Module: Sequel::Plugins::Privacy::InstanceMethods

Extended by:
T::Helpers, T::Sig
Defined in:
lib/sequel/plugins/privacy.rb

Instance Method Summary collapse

Instance Method Details

#allow?(vc, action, direct_object = nil) ⇒ Boolean

Returns:

  • (Boolean) 


648
649
650
651
652
653
654
655
656
 
# File 'lib/sequel/plugins/privacy.rb', line 648

def allow?(vc, action, direct_object = nil)
  policies = _privacy_class.privacy_policies[action]
  unless policies
    Sequel::Privacy.logger&.error("No policies defined for :#{action} on #{self.class}")
    return false
  end

  Sequel::Privacy::Enforcer.enforce(policies, self, vc, direct_object)
end

#for_vc(vc) ⇒ Object 



630
631
632
633
 
# File 'lib/sequel/plugins/privacy.rb', line 630

def for_vc(vc)
  @viewer_context = T.let(vc, T.nilable(Sequel::Privacy::ViewerContext))
  self
end

#save(*opts) ⇒ Object 



660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
 
# File 'lib/sequel/plugins/privacy.rb', line 660

def save(*opts)
  vc = viewer_context

  if vc.is_a?(Sequel::Privacy::OmniscientVC)
    Kernel.raise Sequel::Privacy::Unauthorized, 'Cannot mutate with OmniscientVC'
  end

  if vc
    action = new? ? :create : :edit

    Kernel.raise Sequel::Privacy::Unauthorized, "Cannot #{action} #{self.class}" unless allow?(vc, action)

    changed_columns.each do |field|
      policy = _privacy_class.privacy_fields[field]
      next unless policy

      unless allow?(vc, policy)
        Kernel.raise Sequel::Privacy::FieldUnauthorized,
                     "Cannot modify #{self.class}##{field} (policy: #{policy})"
      end
    end
  end

  super
end

#update(hash) ⇒ Object 



688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
 
# File 'lib/sequel/plugins/privacy.rb', line 688

def update(hash)
  vc = viewer_context
  if vc
    Kernel.raise Sequel::Privacy::Unauthorized, "Cannot edit #{self.class}" unless allow?(vc, :edit)

    hash.each_key do |field|
      policy = _privacy_class.privacy_fields[field]
      next unless policy

      unless allow?(vc, policy)
        Kernel.raise Sequel::Privacy::FieldUnauthorized,
                     "Cannot modify #{self.class}##{field} (policy: #{policy})"
      end
    end
  end

  super
end

#viewer_contextObject 



619
620
621
 
# File 'lib/sequel/plugins/privacy.rb', line 619

def viewer_context
  @viewer_context = T.let(@viewer_context, T.nilable(Sequel::Privacy::ViewerContext))
end

#viewer_context=(vc) ⇒ Object 



624
625
626
 
# File 'lib/sequel/plugins/privacy.rb', line 624

def viewer_context=(vc)
  @viewer_context = T.let(vc, T.nilable(Sequel::Privacy::ViewerContext))
end