module ActiveScaffold::ActiveRecordPermissions::Permissions::SecurityMethods

Public Instance Methods

authorized_for?(options = {}) click to toggle source

A generic authorization query. This is what will be called programatically, since the actual permission methods can’t be guaranteed to exist. And because we want to intelligently combine multiple applicable methods.

options should be a CRUD verb (:create, :read, :update, :destroy) options should be the name of a model attribute options is the name of a method options if returning reason is expected, it will return array with authorized and reason, or nil if no reason

# File lib/active_scaffold/active_record_permissions.rb, line 90
def authorized_for?(options = {})
  raise ArgumentError, "unknown crud type #{options[:crud_type]}" if options[:crud_type] && !%i[create read update delete].include?(options[:crud_type])

  not_authorized_reason = ActiveRecordPermissions.not_authorized_reason
  # collect other possibly-related methods that actually exist
  methods = cached_authorized_for_methods(options)
  return ActiveRecordPermissions.default_permission if methods.empty?
  if methods.one?
    result = send(methods.first)
    # if not_authorized_reason enabled interpret String as reason for not authorized
    authorized, reason = not_authorized_reason && result.is_a?(String) ? [false, result] : result
    # return array with reason only if requested with options[:reason]
    return options[:reason] ? [authorized, reason] : authorized
  end

  # if any method returns false, then return false
  methods.each do |method|
    result = send(method)
    # if not_authorized_reason enabled interpret String as reason for not authorized
    authorized, reason = not_authorized_reason && result.is_a?(String) ? [false, result] : [result, nil]
    next if authorized
    # return array with reason only if requested with options[:reason]
    return options[:reason] ? [authorized, reason] : authorized
  end
  true
end
authorized_for_methods(options) click to toggle source
# File lib/active_scaffold/active_record_permissions.rb, line 128
def authorized_for_methods(options)
  # column_authorized_for_crud_type? has the highest priority over other methods,
  # you can disable a crud verb and enable that verb for a column
  # (for example, disable update and enable inplace_edit in a column)
  method = column_and_crud_type_security_method(options[:column], options[:crud_type])
  return [method] if method && respond_to?(method, true)

  # authorized_for_action? has higher priority than other methods,
  # you can disable a crud verb and enable an action with that crud verb
  # (for example, disable update and enable an action with update as crud type)
  method = action_security_method(options[:action])
  return [method] if method && respond_to?(method, true)

  # collect other possibly-related methods that actually exist
  [
    column_security_method(options[:column]),
    crud_type_security_method(options[:crud_type])
  ].compact.select { |m| respond_to?(m, true) }
end
cached_authorized_for_methods(options) click to toggle source
# File lib/active_scaffold/active_record_permissions.rb, line 117
def cached_authorized_for_methods(options)
  key = "#{options[:crud_type]}##{options[:column]}##{options[:action]}"
  if is_a? Class
    self.class_security_methods ||= {}
    self.class_security_methods[key] ||= authorized_for_methods(options)
  else
    self.class.instance_security_methods ||= {}
    self.class.instance_security_methods[key] ||= authorized_for_methods(options)
  end
end

Private Instance Methods

action_security_method(action) click to toggle source
# File lib/active_scaffold/active_record_permissions.rb, line 158
def action_security_method(action)
  "authorized_for_#{action}?" if action
end
column_and_crud_type_security_method(column, crud_type) click to toggle source
# File lib/active_scaffold/active_record_permissions.rb, line 162
def column_and_crud_type_security_method(column, crud_type)
  "#{column}_authorized_for_#{crud_type}?" if column && crud_type
end
column_security_method(column) click to toggle source
# File lib/active_scaffold/active_record_permissions.rb, line 150
def column_security_method(column)
  "#{column}_authorized?" if column
end
crud_type_security_method(crud_type) click to toggle source
# File lib/active_scaffold/active_record_permissions.rb, line 154
def crud_type_security_method(crud_type)
  "authorized_for_#{crud_type}?" if crud_type
end