Class: Shamu::Security::ActiveRecordPolicy
- Defined in:
- lib/shamu/security/active_record_policy.rb
Overview
Extends the standard Policy class to add ActiveRecord::Relation refinements based on granted policies.
Instance Attribute Summary
Attributes inherited from Policy
#principal, #related_user_ids, #roles
Dependencies collapse
-
#refine(*actions, model_class) {|relation, additional_context| ... }
Declare a refinement that should be applied to an ActiveRecord::Relation for the given actions.
Instance Method Summary collapse
-
#refine_relation(action, relation, additional_context = nil) ⇒ ActiveRecord::Relation
Refine an ActiveRecord::Relation to select only those records permitted for the given
action
.
Methods inherited from Policy
#add_rule, #alias_action, #authorize!, #deny, #dsl_resource, #expand_alias_into, #expand_aliases, #extract_resource, #fail_on_active_record_check, #in_role?, #initialize, #is_principal?, #permissions, #permit, #permit?, #resource, #when_elevated
Methods included from Roles
expand_roles, role, role_defined?, roles
Constructor Details
This class inherits a constructor from Shamu::Security::Policy
Instance Method Details
#refine(*actions, model_class) {|relation, additional_context| ... }
This method returns an undefined value.
Declare a refinement that should be applied to an ActiveRecord::Relation for the given actions. #refine_relation will yield the relation to any matching refinement to reduce the scope of available records available for projection.
94 95 96 |
# File 'lib/shamu/security/active_record_policy.rb', line 94 def refine( *actions, model_class, &block ) refinements << PolicyRefinement.new( ( actions ), model_class, block ) end |
#refine_relation(action, relation, additional_context = nil) ⇒ ActiveRecord::Relation
Refine an ActiveRecord::Relation to select only those records
permitted for the given action
.
49 50 51 52 53 54 55 56 57 58 59 60 61 |
# File 'lib/shamu/security/active_record_policy.rb', line 49 def refine_relation( action, relation, additional_context = nil ) refined = false refinements.each do |refinement| if refinement.match?( action, relation, additional_context ) refined = true relation = refinement.apply( relation, additional_context ) || relation end end refined ? relation : relation.none end |