Class: Pastore::Guards::Settings

Inherits:

Object

• Object
• Pastore::Guards::Settings

Defined in:

lib/pastore/guards/settings.rb

Overview

Implements a structure where to store the settings for the guards.

Instance Attribute Summary

• #forbidden_cbk ⇒ Object
• #role_detector ⇒ Object

Instance Method Summary

• #access_granted?(controller, action_name) ⇒ Boolean

  rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity.

• #authorize_with(method_name = nil, &block) ⇒ Object
• #current_role(controller) ⇒ Object

  Returns the current role for the controller.

• #deny_role(*roles) ⇒ Object
• #force_guards_for(*actions) ⇒ Object
• #initialize(superklass) ⇒ Settings constructor

  A new instance of Settings.

• #permit_role(*roles) ⇒ Object
• #reset! ⇒ Object
• #reset_buffer! ⇒ Object
• #save_guards_for(action_name) ⇒ Object
• #skip_guards_for(*actions) ⇒ Object
• #strategy ⇒ Object
• #use_allow_strategy! ⇒ Object
• #use_deny_strategy! ⇒ Object

Constructor Details

#initialize(superklass) ⇒ Settings

Returns a new instance of Settings.

# File 'lib/pastore/guards/settings.rb', line 9

def initialize(superklass)
  @super_guards = superklass.pastore_guards if superklass.respond_to?(:pastore_guards)
  @superclass = superklass
  reset!
end

Instance Attribute Details

#forbidden_cbk ⇒ Object

# File 'lib/pastore/guards/settings.rb', line 29

def forbidden_cbk
  @forbidden_cbk || @super_guards&.forbidden_cbk
end

#role_detector ⇒ Object

# File 'lib/pastore/guards/settings.rb', line 25

def role_detector
  @role_detector || @super_guards&.role_detector
end

Instance Method Details

#access_granted?(controller, action_name) ⇒ Boolean

rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity

Returns:

• (Boolean)

# File 'lib/pastore/guards/settings.rb', line 122

def access_granted?(controller, action_name) # rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
  # Get setting for the current action.
  action = @actions[action_name.to_sym]

  return true if skip_guards?(action_name)

  result = authorize_with_lambda(controller, action)
  return result unless result.nil?

  role = current_role(controller)

  return false if action&.dig(:denied_roles)&.include?(role)

  strategy == :allow || (strategy == :deny && action&.dig(:permitted_roles)&.include?(role)) || false
end

#authorize_with(method_name = nil, &block) ⇒ Object

# File 'lib/pastore/guards/settings.rb', line 75

def authorize_with(method_name = nil, &block)
  if @buffer[:permitted_roles].present? || @buffer[:denied_roles].present?
    raise Pastore::Guards::RoleConflictError, 'A role has already been specified with #permit_role or #deny_role'
  end

  custom_lambda = method_name.to_sym if method_name.is_a?(Symbol) || method_name.is_a?(String)
  custom_lambda = block if block_given?

  if custom_lambda.present?
    @buffer[:authorization_lambda] = custom_lambda
  else
    raise ArgumentError, 'A block or a method name must be provided'
  end
end

#current_role(controller) ⇒ Object

Returns the current role for the controller.

# File 'lib/pastore/guards/settings.rb', line 116

def current_role(controller)
  return nil if role_detector.blank?

  controller.instance_exec(&role_detector)&.to_s
end

#deny_role(*roles) ⇒ Object

# File 'lib/pastore/guards/settings.rb', line 60

def deny_role(*roles)
  new_roles = [roles].flatten.compact.uniq.map(&:to_s)
  conflicts = @buffer.fetch(:permitted_roles, []) & new_roles

  unless conflicts.empty?
    raise Pastore::Guards::RoleConflictError, "Roles conflict: #{conflicts} roles already specified with #permit_role"
  end

  if @buffer[:authorization_lambda].present?
    raise Pastore::Guards::RoleConflictError, 'An #authorize_with has already been specified'
  end

  @buffer[:denied_roles] = new_roles
end

#force_guards_for(*actions) ⇒ Object

# File 'lib/pastore/guards/settings.rb', line 111

def force_guards_for(*actions)
  @forced_guards = [actions].flatten.compact.map(&:to_sym)
end

#permit_role(*roles) ⇒ Object

# File 'lib/pastore/guards/settings.rb', line 45

def permit_role(*roles)
  new_roles = [roles].flatten.compact.uniq.map(&:to_s)
  conflicts = @buffer.fetch(:denied_roles, []) & new_roles

  unless conflicts.empty?
    raise Pastore::Guards::RoleConflictError, "Roles conflict: #{conflicts} roles already specified with #deny_role"
  end

  if @buffer[:authorization_lambda].present?
    raise Pastore::Guards::RoleConflictError, 'An #authorize_with has already been specified'
  end

  @buffer[:permitted_roles] = new_roles
end

#reset! ⇒ Object

# File 'lib/pastore/guards/settings.rb', line 15

def reset!
  @strategy = nil
  @role_detector = nil
  @forbidden_cbk = nil
  @actions = {}
  @buffer = {}
  @skipped_guards = []
  @forced_guards = []
end

#reset_buffer! ⇒ Object

# File 'lib/pastore/guards/settings.rb', line 103

def reset_buffer!
  @buffer = {}
end

#save_guards_for(action_name) ⇒ Object

# File 'lib/pastore/guards/settings.rb', line 90

def save_guards_for(action_name)
  return if @buffer.empty?

  name = action_name.to_sym
  @actions[name] ||= {}

  save_permitted_roles!(name)
  save_denied_roles!(name)
  save_authorization_lambda!(name)

  reset_buffer!
end

#skip_guards_for(*actions) ⇒ Object

# File 'lib/pastore/guards/settings.rb', line 107

def skip_guards_for(*actions)
  @skipped_guards = [actions].flatten.compact.map(&:to_sym)
end

#strategy ⇒ Object

# File 'lib/pastore/guards/settings.rb', line 41

def strategy
  @strategy || @super_guards&.strategy || :deny
end

#use_allow_strategy! ⇒ Object

# File 'lib/pastore/guards/settings.rb', line 33

def use_allow_strategy!
  @strategy = :allow
end

#use_deny_strategy! ⇒ Object

# File 'lib/pastore/guards/settings.rb', line 37

def use_deny_strategy!
  @strategy = :deny
end