Module: Argus::Trail::Actor

Extended by:
ActiveSupport::Concern
Defined in:
lib/argus/trail/actor.rb

Overview

Include in your app's user/account model to opt it into role assignment and permission checks:

class User < ApplicationRecord
include Argus::Trail::Actor
end

An actor can hold any number of roles (0..N) — there is no separate single-role mode. Assign a lone role by passing a single id to sync_roles!.

Instance Method Summary collapse

Instance Method Details

#has_permission?(permission_name) ⇒ Boolean

Returns:

  • (Boolean)


27
28
29
# File 'lib/argus/trail/actor.rb', line 27

def has_permission?(permission_name)
  roles.joins(:permissions).exists?(Argus::Trail.config.permission_class.table_name => { name: permission_name })
end

#sync_roles!(new_role_ids, changed_by: Argus::Trail.config.changed_by_resolver.call) ⇒ Object

Diffs the requested role ids against the actor's current ones and writes one AuditEntry per addition/removal, so the audit log captures exactly which roles were assigned or revoked (not just "something changed").



34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
# File 'lib/argus/trail/actor.rb', line 34

def sync_roles!(new_role_ids, changed_by: Argus::Trail.config.changed_by_resolver.call)
  new_ids = Array(new_role_ids).map(&:to_i).reject(&:zero?)
  current_ids = role_ids

  added_ids   = new_ids - current_ids
  removed_ids = current_ids - new_ids

  transaction do
    self.role_ids = new_ids

    Argus::Trail.config.role_class.where(id: added_ids).find_each do |role|
      argus_trail_record_role_change("role_assigned", role, changed_by)
    end

    Argus::Trail.config.role_class.where(id: removed_ids).find_each do |role|
      argus_trail_record_role_change("role_revoked", role, changed_by)
    end
  end
end