Module: Sequel::Plugins::Privacy::InstanceMethods

Extended by:
T::Helpers, T::Sig
Defined in:
lib/sequel/plugins/privacy.rb

Instance Method Summary collapse

Instance Method Details

#allow?(vc, action, direct_object = nil) ⇒ Boolean

Returns:

  • (Boolean) 


656
657
658
659
660
661
662
663
664
 
# File 'lib/sequel/plugins/privacy.rb', line 656

def allow?(vc, action, direct_object = nil)
  policies = _privacy_class.privacy_policies[action]
  unless policies
    Sequel::Privacy.logger&.error("No policies defined for :#{action} on #{self.class}")
    return false
  end

  Sequel::Privacy::Enforcer.enforce(policies, self, vc, direct_object)
end

#for_vc(vc) ⇒ Object 



638
639
640
641
 
# File 'lib/sequel/plugins/privacy.rb', line 638

def for_vc(vc)
  @viewer_context = T.let(vc, T.nilable(Sequel::Privacy::ViewerContext))
  self
end

#save(*opts) ⇒ Object 



668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
 
# File 'lib/sequel/plugins/privacy.rb', line 668

def save(*opts)
  vc = viewer_context

  if vc.is_a?(Sequel::Privacy::OmniscientVC)
    Kernel.raise Sequel::Privacy::Unauthorized, 'Cannot mutate with OmniscientVC'
  end

  if vc
    action = new? ? :create : :edit

    Kernel.raise Sequel::Privacy::Unauthorized, "Cannot #{action} #{self.class}" unless allow?(vc, action)

    changed_columns.each do |field|
      policy = _privacy_class.privacy_fields[field]
      next unless policy

      unless allow?(vc, policy)
        Kernel.raise Sequel::Privacy::FieldUnauthorized,
                     "Cannot modify #{self.class}##{field} (policy: #{policy})"
      end
    end
  end

  super
end

#update(hash) ⇒ Object 



696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
 
# File 'lib/sequel/plugins/privacy.rb', line 696

def update(hash)
  vc = viewer_context
  if vc
    Kernel.raise Sequel::Privacy::Unauthorized, "Cannot edit #{self.class}" unless allow?(vc, :edit)

    hash.each_key do |field|
      policy = _privacy_class.privacy_fields[field]
      next unless policy

      unless allow?(vc, policy)
        Kernel.raise Sequel::Privacy::FieldUnauthorized,
                     "Cannot modify #{self.class}##{field} (policy: #{policy})"
      end
    end
  end

  super
end

#viewer_contextObject 



627
628
629
 
# File 'lib/sequel/plugins/privacy.rb', line 627

def viewer_context
  @viewer_context = T.let(@viewer_context, T.nilable(Sequel::Privacy::ViewerContext))
end

#viewer_context=(vc) ⇒ Object 



632
633
634
 
# File 'lib/sequel/plugins/privacy.rb', line 632

def viewer_context=(vc)
  @viewer_context = T.let(vc, T.nilable(Sequel::Privacy::ViewerContext))
end