Class: Authorization::AuthorizationRule

Inherits:
Object
  • Object
show all
Defined in:
lib/declarative_authorization/authorization.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(role, privileges = [], contexts = nil, join_operator = :or, options = {}) ⇒ AuthorizationRule

Returns a new instance of AuthorizationRule.



331
332
333
334
335
336
337
338
339
340
# File 'lib/declarative_authorization/authorization.rb', line 331

def initialize (role, privileges = [], contexts = nil, join_operator = :or,
      options = {})
  @role = role
  @privileges = Set.new(privileges)
  @contexts = Set.new((contexts && !contexts.is_a?(Array) ? [contexts] : contexts))
  @join_operator = join_operator
  @attributes = []
  @source_file = options[:source_file]
  @source_line = options[:source_line]
end

Instance Attribute Details

#attributesObject (readonly)

Returns the value of attribute attributes.



328
329
330
# File 'lib/declarative_authorization/authorization.rb', line 328

def attributes
  @attributes
end

#contextsObject (readonly)

Returns the value of attribute contexts.



328
329
330
# File 'lib/declarative_authorization/authorization.rb', line 328

def contexts
  @contexts
end

#join_operatorObject (readonly)

Returns the value of attribute join_operator.



328
329
330
# File 'lib/declarative_authorization/authorization.rb', line 328

def join_operator
  @join_operator
end

#privilegesObject (readonly)

Returns the value of attribute privileges.



328
329
330
# File 'lib/declarative_authorization/authorization.rb', line 328

def privileges
  @privileges
end

#roleObject (readonly)

Returns the value of attribute role.



328
329
330
# File 'lib/declarative_authorization/authorization.rb', line 328

def role
  @role
end

#source_fileObject (readonly)

Returns the value of attribute source_file.



328
329
330
# File 'lib/declarative_authorization/authorization.rb', line 328

def source_file
  @source_file
end

#source_lineObject (readonly)

Returns the value of attribute source_line.



328
329
330
# File 'lib/declarative_authorization/authorization.rb', line 328

def source_line
  @source_line
end

Instance Method Details

#append_attribute(attribute) ⇒ Object



352
353
354
# File 'lib/declarative_authorization/authorization.rb', line 352

def append_attribute (attribute)
  @attributes << attribute
end

#append_privileges(privs) ⇒ Object



348
349
350
# File 'lib/declarative_authorization/authorization.rb', line 348

def append_privileges (privs)
  @privileges.merge(privs)
end

#initialize_copy(from) ⇒ Object



342
343
344
345
346
# File 'lib/declarative_authorization/authorization.rb', line 342

def initialize_copy (from)
  @privileges = @privileges.clone
  @contexts = @contexts.clone
  @attributes = @attributes.collect {|attribute| attribute.clone }
end

#matches?(roles, privs, context = nil) ⇒ Boolean

Returns:

  • (Boolean)


356
357
358
359
360
# File 'lib/declarative_authorization/authorization.rb', line 356

def matches? (roles, privs, context = nil)
  roles = [roles] unless roles.is_a?(Array)
  @contexts.include?(context) and roles.include?(@role) and 
    not (@privileges & privs).empty?
end

#obligations(attr_validator) ⇒ Object



373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
# File 'lib/declarative_authorization/authorization.rb', line 373

def obligations (attr_validator)
  exceptions = []
  obligations = @attributes.collect do |attr|
    begin
      attr.obligation(attr_validator)
    rescue NotAuthorized => e
      exceptions << e
      nil
    end
  end.flatten.compact

  if exceptions.length > 0 and (@join_operator == :and or exceptions.length == @attributes.length)
    raise NotAuthorized, "Missing authorization in collecting obligations: #{exceptions.map(&:to_s) * ", "}"
  end

  if @join_operator == :and and !obligations.empty?
    merged_obligation = obligations.first
    obligations[1..-1].each do |obligation|
      merged_obligation = merged_obligation.deep_merge(obligation)
    end
    obligations = [merged_obligation]
  end
  obligations.empty? ? [{}] : obligations
end

#to_long_sObject



398
399
400
# File 'lib/declarative_authorization/authorization.rb', line 398

def to_long_s
  attributes.collect {|attr| attr.to_long_s } * "; "
end

#validate?(attr_validator, skip_attribute = false) ⇒ Boolean

Returns:

  • (Boolean)


362
363
364
365
366
367
368
369
370
371
# File 'lib/declarative_authorization/authorization.rb', line 362

def validate? (attr_validator, skip_attribute = false)
  skip_attribute or @attributes.empty? or
    @attributes.send(@join_operator == :and ? :all? : :any?) do |attr|
      begin
        attr.validate?(attr_validator)
      rescue NilAttributeValueError => e
        nil # Bumping up against a nil attribute value flunks the rule.
      end
    end
end