Class: Sequel::Privacy::Policy

Inherits:

Proc

• Object
• Proc
• Sequel::Privacy::Policy

Extended by:

T::Sig

Defined in:

lib/sequel/privacy/policy.rb

Overview

A Policy wraps a Proc/lambda with metadata about how it should be evaluated.

Policies take 0-3 arguments depending on what context they need:

• 0 args: -> { allow } # Global decision

• 1 arg: ->(actor) { allow if actor.is_role?(:admin) }

• 2 args: ->(subject, actor) { allow if subject.owner_id == actor.id }

• 3 args: ->(subject, actor, direct_object) { … }

Policies must return :allow, :deny, :pass, or an array of policies (for combinators).

Instance Attribute Summary

• #comment ⇒ Object readonly

  Returns the value of attribute comment.

• #policy_name ⇒ Object readonly

  Returns the value of attribute policy_name.

Class Method Summary

• .create(policy_name, lam, comment = nil, cacheable: true, single_match: false) ⇒ Object

Instance Method Summary

• #cacheable? ⇒ Boolean
• #setup(policy_name: nil, comment: nil, cacheable: true, single_match: false) ⇒ Object

  Configure the policy after creation.

• #single_match? ⇒ Boolean

Instance Attribute Details

#comment ⇒ Object (readonly)

Returns the value of attribute comment.

# File 'lib/sequel/privacy/policy.rb', line 22

def comment
  @comment
end

#policy_name ⇒ Object (readonly)

Returns the value of attribute policy_name.

# File 'lib/sequel/privacy/policy.rb', line 19

def policy_name
  @policy_name
end

Class Method Details

.create(policy_name, lam, comment = nil, cacheable: true, single_match: false) ⇒ Object

# File 'lib/sequel/privacy/policy.rb', line 35

def self.create(policy_name, lam, comment = nil, cacheable: true, single_match: false)
  new(&lam).setup(
    policy_name: policy_name,
    comment: comment,
    cacheable: cacheable,
    single_match: single_match
  )
end

Instance Method Details

#cacheable? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/sequel/privacy/policy.rb', line 62

def cacheable?
  @cacheable || false
end

#setup(policy_name: nil, comment: nil, cacheable: true, single_match: false) ⇒ Object

Configure the policy after creation

Parameters:

• policy_name (Symbol, nil) (defaults to: nil) —

  Human-readable name for logging

• comment (String, nil) (defaults to: nil) —

  Description of what this policy does

• cacheable (Boolean) (defaults to: true) —

  Whether results can be cached (default: true)

• single_match (Boolean) (defaults to: false) —

  Whether only one subject/actor pair can match (default: false)

# File 'lib/sequel/privacy/policy.rb', line 50

def setup(policy_name: nil, comment: nil, cacheable: true, single_match: false)
  raise 'Privacy Policy is frozen' if @frozen

  @cacheable = cacheable
  @policy_name = policy_name.to_s
  @comment = comment
  @frozen = true
  @single_match = single_match
  self
end

#single_match? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/sequel/privacy/policy.rb', line 69

def single_match?
  @single_match || false
end