Module: Sequel::Plugins::Privacy::InstanceMethods

Extended by:
T::Helpers, T::Sig
Defined in:
lib/sequel/plugins/privacy.rb

Instance Method Summary collapse

Instance Method Details

#allow?(vc, action, direct_object = nil) ⇒ Boolean

Returns:

  • (Boolean) 


681
682
683
684
685
686
687
688
689
 
# File 'lib/sequel/plugins/privacy.rb', line 681

def allow?(vc, action, direct_object = nil)
  policies = _privacy_class.privacy_policies[action]
  unless policies
    Sequel::Privacy.logger&.error("No policies defined for :#{action} on #{self.class}")
    return false
  end

  Sequel::Privacy::Enforcer.enforce(policies, self, vc, direct_object)
end

#for_vc(vc) ⇒ Object 



663
664
665
666
 
# File 'lib/sequel/plugins/privacy.rb', line 663

def for_vc(vc)
  @viewer_context = T.let(vc, T.nilable(Sequel::Privacy::ViewerContext))
  self
end

#save(*opts) ⇒ Object 



693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
 
# File 'lib/sequel/plugins/privacy.rb', line 693

def save(*opts)
  vc = viewer_context

  if vc.is_a?(Sequel::Privacy::OmniscientVC)
    Kernel.raise Sequel::Privacy::Unauthorized, 'Cannot mutate with OmniscientVC'
  end

  if vc
    action = new? ? :create : :edit

    Kernel.raise Sequel::Privacy::Unauthorized, "Cannot #{action} #{self.class}" unless allow?(vc, action)

    changed_columns.each do |field|
      policy = _privacy_class.privacy_fields[field]
      next unless policy

      unless allow?(vc, policy)
        Kernel.raise Sequel::Privacy::FieldUnauthorized,
                     "Cannot modify #{self.class}##{field} (policy: #{policy})"
      end
    end
  end

  super
end

#update(hash) ⇒ Object 



721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
 
# File 'lib/sequel/plugins/privacy.rb', line 721

def update(hash)
  vc = viewer_context
  if vc
    Kernel.raise Sequel::Privacy::Unauthorized, "Cannot edit #{self.class}" unless allow?(vc, :edit)

    hash.each_key do |field|
      policy = _privacy_class.privacy_fields[field]
      next unless policy

      unless allow?(vc, policy)
        Kernel.raise Sequel::Privacy::FieldUnauthorized,
                     "Cannot modify #{self.class}##{field} (policy: #{policy})"
      end
    end
  end

  super
end

#viewer_contextObject 



652
653
654
 
# File 'lib/sequel/plugins/privacy.rb', line 652

def viewer_context
  @viewer_context = T.let(@viewer_context, T.nilable(Sequel::Privacy::ViewerContext))
end

#viewer_context=(vc) ⇒ Object 



657
658
659
 
# File 'lib/sequel/plugins/privacy.rb', line 657

def viewer_context=(vc)
  @viewer_context = T.let(vc, T.nilable(Sequel::Privacy::ViewerContext))
end