Class: PgSqlTriggers::Permissions::Checker

Inherits:

Object

• Object
• PgSqlTriggers::Permissions::Checker

Defined in:

lib/pg_sql_triggers/permissions/checker.rb

Class Method Summary

• .can?(actor, action, environment: nil) ⇒ Boolean
• .check!(actor, action, environment: nil) ⇒ Object

Class Method Details

.can?(actor, action, environment: nil) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/pg_sql_triggers/permissions/checker.rb', line 6

def self.can?(actor, action, environment: nil)
  action_sym = action.to_sym

  # If custom permission checker is configured, use it
  if PgSqlTriggers.permission_checker
    environment ||= PgSqlTriggers.default_environment.call if PgSqlTriggers.default_environment.respond_to?(:call)
    return PgSqlTriggers.permission_checker.call(actor, action_sym, environment)
  end

  # Default behavior: allow all permissions
  # This should be overridden in production via configuration
  true
end

.check!(actor, action, environment: nil) ⇒ Object

Raises:

• (PgSqlTriggers::PermissionError)

# File 'lib/pg_sql_triggers/permissions/checker.rb', line 20

def self.check!(actor, action, environment: nil)
  return true if can?(actor, action, environment: environment)

  action_sym = action.to_sym
  required_level = Permissions::ACTIONS[action_sym] || "unknown"
  message = "Permission denied: #{action_sym} requires #{required_level} level access"
  recovery = "Contact your administrator to request #{required_level} level access for this operation."

  raise PgSqlTriggers::PermissionError.new(
    message,
    error_code: "PERMISSION_DENIED",
    recovery_suggestion: recovery,
    context: { action: action_sym, required_role: required_level, environment: environment }
  )
end