class Mumukit::Auth::Permissions

Attributes

scopes[RW]

Public Class Methods

dump(permission) click to toggle source
# File lib/mumukit/auth/permissions.rb, line 104
def self.dump(permission)
  permission.to_json
end
load(json) click to toggle source
# File lib/mumukit/auth/permissions.rb, line 96
def self.load(json)
  if json.nil?
    parse({})
  else
    parse(JSON.parse(json))
  end
end
new(scopes={}) click to toggle source
# File lib/mumukit/auth/permissions.rb, line 9
def initialize(scopes={})
  raise 'invalid scopes' if scopes.any? { |key, value| value.class != Mumukit::Auth::Scope }

  @scopes = scopes.with_indifferent_access
end
parse(hash) click to toggle source
# File lib/mumukit/auth/permissions.rb, line 85
def self.parse(hash)
  return new if hash.blank?

  new(hash.map { |role, grants| [role, Mumukit::Auth::Scope.parse(grants)] }.to_h)
end
reparse(something) click to toggle source
# File lib/mumukit/auth/permissions.rb, line 91
def self.reparse(something)
  something ||= {}
  parse(something.to_h)
end

Public Instance Methods

==(other) click to toggle source
# File lib/mumukit/auth/permissions.rb, line 121
def ==(other)
  self.class == other.class && self.scopes == other.scopes
end
Also aliased as: eql?
accessible_organizations() click to toggle source

Deprecated: use `student_granted_organizations` organizations instead

# File lib/mumukit/auth/permissions.rb, line 32
def accessible_organizations
  warn "Don't use accessible_organizations, since this method is probably not doing what you would expect.\n" +
       "Use student_granted_organizations if you still need its behaviour"
  student_granted_organizations
end
add_permission!(role, *grants) click to toggle source
# File lib/mumukit/auth/permissions.rb, line 56
def add_permission!(role, *grants)
  scope_for(role).add_grant! *grants
end
any_granted_organizations() click to toggle source
# File lib/mumukit/auth/permissions.rb, line 44
def any_granted_organizations
  scopes.values.flat_map(&:grants).map(&:organization).to_set
end
any_granted_roles() click to toggle source
# File lib/mumukit/auth/permissions.rb, line 48
def any_granted_roles
  scopes.select { |_, scope| scope.present? }.keys.to_set
end
as_json(options={}) click to toggle source
# File lib/mumukit/auth/permissions.rb, line 81
def as_json(options={})
  scopes.as_json(options)
end
as_set() click to toggle source
# File lib/mumukit/auth/permissions.rb, line 117
def as_set
  Set.new scopes.flat_map { |role, scope| scope.grants.map {|grant| [role, grant]} }
end
assign_to?(other, previous) click to toggle source
# File lib/mumukit/auth/permissions.rb, line 108
def assign_to?(other, previous)
  diff = previous.as_set ^ other.as_set
  diff.all? { |role, grant| has_permission?(role, grant) }
end
delegate_to?(other) click to toggle source
# File lib/mumukit/auth/permissions.rb, line 73
def delegate_to?(other)
  other.scopes.all? { |role, scope| has_all_permissions?(role, scope) }
end
eql?(other)
Alias for: ==
grant_strings_for(role) click to toggle source
# File lib/mumukit/auth/permissions.rb, line 77
def grant_strings_for(role)
  scope_for(role).grants.map(&:to_s)
end
granted_organizations_for(role) click to toggle source
# File lib/mumukit/auth/permissions.rb, line 52
def granted_organizations_for(role)
  scope_for(role)&.grants&.map(&:organization).to_set
end
has_permission?(role, resource_slug) click to toggle source
# File lib/mumukit/auth/permissions.rb, line 15
def has_permission?(role, resource_slug)
  Mumukit::Auth::Role.parse(role).allows?(resource_slug, self)
end
has_role?(role) click to toggle source
# File lib/mumukit/auth/permissions.rb, line 23
def has_role?(role)
  scopes[role].present?
end
hash() click to toggle source
# File lib/mumukit/auth/permissions.rb, line 127
def hash
  scopes.hash
end
inspect() click to toggle source
# File lib/mumukit/auth/permissions.rb, line 135
def inspect
  "<Mumukit::Auth::Permissions #{to_s}>"
end
merge(other) click to toggle source
# File lib/mumukit/auth/permissions.rb, line 60
def merge(other)
  self.class.new(scopes.merge(other.scopes) { |_key, left, right| left.merge right })
end
protect_permissions_assignment!(other, previous) click to toggle source
# File lib/mumukit/auth/permissions.rb, line 113
def protect_permissions_assignment!(other, previous)
  raise Mumukit::Auth::UnauthorizedAccessError unless assign_to?(self.class.reparse(other), previous)
end
remove_permission!(role, grant) click to toggle source
# File lib/mumukit/auth/permissions.rb, line 64
def remove_permission!(role, grant)
  scope_for(role).remove_grant!(grant)
end
role_allows?(role, resource_slug) click to toggle source
# File lib/mumukit/auth/permissions.rb, line 19
def role_allows?(role, resource_slug)
  scope_for(role).allows?(resource_slug)
end
scope_for(role) click to toggle source
# File lib/mumukit/auth/permissions.rb, line 27
def scope_for(role)
  self.scopes[role] ||= Mumukit::Auth::Scope.new
end
student_granted_organizations() click to toggle source

Answers the organizations for which the user has been explicitly granted acceses as student. This method does not include the organizations the user has access because of the roles hierarchy

# File lib/mumukit/auth/permissions.rb, line 40
def student_granted_organizations
  granted_organizations_for :student
end
to_h() click to toggle source
# File lib/mumukit/auth/permissions.rb, line 139
def to_h
  as_json
end
to_s() click to toggle source
# File lib/mumukit/auth/permissions.rb, line 131
def to_s
  '!' + scopes.map { |role, scope| "#{role}:#{scope}" }.join(';')
end
update_permission!(role, old_grant, new_grant) click to toggle source
# File lib/mumukit/auth/permissions.rb, line 68
def update_permission!(role, old_grant, new_grant)
  remove_permission! role, old_grant
  add_permission! role, new_grant
end

Private Instance Methods

has_all_permissions?(role, scope) click to toggle source
# File lib/mumukit/auth/permissions.rb, line 145
def has_all_permissions?(role, scope)
  scope.grants.all? { |grant| has_permission? role, grant }
end