Class: Biscuit::Consent

Inherits:

Object

• Object
• Biscuit::Consent

Defined in:

lib/biscuit/consent.rb

Constant Summary

CURRENT_VERSION =

1

Class Method Summary

• .build_value(categories) ⇒ Object

  Build the cookie value hash.

• .clear(cookies) ⇒ Object

  Clear the consent cookie.

• .parse(raw) ⇒ Object

  Parse raw cookie string.

• .write(cookies, categories) ⇒ Object

  Write consent cookie to the jar.

Instance Method Summary

• #allowed?(category) ⇒ Boolean

  True if the user has consented to this category.

• #given? ⇒ Boolean

  True if a valid consent decision has been recorded.

• #initialize(cookies) ⇒ Consent constructor

  cookies: ActionDispatch::Cookies::CookieJar.

Constructor Details

#initialize(cookies) ⇒ Consent

cookies: ActionDispatch::Cookies::CookieJar

# File 'lib/biscuit/consent.rb', line 6

def initialize(cookies)
  @cookies = cookies
  @data    = self.class.parse(cookies[Biscuit.configuration.cookie_name])
end

Class Method Details

.build_value(categories) ⇒ Object

Build the cookie value hash. Always forces necessary: true.

# File 'lib/biscuit/consent.rb', line 44

def self.build_value(categories)
  cats = categories.transform_keys(&:to_s)
                   .transform_values { |v| v == true || v == "true" }
  cats["necessary"] = true
  { "v" => CURRENT_VERSION, "consented_at" => Time.now.utc.iso8601, "categories" => cats }
end

.clear(cookies) ⇒ Object

Clear the consent cookie.

# File 'lib/biscuit/consent.rb', line 39

def self.clear(cookies)
  cookies.delete(Biscuit.configuration.cookie_name)
end

.parse(raw) ⇒ Object

Parse raw cookie string. Returns nil if blank, invalid JSON, or wrong version.

# File 'lib/biscuit/consent.rb', line 52

def self.parse(raw)
  return nil if raw.blank?
  data = JSON.parse(raw)
  return nil unless data.is_a?(Hash) && data["v"] == CURRENT_VERSION && data["categories"].is_a?(Hash)
  data
rescue JSON::ParserError
  nil
end

.write(cookies, categories) ⇒ Object

Write consent cookie to the jar.

# File 'lib/biscuit/consent.rb', line 25

def self.write(cookies, categories)
  value  = build_value(categories)
  config = Biscuit.configuration
  cookies[config.cookie_name] = {
    value:     value.to_json,
    expires:   config.cookie_expires_days.days.from_now,
    path:      config.cookie_path,
    domain:    config.cookie_domain,
    same_site: config.cookie_same_site,
    httponly:  false   # Must be readable by JS for client-side consent checks
  }
end

Instance Method Details

#allowed?(category) ⇒ Boolean

True if the user has consented to this category. :necessary always returns true regardless of cookie state.

Returns:

• (Boolean)

# File 'lib/biscuit/consent.rb', line 18

def allowed?(category)
  return true if category.to_sym == :necessary
  return false unless given?
  @data.dig("categories", category.to_s) == true
end

#given? ⇒ Boolean

True if a valid consent decision has been recorded.

Returns:

• (Boolean)

# File 'lib/biscuit/consent.rb', line 12

def given?
  !@data.nil?
end