Module: Acl9::ModelExtensions::ForSubject

Includes:
Prepositions
Defined in:
lib/acl9/model_extensions/for_subject.rb

Constant Summary collapse

DEFAULT =
Class.new do
  def default?
    true
  end
end.new.freeze

Constants included from Prepositions

Prepositions::VALID_PREPOSITIONS

Instance Method Summary collapse

Instance Method Details

#has_no_role!(role_name, object = default) ⇒ Object

Free self from a specified role on object.

Parameters:

  • role_name (Symbol, String)

    Role name

  • object (Object) (defaults to: default)

    Object to remove a role on

See Also:

  • Object#accepts_no_role!

93
94
95
96
97
98
# File 'lib/acl9/model_extensions/for_subject.rb', line 93

def has_no_role!(role_name, object = default)
  check! object
  role_name = normalize role_name
  object = _by_preposition object
  delete_role(get_role(role_name, object))
end

#has_no_roles!Object

Unassign all roles from self.


140
141
142
143
144
145
146
147
148
149
# File 'lib/acl9/model_extensions/for_subject.rb', line 140

def has_no_roles!
  # for some reason simple
  #
  #   roles.each { |role| delete_role(role) }
  #
  # doesn't work. seems like a bug in ActiveRecord
  _role_objects.map(&:id).each do |role_id|
    delete_role _auth_role_class.find(role_id)
  end
end

#has_no_roles_for!(object = default) ⇒ Object

Unassign any roles on object from self.

Parameters:

  • object (Object, default) (defaults to: default)

    Object to unassign roles for. Empty args means unassign global roles.


133
134
135
136
# File 'lib/acl9/model_extensions/for_subject.rb', line 133

def has_no_roles_for!(object = default)
  check! object
  roles_for(object).each { |role| delete_role(role) }
end

#has_role!(role_name, object = default) ⇒ Object

Add specified role on object to self.

Parameters:

  • role_name (Symbol, String)

    Role name

  • object (Object) (defaults to: default)

    Object to add a role for

See Also:

  • Object#accepts_role!

67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
# File 'lib/acl9/model_extensions/for_subject.rb', line 67

def has_role!(role_name, object = default)
  check! object
  role_name = normalize role_name
  object = _by_preposition object

  role = get_role(role_name, object)

  if role.nil?
    role_attrs = case object
                 when Class   then { :authorizable_type => object.to_s }
                 when default then {}
                 else              { :authorizable => object }
                 end.merge({ :name => role_name.to_s })

    role = _auth_role_class.create(role_attrs)
  end

  _role_objects << role if role && !_role_objects.exists?(role.id)
end

#has_role?(role_name, object = default) ⇒ Boolean

Role check.

There is a global option, Acl9.config[:protect_global_roles], which governs this method behavior.

If protect_global_roles is false, an object role is automatically counted as global role. E.g.

Acl9.config[:protect_global_roles] = false
user.has_role!(:manager, @foo)
user.has_role?(:manager, @foo)  # => true
user.has_role?(:manager)        # => true

In this case manager is anyone who “manages” at least one object.

However, if protect_global_roles option set to true, you'll need to explicitly grant global role with same name.

Acl9.config[:protect_global_roles] = true
user.has_role!(:manager, @foo)
user.has_role?(:manager)        # => false
user.has_role!(:manager)
user.has_role?(:manager)        # => true

protect_global_roles option is false by default as for now, but this may change in future!

Parameters:

  • role_name (Symbol, String)

    Role name

  • object (Object) (defaults to: default)

    Object to query a role on

Returns:

  • (Boolean)

    Whether self has a role role_name on object.

See Also:

  • Object#accepts_role?

47
48
49
50
51
52
53
54
55
56
57
58
59
# File 'lib/acl9/model_extensions/for_subject.rb', line 47

def has_role?(role_name, object = default)
  check! object
  role_name = normalize role_name
  object = _by_preposition object

  !! if object == default && !::Acl9.config[:protect_global_roles]
    _role_objects.find_by_name(role_name.to_s) ||
    _role_objects.member?(get_role(role_name, object))
  else
    role = get_role(role_name, object)
    role && _role_objects.exists?(role.id)
  end
end

#has_roles_for?(object) ⇒ Boolean Also known as: has_role_for?

Are there any roles for self on object?

Parameters:

  • object (Object)

    Object to query roles

Returns:

  • (Boolean)

    Returns true if self has any roles on object.

See Also:

  • Object#accepts_roles_by?

106
107
108
109
# File 'lib/acl9/model_extensions/for_subject.rb', line 106

def has_roles_for?(object)
  check! object
  !!_role_objects.detect(&role_selecting_lambda(object))
end

#roles_for(object) ⇒ Array<Role>

Which roles does self have on object?

Examples:

user = User.find(...)
product = Product.find(...)

user.roles_for(product).map(&:name).sort  #=> role names in alphabetical order

Parameters:

  • object (Object)

    Object to query roles

Returns:

  • (Array<Role>)

    Role instances, associated both with self and object

See Also:

  • Object#accepted_roles_by

124
125
126
127
# File 'lib/acl9/model_extensions/for_subject.rb', line 124

def roles_for(object)
  check! object
  _role_objects.select(&role_selecting_lambda(object))
end