Class: CurrentScope::Role

Inherits:
ApplicationRecord show all
Defined in:
app/models/current_scope/role.rb

Overview

A named, editable bundle of permissions — a row, not a class. The same role means the same permission set whether held org-wide or scoped to a single record; only the reach differs.

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#permission_keys_changeObject (readonly)

The grid diff computed by the last save: { added: [...], removed: [...] }. Empty arrays on a no-op save; nil when no grid was staged (a programmatic save that never set permission_keys). Controllers read this to record the change — the model itself records nothing (seeds must stay silent).



18
19
20
# File 'app/models/current_scope/role.rb', line 18

def permission_keys_change
  @permission_keys_change
end

Instance Method Details

#grants?(permission_key) ⇒ Boolean

Returns:

  • (Boolean)


20
21
22
# File 'app/models/current_scope/role.rb', line 20

def grants?(permission_key)
  role_permissions.exists?(permission_key: permission_key)
end

#permission_keysObject



24
25
26
# File 'app/models/current_scope/role.rb', line 24

def permission_keys
  @pending_permission_keys || role_permissions.pluck(:permission_key)
end

#permission_keys=(keys) ⇒ Object

Stages a replacement permission set, dropping keys that aren't in the catalog (stale keys from removed controllers). Persisted on save, like any other attribute — never before validations pass.



31
32
33
# File 'app/models/current_scope/role.rb', line 31

def permission_keys=(keys)
  @pending_permission_keys = Array(keys).uniq.select { |k| CurrentScope.catalog.include?(k) }
end

#reloadObject



35
36
37
38
# File 'app/models/current_scope/role.rb', line 35

def reload(...)
  @pending_permission_keys = nil
  super
end