Class: Fosm::Lifecycle::RoleDefinition

Inherits:

Object

• Object
• Fosm::Lifecycle::RoleDefinition

Defined in:

lib/fosm/lifecycle/role_definition.rb

Overview

Describes what a named role is permitted to do on a FOSM object.

CRUD permissions and lifecycle event permissions are tracked separately. A role grants read access to see the object, write access to mutate it, and specific event access to fire lifecycle transitions.

Usage (inside an access block):

role :owner, default: true do
  can :crud                   # shorthand: create + read + update + delete
  can :send_invoice, :cancel  # specific lifecycle events
end

role :approver do
  can :read                   # view only
  can :pay                    # one lifecycle event
end

Constant Summary

CRUD_ACTIONS =

%i[create read update delete].freeze

CRUD_SHORTHAND =

:crud

Instance Attribute Summary

• #name ⇒ Object readonly

  Returns the value of attribute name.

Instance Method Summary

• #all_permissions ⇒ Object

  All permissions as a flat array (for display / introspection).

• #can(*actions) ⇒ Object

  Grant one or more permissions to this role.

• #can_crud?(action) ⇒ Boolean
• #can_event?(event_name) ⇒ Boolean
• #crud_permissions ⇒ Object
• #event_permissions ⇒ Object
• #initialize(name:) ⇒ RoleDefinition constructor

  A new instance of RoleDefinition.

Constructor Details

#initialize(name:) ⇒ RoleDefinition

Returns a new instance of RoleDefinition.

# File 'lib/fosm/lifecycle/role_definition.rb', line 26

def initialize(name:)
  @name             = name.to_sym
  @crud_permissions = Set.new
  @event_permissions = Set.new
end

Instance Attribute Details

#name ⇒ Object (readonly)

Returns the value of attribute name.

# File 'lib/fosm/lifecycle/role_definition.rb', line 24

def name
  @name
end

Instance Method Details

#all_permissions ⇒ Object

All permissions as a flat array (for display / introspection)

# File 'lib/fosm/lifecycle/role_definition.rb', line 57

def all_permissions
  (@crud_permissions + @event_permissions).sort
end

#can(*actions) ⇒ Object

Grant one or more permissions to this role.

Parameters:

• actions (Array<Symbol>) —

  :crud, :create/:read/:update/:delete, or any event name

# File 'lib/fosm/lifecycle/role_definition.rb', line 35

def can(*actions)
  actions.each do |action|
    sym = action.to_sym
    if sym == CRUD_SHORTHAND
      @crud_permissions += CRUD_ACTIONS
    elsif CRUD_ACTIONS.include?(sym)
      @crud_permissions << sym
    else
      @event_permissions << sym
    end
  end
end

#can_crud?(action) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/fosm/lifecycle/role_definition.rb', line 48

def can_crud?(action)
  @crud_permissions.include?(action.to_sym)
end

#can_event?(event_name) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/fosm/lifecycle/role_definition.rb', line 52

def can_event?(event_name)
  @event_permissions.include?(event_name.to_sym)
end

#crud_permissions ⇒ Object

# File 'lib/fosm/lifecycle/role_definition.rb', line 61

def crud_permissions
  @crud_permissions.to_a.sort
end

#event_permissions ⇒ Object

# File 'lib/fosm/lifecycle/role_definition.rb', line 65

def event_permissions
  @event_permissions.to_a.sort
end