Class: Authorization::AuthorizationRule

Inherits:

Object

• Object
• Authorization::AuthorizationRule

Defined in:

lib/declarative_authorization/authorization.rb

Instance Attribute Summary

• #attributes ⇒ Object readonly

  Returns the value of attribute attributes.

• #contexts ⇒ Object readonly

  Returns the value of attribute contexts.

• #join_operator ⇒ Object readonly

  Returns the value of attribute join_operator.

• #privileges ⇒ Object readonly

  Returns the value of attribute privileges.

• #role ⇒ Object readonly

  Returns the value of attribute role.

• #source_file ⇒ Object readonly

  Returns the value of attribute source_file.

• #source_line ⇒ Object readonly

  Returns the value of attribute source_line.

Instance Method Summary

• #append_attribute(attribute) ⇒ Object
• #append_privileges(privs) ⇒ Object
• #initialize(role, privileges = [], contexts = nil, join_operator = :or, options = {}) ⇒ AuthorizationRule constructor

  A new instance of AuthorizationRule.

• #initialize_copy(from) ⇒ Object
• #matches?(roles, privs, context = nil) ⇒ Boolean
• #obligations(attr_validator) ⇒ Object
• #to_long_s ⇒ Object
• #validate?(attr_validator, skip_attribute = false) ⇒ Boolean

Constructor Details

#initialize(role, privileges = [], contexts = nil, join_operator = :or, options = {}) ⇒ AuthorizationRule

Returns a new instance of AuthorizationRule.

# File 'lib/declarative_authorization/authorization.rb', line 443

def initialize(role, privileges = [], contexts = nil, join_operator = :or,
      options = {})
  @role = role
  @privileges = Set.new(privileges)
  @contexts = Set.new((contexts && !contexts.is_a?(Array) ? [contexts] : contexts))
  @join_operator = join_operator
  @attributes = []
  @source_file = options[:source_file]
  @source_line = options[:source_line]
end

Instance Attribute Details

#attributes ⇒ Object (readonly)

Returns the value of attribute attributes.

# File 'lib/declarative_authorization/authorization.rb', line 440

def attributes
  @attributes
end

#contexts ⇒ Object (readonly)

Returns the value of attribute contexts.

# File 'lib/declarative_authorization/authorization.rb', line 440

def contexts
  @contexts
end

#join_operator ⇒ Object (readonly)

Returns the value of attribute join_operator.

# File 'lib/declarative_authorization/authorization.rb', line 440

def join_operator
  @join_operator
end

#privileges ⇒ Object (readonly)

Returns the value of attribute privileges.

# File 'lib/declarative_authorization/authorization.rb', line 440

def privileges
  @privileges
end

#role ⇒ Object (readonly)

Returns the value of attribute role.

# File 'lib/declarative_authorization/authorization.rb', line 440

def role
  @role
end

#source_file ⇒ Object (readonly)

Returns the value of attribute source_file.

# File 'lib/declarative_authorization/authorization.rb', line 440

def source_file
  @source_file
end

#source_line ⇒ Object (readonly)

Returns the value of attribute source_line.

# File 'lib/declarative_authorization/authorization.rb', line 440

def source_line
  @source_line
end

Instance Method Details

#append_attribute(attribute) ⇒ Object

# File 'lib/declarative_authorization/authorization.rb', line 464

def append_attribute(attribute)
  @attributes << attribute
end

#append_privileges(privs) ⇒ Object

# File 'lib/declarative_authorization/authorization.rb', line 460

def append_privileges(privs)
  @privileges.merge(privs)
end

#initialize_copy(from) ⇒ Object

# File 'lib/declarative_authorization/authorization.rb', line 454

def initialize_copy(from)
  @privileges = @privileges.clone
  @contexts = @contexts.clone
  @attributes = @attributes.collect {|attribute| attribute.clone }
end

#matches?(roles, privs, context = nil) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/declarative_authorization/authorization.rb', line 468

def matches?(roles, privs, context = nil)
  roles = Hash[[*roles].map { |r| [r, true] }] unless roles.is_a?(Hash)
  @contexts.include?(context) && roles.include?(@role) && privs.any? { |priv| @privileges.include?(priv) }
end

#obligations(attr_validator) ⇒ Object

# File 'lib/declarative_authorization/authorization.rb', line 484

def obligations(attr_validator)
  exceptions = []
  obligations = @attributes.collect do |attr|
    begin
      attr.obligation(attr_validator)
    rescue NotAuthorized => e
      exceptions << e
      nil
    end
  end

  if exceptions.length > 0 and (@join_operator == :and or exceptions.length == @attributes.length)
    raise NotAuthorized, "Missing authorization in collecting obligations: #{exceptions.map(&:to_s) * ", "}"
  end

  if @join_operator == :and and !obligations.empty?
    # cross product of OR'ed obligations in arrays
    arrayed_obligations = obligations.map {|obligation| obligation.is_a?(Hash) ? [obligation] : obligation}
    merged_obligations = arrayed_obligations.first
    arrayed_obligations[1..-1].each do |inner_obligations|
      previous_merged_obligations = merged_obligations
      merged_obligations = inner_obligations.collect do |inner_obligation|
        previous_merged_obligations.collect do |merged_obligation|
          merged_obligation.deep_merge(inner_obligation)
        end
      end.flatten
    end
    obligations = merged_obligations
  else
    obligations = obligations.flatten.compact
  end
  obligations.empty? ? [{}] : obligations
end

#to_long_s ⇒ Object

# File 'lib/declarative_authorization/authorization.rb', line 518

def to_long_s
  attributes.collect {|attr| attr.to_long_s } * "; "
end

#validate?(attr_validator, skip_attribute = false) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/declarative_authorization/authorization.rb', line 473

def validate?(attr_validator, skip_attribute = false)
  skip_attribute or @attributes.empty? or
    @attributes.send(@join_operator == :and ? :all? : :any?) do |attr|
      begin
        attr.validate?(attr_validator)
      rescue NilAttributeValueError => e
        nil # Bumping up against a nil attribute value flunks the rule.
      end
    end
end