class Authoreyes::Authorization::AuthorizationRule

Attributes

attributes[R]
contexts[R]
join_operator[R]
privileges[R]
role[R]
source_file[R]
source_line[R]

Public Class Methods

new(role, privileges = [], contexts = nil, join_operator = :or, options = {}) click to toggle source
# File lib/authoreyes/authorization/authorization_rule.rb, line 7
def initialize(role, privileges = [], contexts = nil, join_operator = :or,
               options = {})
  @role = role
  @privileges = Set.new(privileges)
  @contexts = Set.new((contexts && !contexts.is_a?(Array) ? [contexts] : contexts))
  @join_operator = join_operator
  @attributes = []
  @source_file = options[:source_file]
  @source_line = options[:source_line]
end

Public Instance Methods

append_attribute(attribute) click to toggle source
# File lib/authoreyes/authorization/authorization_rule.rb, line 28
def append_attribute(attribute)
  @attributes << attribute
end
append_privileges(privs) click to toggle source
# File lib/authoreyes/authorization/authorization_rule.rb, line 24
def append_privileges(privs)
  @privileges.merge(privs)
end
initialize_copy(_from) click to toggle source
# File lib/authoreyes/authorization/authorization_rule.rb, line 18
def initialize_copy(_from)
  @privileges = @privileges.clone
  @contexts = @contexts.clone
  @attributes = @attributes.collect(&:clone)
end
matches?(roles, privs, context = nil) click to toggle source
# File lib/authoreyes/authorization/authorization_rule.rb, line 32
def matches?(roles, privs, context = nil)
  roles = [roles] unless roles.is_a?(Array)
  @contexts.include?(context) && roles.include?(@role) &&
    !(@privileges & privs).empty?
end
obligations(attr_validator) click to toggle source
# File lib/authoreyes/authorization/authorization_rule.rb, line 49
def obligations(attr_validator)
  exceptions = []
  obligations = @attributes.collect do |attr|
    begin
      attr.obligation(attr_validator)
    rescue NotAuthorized => e
      exceptions << e
      nil
    end
  end

  if !exceptions.empty? && (@join_operator == :and || exceptions.length == @attributes.length)
    raise NotAuthorized, "Missing authorization in collecting obligations: #{exceptions.map(&:to_s) * ', '}"
  end

  if @join_operator == :and && !obligations.empty?
    # cross product of OR'ed obligations in arrays
    arrayed_obligations = obligations.map { |obligation| obligation.is_a?(Hash) ? [obligation] : obligation }
    merged_obligations = arrayed_obligations.first
    arrayed_obligations[1..-1].each do |inner_obligations|
      previous_merged_obligations = merged_obligations
      merged_obligations = inner_obligations.collect do |inner_obligation|
        previous_merged_obligations.collect do |merged_obligation|
          merged_obligation.deep_merge(inner_obligation)
        end
      end.flatten
    end
    obligations = merged_obligations
  else
    obligations = obligations.flatten.compact
  end
  obligations.empty? ? [{}] : obligations
end
to_long_s() click to toggle source
# File lib/authoreyes/authorization/authorization_rule.rb, line 83
def to_long_s
  attributes.collect(&:to_long_s) * '; '
end
validate?(attr_validator, skip_attribute = false) click to toggle source
# File lib/authoreyes/authorization/authorization_rule.rb, line 38
def validate?(attr_validator, skip_attribute = false)
  skip_attribute || @attributes.empty? ||
    @attributes.send(@join_operator == :and ? :all? : :any?) do |attr|
      begin
        attr.validate?(attr_validator)
      rescue NilAttributeValueError => e
        nil # Bumping up against a nil attribute value flunks the rule.
      end
    end
end