Module: Authorization::DevelopmentSupport::AnalyzerEngine

Defined in:: lib/declarative_authorization/development_support/development_support.rb

Overview

Groups utility methods and classes to better work with authorization object model.

Defined Under Namespace

Classes: Privilege, PrivilegesSet, Role, Rule

Class Method Summary (collapse)

Class Method Details

+ (`Object`) apply_change(engine, change)

# File 'lib/declarative_authorization/development_support/development_support.rb', line 40

def self.apply_change (engine, change)
  case change[0]
  when :add_role
    role_symbol = change[1]
    if engine.roles.include?(role_symbol)
      false
    else
      engine.roles << role_symbol
      true
    end
  when :add_privilege
    privilege, context, role = change[1,3]
    role = Role.for_sym(role.to_sym, engine)
    privilege = Privilege.for_sym(privilege.to_sym, engine)
    if ([privilege] + privilege.ancestors).any? {|ancestor_privilege| ([role] + role.ancestors).any? {|ancestor_role| !ancestor_role.rules_for_permission(ancestor_privilege, context).empty?}}
      false
    else
      engine.auth_rules << AuthorizationRule.new(role.to_sym,
          [privilege.to_sym], [context])
      true
    end
  when :remove_privilege
    privilege, context, role = change[1,3]
    role = Role.for_sym(role.to_sym, engine)
    privilege = Privilege.for_sym(privilege.to_sym, engine)
    rules_with_priv = role.rules_for_permission(privilege, context)
    if rules_with_priv.empty?
      false
    else
      rules_with_priv.each do |rule|
        rule.rule.privileges.delete(privilege.to_sym)
        engine.auth_rules.delete(rule.rule) if rule.rule.privileges.empty?
      end
      true
    end
  end
end

+ (`Object`) relevant_roles(engine, users)

# File 'lib/declarative_authorization/development_support/development_support.rb', line 28

def self.relevant_roles (engine, users)
  users.collect {|user| user.role_symbols.map {|role_sym| Role.for_sym(role_sym, engine)}}.
      flatten.uniq.collect {|role| [role] + role.ancestors}.flatten.uniq
end

+ (`Object`) roles(engine)



24
25
26

# File 'lib/declarative_authorization/development_support/development_support.rb', line 24

def self.roles (engine)
  Role.all(engine)
end

+ (`Object`) rule_for_permission(engine, privilege, context, role)

# File 'lib/declarative_authorization/development_support/development_support.rb', line 33

def self.rule_for_permission (engine,  privilege, context, role)
  AnalyzerEngine.roles(engine).
        find {|cloned_role| cloned_role.to_sym == role.to_sym}.rules.find do |rule|
      rule.contexts.include?(context) and rule.privileges.include?(privilege)
    end
end

Module: Authorization::DevelopmentSupport::AnalyzerEngine

Overview

Defined Under Namespace

Class Method Summary (collapse)

Class Method Details

+ (Object) apply_change(engine, change)

+ (Object) relevant_roles(engine, users)

+ (Object) roles(engine)

+ (Object) rule_for_permission(engine, privilege, context, role)

+ (`Object`) apply_change(engine, change)

+ (`Object`) relevant_roles(engine, users)

+ (`Object`) roles(engine)

+ (`Object`) rule_for_permission(engine, privilege, context, role)