Class: Authorization::AttributeWithPermission
- Defined in:
- lib/declarative_authorization/authorization.rb
Overview
An attribute condition that uses existing rules to decide validation and create obligations.
Instance Method Summary collapse
-
#initialize(privilege, attr_or_hash, context = nil) ⇒ AttributeWithPermission
constructor
E.g.
- #initialize_copy(from) ⇒ Object
-
#obligation(attr_validator, hash_or_attr = nil, path = []) ⇒ Object
may return an array of obligations to be OR’ed.
- #to_long_s ⇒ Object
- #validate?(attr_validator, object = nil, hash_or_attr = nil) ⇒ Boolean
Constructor Details
#initialize(privilege, attr_or_hash, context = nil) ⇒ AttributeWithPermission
E.g. privilege :read, attr_or_hash either :attribute or { :attribute => :deeper_attribute }
551 552 553 554 555 |
# File 'lib/declarative_authorization/authorization.rb', line 551 def initialize (privilege, attr_or_hash, context = nil) @privilege = privilege @context = context @attr_hash = attr_or_hash end |
Instance Method Details
#initialize_copy(from) ⇒ Object
557 558 559 |
# File 'lib/declarative_authorization/authorization.rb', line 557 def initialize_copy (from) @attr_hash = deep_hash_clone(@attr_hash) if @attr_hash.is_a?(Hash) end |
#obligation(attr_validator, hash_or_attr = nil, path = []) ⇒ Object
may return an array of obligations to be OR’ed
600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 |
# File 'lib/declarative_authorization/authorization.rb', line 600 def obligation (attr_validator, hash_or_attr = nil, path = []) hash_or_attr ||= @attr_hash case hash_or_attr when Symbol @context ||= begin rule_model = attr_validator.context.to_s.classify.constantize context_reflection = self.class.reflection_for_path(rule_model, path + [hash_or_attr]) if context_reflection.klass.respond_to?(:decl_auth_context) context_reflection.klass.decl_auth_context else context_reflection.klass.name.tableize.to_sym end rescue # missing model, reflections hash_or_attr.to_s.pluralize.to_sym end obligations = attr_validator.engine.obligations(@privilege, :context => @context, :user => attr_validator.user) obligations.collect {|obl| {hash_or_attr => obl} } when Hash obligations_array_attrs = [] obligations = hash_or_attr.inject({}) do |all, pair| attr, sub_hash = pair all[attr] = obligation(attr_validator, sub_hash, path + [attr]) if all[attr].length > 1 obligations_array_attrs << attr else all[attr] = all[attr].first end all end obligations = [obligations] obligations_array_attrs.each do |attr| next_array_size = obligations.first[attr].length obligations = obligations.collect do |obls| (0...next_array_size).collect do |idx| obls_wo_array = obls.clone obls_wo_array[attr] = obls_wo_array[attr][idx] obls_wo_array end end.flatten end obligations when NilClass attr_validator.engine.obligations(@privilege, :context => attr_validator.context, :user => attr_validator.user) else raise AuthorizationError, "Wrong conditions hash format: #{hash_or_attr.inspect}" end end |
#to_long_s ⇒ Object
655 656 657 |
# File 'lib/declarative_authorization/authorization.rb', line 655 def to_long_s "if_permitted_to #{@privilege.inspect}, #{@attr_hash.inspect}" end |
#validate?(attr_validator, object = nil, hash_or_attr = nil) ⇒ Boolean
561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 |
# File 'lib/declarative_authorization/authorization.rb', line 561 def validate? (attr_validator, object = nil, hash_or_attr = nil) object ||= attr_validator.object hash_or_attr ||= @attr_hash return false unless object case hash_or_attr when Symbol attr_value = object_attribute_value(object, hash_or_attr) case attr_value when nil raise NilAttributeValueError, "Attribute #{hash_or_attr.inspect} is nil in #{object.inspect}." when Enumerable attr_value.any? do |inner_value| attr_validator.engine.permit? @privilege, :object => inner_value, :user => attr_validator.user end else attr_validator.engine.permit? @privilege, :object => attr_value, :user => attr_validator.user end when Hash hash_or_attr.all? do |attr, sub_hash| attr_value = object_attribute_value(object, attr) if attr_value == nil raise NilAttributeValueError, "Attribute #{attr.inspect} is nil in #{object.inspect}." elsif attr_value.is_a?(Enumerable) attr_value.any? do |inner_value| validate?(attr_validator, inner_value, sub_hash) end else validate?(attr_validator, attr_value, sub_hash) end end when NilClass attr_validator.engine.permit? @privilege, :object => object, :user => attr_validator.user else raise AuthorizationError, "Wrong conditions hash format: #{hash_or_attr.inspect}" end end |