Class: Textus::Domain::Policy::Predicates::ZoneWritableBy

Inherits:
Object
  • Object
show all
Defined in:
lib/textus/domain/policy/predicates/zone_writable_by.rb

Overview

Predicate #0 of every write guard. Wraps the post-0.31.0 capability topology gate (role.can ⊇ verb_for(zone.kind)). On failure, #error raises the capability-shaped WriteForbidden so the topology refusal — textus’s signature product feature — is unchanged.

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#reasonObject (readonly)

Returns the value of attribute reason.



12
13
14
 
# File 'lib/textus/domain/policy/predicates/zone_writable_by.rb', line 12

def reason
  @reason
end

Instance Method Details

#call(eval) ⇒ Object 



16
17
18
19
20
21
22
23
24
25
 
# File 'lib/textus/domain/policy/predicates/zone_writable_by.rb', line 16

def call(eval)
  manifest = eval.manifest
  @mentry = manifest.resolver.resolve(eval.target).entry
  return true if manifest.policy.permission_for(@mentry.zone.to_s).allows_write?(eval.actor)

  @verb    = manifest.policy.verb_for_zone(@mentry.zone) # capability the kind requires
  @holders = manifest.policy.roles_with_capability(@verb)
  @reason  = "zone '#{@mentry.zone}' needs capability '#{@verb}'; '#{eval.actor}' lacks it"
  false
end

#error(_eval) ⇒ Object

Matches the capability-shaped WriteForbidden landed by ADR 0030 Task 3:

WriteForbidden.new(key, zone, verb:, holders:)
→ "writing '<k>' (zone '<z>') needs capability '<verb>'",
  hint: "held by: <holders>; pass --as=<role>".



32
33
34
 
# File 'lib/textus/domain/policy/predicates/zone_writable_by.rb', line 32

def error(_eval)
  Textus::WriteForbidden.new(@mentry.key, @mentry.zone, verb: @verb, holders: @holders)
end

#nameObject 



14
 
# File 'lib/textus/domain/policy/predicates/zone_writable_by.rb', line 14

def name = "zone_writable_by"