Module: Sequel::Plugins::Privacy::InstanceMethods

Extended by:
T::Helpers, T::Sig
Defined in:
lib/sequel/plugins/privacy.rb

Instance Method Summary collapse

Instance Method Details

#allow?(vc, action, direct_object = nil) ⇒ Boolean

Returns:

  • (Boolean) 


640
641
642
643
644
645
646
647
648
 
# File 'lib/sequel/plugins/privacy.rb', line 640

def allow?(vc, action, direct_object = nil)
  policies = _privacy_class.privacy_policies[action]
  unless policies
    Sequel::Privacy.logger&.error("No policies defined for :#{action} on #{self.class}")
    return false
  end

  Sequel::Privacy::Enforcer.enforce(policies, self, vc, direct_object)
end

#for_vc(vc) ⇒ Object 



622
623
624
625
 
# File 'lib/sequel/plugins/privacy.rb', line 622

def for_vc(vc)
  @viewer_context = T.let(vc, T.nilable(Sequel::Privacy::ViewerContext))
  self
end

#save(*opts) ⇒ Object 



652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
 
# File 'lib/sequel/plugins/privacy.rb', line 652

def save(*opts)
  vc = viewer_context

  if vc.is_a?(Sequel::Privacy::OmniscientVC)
    Kernel.raise Sequel::Privacy::Unauthorized, 'Cannot mutate with OmniscientVC'
  end

  if vc
    action = new? ? :create : :edit

    Kernel.raise Sequel::Privacy::Unauthorized, "Cannot #{action} #{self.class}" unless allow?(vc, action)

    changed_columns.each do |field|
      policy = _privacy_class.privacy_fields[field]
      next unless policy

      unless allow?(vc, policy)
        Kernel.raise Sequel::Privacy::FieldUnauthorized,
                     "Cannot modify #{self.class}##{field} (policy: #{policy})"
      end
    end
  end

  super
end

#update(hash) ⇒ Object 



680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
 
# File 'lib/sequel/plugins/privacy.rb', line 680

def update(hash)
  vc = viewer_context
  if vc
    Kernel.raise Sequel::Privacy::Unauthorized, "Cannot edit #{self.class}" unless allow?(vc, :edit)

    hash.each_key do |field|
      policy = _privacy_class.privacy_fields[field]
      next unless policy

      unless allow?(vc, policy)
        Kernel.raise Sequel::Privacy::FieldUnauthorized,
                     "Cannot modify #{self.class}##{field} (policy: #{policy})"
      end
    end
  end

  super
end

#viewer_contextObject 



611
612
613
 
# File 'lib/sequel/plugins/privacy.rb', line 611

def viewer_context
  @viewer_context = T.let(@viewer_context, T.nilable(Sequel::Privacy::ViewerContext))
end

#viewer_context=(vc) ⇒ Object 



616
617
618
 
# File 'lib/sequel/plugins/privacy.rb', line 616

def viewer_context=(vc)
  @viewer_context = T.let(vc, T.nilable(Sequel::Privacy::ViewerContext))
end