Module: Authorization::DevelopmentSupport::AnalyzerEngine
- Defined in:
- lib/declarative_authorization/development_support/development_support.rb
Overview
Groups utility methods and classes to better work with authorization object model.
Defined Under Namespace
Classes: Privilege, PrivilegesSet, Role, Rule
Class Method Summary collapse
- .apply_change(engine, change) ⇒ Object
- .relevant_roles(engine, users) ⇒ Object
- .roles(engine) ⇒ Object
- .rule_for_permission(engine, privilege, context, role) ⇒ Object
Class Method Details
.apply_change(engine, change) ⇒ Object
40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 |
# File 'lib/declarative_authorization/development_support/development_support.rb', line 40 def self.apply_change (engine, change) case change[0] when :add_role role_symbol = change[1] if engine.roles.include?(role_symbol) false else engine.roles << role_symbol true end when :add_privilege privilege, context, role = change[1,3] role = Role.for_sym(role.to_sym, engine) privilege = Privilege.for_sym(privilege.to_sym, engine) if ([privilege] + privilege.ancestors).any? {|ancestor_privilege| ([role] + role.ancestors).any? {|ancestor_role| !ancestor_role.(ancestor_privilege, context).empty?}} false else engine.auth_rules << AuthorizationRule.new(role.to_sym, [privilege.to_sym], [context]) true end when :remove_privilege privilege, context, role = change[1,3] role = Role.for_sym(role.to_sym, engine) privilege = Privilege.for_sym(privilege.to_sym, engine) rules_with_priv = role.(privilege, context) if rules_with_priv.empty? false else rules_with_priv.each do |rule| rule.rule.privileges.delete(privilege.to_sym) engine.auth_rules.delete(rule.rule) if rule.rule.privileges.empty? end true end end end |
.relevant_roles(engine, users) ⇒ Object
28 29 30 31 |
# File 'lib/declarative_authorization/development_support/development_support.rb', line 28 def self.relevant_roles (engine, users) users.collect {|user| user.role_symbols.map {|role_sym| Role.for_sym(role_sym, engine)}}. flatten.uniq.collect {|role| [role] + role.ancestors}.flatten.uniq end |
.roles(engine) ⇒ Object
24 25 26 |
# File 'lib/declarative_authorization/development_support/development_support.rb', line 24 def self.roles (engine) Role.all(engine) end |
.rule_for_permission(engine, privilege, context, role) ⇒ Object
33 34 35 36 37 38 |
# File 'lib/declarative_authorization/development_support/development_support.rb', line 33 def self. (engine, privilege, context, role) AnalyzerEngine.roles(engine). find {|cloned_role| cloned_role.to_sym == role.to_sym}.rules.find do |rule| rule.contexts.include?(context) and rule.privileges.include?(privilege) end end |