Module: Volt::Model::Permissions
- Included in:
- Volt::Model
- Defined in:
- lib/volt/models/permissions.rb
Overview
The permissions module provides helpers for working with Volt permissions.
Defined Under Namespace
Modules: ClassMethods
Class Method Summary collapse
Instance Method Summary collapse
-
#action_allowed?(action_name) ⇒ Boolean
Checks if any denies are in place for an action (read or delete).
- #allow(*fields) ⇒ Object
-
#allow_and_deny_fields(action_name) ⇒ Object
Return the list of allowed fields.
- #can_create? ⇒ Boolean
-
#can_delete? ⇒ Boolean
Returns boolean if the model can be deleted.
-
#can_read? ⇒ Boolean
Checks the read permissions.
- #deny(*fields) ⇒ Object
-
#filtered_attributes ⇒ Object
Filter fields returns the attributes with any denied or not allowed fields removed based on the current user.
-
#owner?(key = :user_id) ⇒ Boolean
owner? can be called on a model to check if the currently logged in user (“‘Volt.current_user“`) is the owner of this instance.
Class Method Details
.included(base) ⇒ Object
67 68 69 70 |
# File 'lib/volt/models/permissions.rb', line 67 def self.included(base) base.send(:extend, ClassMethods) base.class_attribute :__permissions__ end |
Instance Method Details
#action_allowed?(action_name) ⇒ Boolean
Checks if any denies are in place for an action (read or delete)
129 130 131 132 133 134 135 136 137 138 |
# File 'lib/volt/models/permissions.rb', line 129 def action_allowed?(action_name) # TODO: this does some unnecessary work compute_allow_and_deny(action_name) deny = @__deny_fields == true || (@__deny_fields && @__deny_fields.size > 0) clear_allow_and_deny return !deny end |
#allow(*fields) ⇒ Object
72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 |
# File 'lib/volt/models/permissions.rb', line 72 def allow(*fields) if @__allow_fields if @__allow_fields != true if fields.size == 0 # No field's were passed, this means we deny all @__allow_fields = true else # Fields were specified, add them to the list @__allow_fields += fields.map(&:to_sym) end end else raise "allow should be called inside of a permissions block" end end |
#allow_and_deny_fields(action_name) ⇒ Object
Return the list of allowed fields
141 142 143 144 145 146 147 148 149 |
# File 'lib/volt/models/permissions.rb', line 141 def allow_and_deny_fields(action_name) compute_allow_and_deny(action_name) result = [@__allow_fields, @__deny_fields] clear_allow_and_deny return result end |
#can_create? ⇒ Boolean
124 125 126 |
# File 'lib/volt/models/permissions.rb', line 124 def can_create? action_allowed?(:create) end |
#can_delete? ⇒ Boolean
Returns boolean if the model can be deleted
115 116 117 |
# File 'lib/volt/models/permissions.rb', line 115 def can_delete? action_allowed?(:delete) end |
#can_read? ⇒ Boolean
Checks the read permissions
120 121 122 |
# File 'lib/volt/models/permissions.rb', line 120 def can_read? action_allowed?(:read) end |
#deny(*fields) ⇒ Object
88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 |
# File 'lib/volt/models/permissions.rb', line 88 def deny(*fields) if @__deny_fields if @__deny_fields != true if fields.size == 0 # No field's were passed, this means we deny all @__deny_fields = true else # Fields were specified, add them to the list @__deny_fields += fields.map(&:to_sym) end end else raise "deny should be called inside of a permissions block" end end |
#filtered_attributes ⇒ Object
Filter fields returns the attributes with any denied or not allowed fields removed based on the current user.
Run with Volt.as_user(…) to change the user
155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 |
# File 'lib/volt/models/permissions.rb', line 155 def filtered_attributes # Run the read permission check allow, deny = allow_and_deny_fields(:read) if allow && allow != true && allow.size > 0 # always keep id allow << :_id # Only keep fields in the allow list return @attributes.select {|key| allow.include?(key) } elsif deny == true # Only keep id # TODO: Should this be a full reject? return @attributes.reject {|key| key != :_id } elsif deny && deny.size > 0 # Reject any in the deny list return @attributes.reject {|key| deny.include?(key) } else return @attributes end end |
#owner?(key = :user_id) ⇒ Boolean
owner? can be called on a model to check if the currently logged in user (“‘Volt.current_user“`) is the owner of this instance.
108 109 110 111 112 |
# File 'lib/volt/models/permissions.rb', line 108 def owner?(key=:user_id) # Lookup the original user_id owner_id = was(key) || send(:"_#{key}") owner_id != nil && owner_id == Volt.current_user_id end |