Module: CrudComponents::Permission
- Defined in:
- lib/crud_components/permission_context.rb
Overview
Shared evaluation of if:/editable: options on attributes and actions. A
callable may depend on the ability (can? is available in its context),
the record (a one-arity lambda / it-proc receives it), or both:
if: ->(book) { can?(:edit, book) && book.published? }
recordless: is what a record-dependent condition evaluates to when there
is no record to decide about — a column-level / strong-params check, where
the lambda can't run (it would hit nil). It is true for visibility
(if: — show the column; the record/form surfaces still apply the
per-record decision) and false for editability (editable: — a
class-level permit list must not grant per-record write access, so stay
safe). Ability-only conditions (Symbol, zero-arity lambda) don't need a
record and are evaluated regardless.
Class Method Summary collapse
Class Method Details
.permitted?(condition, model, context, record = nil, recordless: true) ⇒ Boolean
33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 |
# File 'lib/crud_components/permission_context.rb', line 33 def permitted?(condition, model, context, record = nil, recordless: true) return true if condition.nil? case condition when Symbol # Sugar for can?(symbol, record) — the record being decided about — so a # symbol matches the derived action check (can?(:edit, @book)). For a # column-level decision there is no record, so fall back to the model # class (can?(symbol, Book)). context.can?(condition, record || model) when Proc if condition.lambda? && condition.arity.zero? context.instance_exec(&condition) # ability-only — no record needed elsif record.nil? recordless # record-dependent, but nothing to decide on else context.instance_exec(record, &condition) # receives the record; can? still in scope end else if !condition.respond_to?(:call) !!condition elsif record.nil? recordless else condition.call(record) end end end |