Class: Authorization::Reader::PrivilegesReader

Inherits:
Object
  • Object
show all
Defined in:
lib/declarative_authorization/reader.rb

Overview

The PrivilegeReader handles the part of the authorization DSL in a privileges block. Here, privilege hierarchies are defined.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initializePrivilegesReader

:nodoc:



129
130
131
132
133
134
135
# File 'lib/declarative_authorization/reader.rb', line 129

def initialize # :nodoc:
  @current_priv = nil
  @current_context = nil
  @privileges = []
  # {priv => [[priv,ctx], ...]}
  @privilege_hierarchy = {}
end

Instance Attribute Details

#privilege_hierarchyObject (readonly)

TODO handle privileges with separated context



127
128
129
# File 'lib/declarative_authorization/reader.rb', line 127

def privilege_hierarchy
  @privilege_hierarchy
end

#privilegesObject (readonly)

TODO handle privileges with separated context



127
128
129
# File 'lib/declarative_authorization/reader.rb', line 127

def privileges
  @privileges
end

Instance Method Details

#append_privilege(priv) ⇒ Object

:nodoc:



137
138
139
# File 'lib/declarative_authorization/reader.rb', line 137

def append_privilege (priv) # :nodoc:
  @privileges << priv unless @privileges.include?(priv)
end

#includes(*privileges) ⇒ Object

Specifies privileges that are to be assigned as lower ones. Only to be used inside a privilege block.

Raises:



163
164
165
166
167
168
169
170
# File 'lib/declarative_authorization/reader.rb', line 163

def includes (*privileges)
  raise DSLError, "includes only in privilege block" if @current_priv.nil?
  privileges.each do |priv|
    append_privilege priv
    @privilege_hierarchy[@current_priv] ||= []
    @privilege_hierarchy[@current_priv] << [priv, @current_context]
  end
end

#privilege(privilege, context = nil, options = {}, &block) ⇒ Object

Defines part of a privilege hierarchy. For the given privilege, included privileges may be defined in the block (through includes) or as option :includes. If the optional context is given, the privilege hierarchy is limited to that context.



146
147
148
149
150
151
152
153
154
155
156
157
158
159
# File 'lib/declarative_authorization/reader.rb', line 146

def privilege (privilege, context = nil, options = {}, &block)
  if context.is_a?(Hash)
    options = context
    context = nil
  end
  @current_priv = privilege
  @current_context = context
  append_privilege privilege
  instance_eval(&block) if block
  includes(*options[:includes]) if options[:includes]
ensure
  @current_priv = nil
  @current_context = nil
end