Module: Authorization::DevelopmentSupport::AnalyzerEngine

Defined in:
lib/declarative_authorization/development_support/development_support.rb

Overview

Groups utility methods and classes to better work with authorization object model.

Defined Under Namespace

Classes: Privilege, PrivilegesSet, Role, Rule

Class Method Summary (collapse)

Class Method Details

+ (Object) apply_change(engine, change)



40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
# File 'lib/declarative_authorization/development_support/development_support.rb', line 40

def self.apply_change (engine, change)
  case change[0]
  when :add_role
    role_symbol = change[1]
    if engine.roles.include?(role_symbol)
      false
    else
      engine.roles << role_symbol
      true
    end
  when :add_privilege
    privilege, context, role = change[1,3]
    role = Role.for_sym(role.to_sym, engine)
    privilege = Privilege.for_sym(privilege.to_sym, engine)
    if ([privilege] + privilege.ancestors).any? {|ancestor_privilege| ([role] + role.ancestors).any? {|ancestor_role| !ancestor_role.rules_for_permission(ancestor_privilege, context).empty?}}
      false
    else
      engine.auth_rules << AuthorizationRule.new(role.to_sym,
          [privilege.to_sym], [context])
      true
    end
  when :remove_privilege
    privilege, context, role = change[1,3]
    role = Role.for_sym(role.to_sym, engine)
    privilege = Privilege.for_sym(privilege.to_sym, engine)
    rules_with_priv = role.rules_for_permission(privilege, context)
    if rules_with_priv.empty?
      false
    else
      rules_with_priv.each do |rule|
        rule.rule.privileges.delete(privilege.to_sym)
        engine.auth_rules.delete(rule.rule) if rule.rule.privileges.empty?
      end
      true
    end
  end
end

+ (Object) relevant_roles(engine, users)



28
29
30
31
# File 'lib/declarative_authorization/development_support/development_support.rb', line 28

def self.relevant_roles (engine, users)
  users.collect {|user| user.role_symbols.map {|role_sym| Role.for_sym(role_sym, engine)}}.
      flatten.uniq.collect {|role| [role] + role.ancestors}.flatten.uniq
end

+ (Object) roles(engine)



24
25
26
# File 'lib/declarative_authorization/development_support/development_support.rb', line 24

def self.roles (engine)
  Role.all(engine)
end

+ (Object) rule_for_permission(engine, privilege, context, role)



33
34
35
36
37
38
# File 'lib/declarative_authorization/development_support/development_support.rb', line 33

def self.rule_for_permission (engine,  privilege, context, role)
  AnalyzerEngine.roles(engine).
        find {|cloned_role| cloned_role.to_sym == role.to_sym}.rules.find do |rule|
      rule.contexts.include?(context) and rule.privileges.include?(privilege)
    end
end