module CrewdPolicies
This is for use with github.com/cerebris/jsonapi-resources It was developed with github.com/venuu/jsonapi-authorization but it may not be required because it doesn't seem to deal with attributes, just scope and record permissions? eg. class BaseResource < JSONAPI::Resource
include JSONAPI::Authorization::PunditScopedResource include CrewdPolicies::JSONAPIResource abstract
end
Constants
- VERSION
Public Instance Methods
eval_conditions(aRule)
click to toggle source
# File lib/crewd_policies/policy.rb, line 187 def eval_conditions(aRule) return true unless conds = aRule[:conditions] if_cond = conds[:if] unless_cond = conds[:unless] if_cond = if if_cond.is_a? Symbol send(if_cond) elsif if_cond.is_a? Proc if_cond.call() elsif if_cond==nil true else if_cond end unless_cond = if unless_cond.is_a? Symbol send(unless_cond) elsif unless_cond.is_a? Proc unless_cond.call() elsif unless_cond==nil false else unless_cond end !!if_cond and !unless_cond end
inner_query_ability(aAbility)
click to toggle source
does the identity have this ability on the record/resource at all?
# File lib/crewd_policies/policy.rb, line 216 def inner_query_ability(aAbility) internal_server_error! "aAbility must be a string or a symbol" unless aAbility.is_a?(String) or aAbility.is_a?(Symbol) aAbility = aAbility.to_s case aAbility when 'write','read','update','show','edit' inner_query_fields(aAbility).length > 0 when 'create','destroy','index' inner_query_resource(aAbility) else internal_server_error! 'this ability is unknown' end end
inner_query_fields(aAbility)
click to toggle source
what fields does the identity have this ability for ?
# File lib/crewd_policies/policy.rb, line 146 def inner_query_fields(aAbility) internal_server_error! "roles_rules not found on #{record_class.name}, make sure it has \"include CrewdPolicies::Model\"" unless ra = record_class.roles_rules rescue nil unauthorized! "identity not given" if !identity internal_server_error! "identity must implement has_role?" if !identity.respond_to? :has_role? ability = coalesce_field_ability(aAbility) # for each role in roles_rules, if identity.has_role?(role) && any conditions pass then merge in fields result = [] ra.each do |role,rules| next unless identity.has_role? role rules.each do |rule| #ab, fields| next unless rule[:ability]==ability next unless eval_conditions rule result |= rule[:fields] end end result.sort! result end
inner_query_resource(aAbility)
click to toggle source
does the identity have this ability on this record?
# File lib/crewd_policies/policy.rb, line 168 def inner_query_resource(aAbility) internal_server_error! "aAbility must be a string or a symbol" unless aAbility.is_a?(String) or aAbility.is_a?(Symbol) internal_server_error! "roles_rules not found on #{record_class.name}, make sure it has \"include CrewdPolicies::Model\"" unless ra = record_class.roles_rules rescue nil unauthorized! "identity not given" if !identity internal_server_error! "identity must implement has_role?" if !identity.respond_to? :has_role? aAbility = aAbility.to_s ra.each do |role,rules| next unless identity.has_role? role rules.each do |rule| next unless eval_conditions rule next unless rule[:ability]==aAbility return true if rule[:allowed]==true or rule[:fields].is_a?(Array) && !rule[:fields].empty? end end false end