module Cancannible::Grantee

Public Instance Methods

<<(arg) click to toggle source

generally use instance.can method, not permissions<< directly

# File lib/cancannible/grantee.rb, line 10
def <<(arg)
  ability, resource = arg
  resource = nil if resource.blank?
  asserted = arg[2].nil? ? true : arg[2]

  case resource
  when Class, Symbol
    resource_type = resource.to_s
    resource_id = nil
  when nil
    resource_type = resource_id = nil
  else
    resource_type = resource.class.to_s
    resource_id = resource.try(:id)
  end

  # This looks ugly, but it avoid version-specific issues with find_by*/find_or_initialize_by* methods
  permission = where(asserted: asserted, ability: ability, resource_id: resource_id, resource_type: resource_type).first
  permission ||= where(asserted: !asserted, ability: ability, resource_id: resource_id, resource_type: resource_type).first
  permission ||= new(asserted: asserted, ability: ability, resource_id: resource_id, resource_type: resource_type)
  permission.asserted = asserted
  permission.save!

  proxy_association.owner.instance_variable_set :@abilities, nil # invalidate the owner's ability collection

  permission
end
abilities(refresh = false) click to toggle source

Returns the Ability set for the owner. Set refresh to true to force a reload of permissions.

# File lib/cancannible/grantee.rb, line 49
def abilities(refresh = false)
  @abilities = if refresh
    nil
  elsif Cancannible.get_cached_abilities.respond_to?(:call)
    result = Cancannible.get_cached_abilities.call(self)
    # performs a crude compatibility check: cancan rules won't have a @rules_index
    # (neither will an empty ability object, but we ignore this case)
    result unless result && !result.instance_variable_defined?(:@rules_index)
  end
  return @abilities if @abilities

  @abilities ||= if ability_class = ('Ability'.constantize rescue nil)
    unless ability_class.included_modules.include?(Cancannible::PreloadAdapter)
      ability_class.send :include, Cancannible::PreloadAdapter
    end
    ability_class.new(self)
  end

  Cancannible.store_cached_abilities.call(self, @abilities) if Cancannible.store_cached_abilities.respond_to?(:call)
  @abilities
end
can(ability, resource) click to toggle source

Command: grant the permission to do ability on resource

# File lib/cancannible/grantee.rb, line 93
def can(ability, resource)
  permissions << [ability, resource]
end
can?(ability, resource) click to toggle source

Returns true it the ability is permitted on resource - persisted or dynamic (delegated to CanCan)

# File lib/cancannible/grantee.rb, line 83
def can?(ability, resource)
  abilities.can?(ability, resource)
end
cannot(ability, resource) click to toggle source

Command: prohibit the permission to do ability on resource

# File lib/cancannible/grantee.rb, line 98
def cannot(ability, resource)
  permissions << [ability, resource, false]
end
cannot?(ability, resource) click to toggle source

Returns true it the ability is prohibited on resource - persisted or dynamic (delegated to CanCan)

# File lib/cancannible/grantee.rb, line 88
def cannot?(ability, resource)
  abilities.cannot?(ability, resource)
end
inherited_permissions() click to toggle source

Returns the collection of inherited permission records

# File lib/cancannible/grantee.rb, line 72
def inherited_permissions
  inherited_perms = []
  self.class.inheritable_permissions.each do |relation|
    Array(self.send(relation)).each do |record|
      inherited_perms.concat(record.permissions.reload)
    end
  end
  inherited_perms
end