdown::ControllerContext.new(name_symbol)
  self
end