class Mumukit::Auth::Permissions
Attributes
scopes[RW]
Public Class Methods
dump(permission)
click to toggle source
# File lib/mumukit/auth/permissions.rb, line 104 def self.dump(permission) permission.to_json end
load(json)
click to toggle source
# File lib/mumukit/auth/permissions.rb, line 96 def self.load(json) if json.nil? parse({}) else parse(JSON.parse(json)) end end
new(scopes={})
click to toggle source
# File lib/mumukit/auth/permissions.rb, line 9 def initialize(scopes={}) raise 'invalid scopes' if scopes.any? { |key, value| value.class != Mumukit::Auth::Scope } @scopes = scopes.with_indifferent_access end
parse(hash)
click to toggle source
# File lib/mumukit/auth/permissions.rb, line 85 def self.parse(hash) return new if hash.blank? new(hash.map { |role, grants| [role, Mumukit::Auth::Scope.parse(grants)] }.to_h) end
reparse(something)
click to toggle source
# File lib/mumukit/auth/permissions.rb, line 91 def self.reparse(something) something ||= {} parse(something.to_h) end
Public Instance Methods
==(other)
click to toggle source
# File lib/mumukit/auth/permissions.rb, line 121 def ==(other) self.class == other.class && self.scopes == other.scopes end
Also aliased as: eql?
accessible_organizations()
click to toggle source
Deprecated: use `student_granted_organizations` organizations instead
# File lib/mumukit/auth/permissions.rb, line 32 def accessible_organizations warn "Don't use accessible_organizations, since this method is probably not doing what you would expect.\n" + "Use student_granted_organizations if you still need its behaviour" student_granted_organizations end
add_permission!(role, *grants)
click to toggle source
# File lib/mumukit/auth/permissions.rb, line 56 def add_permission!(role, *grants) scope_for(role).add_grant! *grants end
any_granted_organizations()
click to toggle source
# File lib/mumukit/auth/permissions.rb, line 44 def any_granted_organizations scopes.values.flat_map(&:grants).map(&:organization).to_set end
any_granted_roles()
click to toggle source
# File lib/mumukit/auth/permissions.rb, line 48 def any_granted_roles scopes.select { |_, scope| scope.present? }.keys.to_set end
as_json(options={})
click to toggle source
# File lib/mumukit/auth/permissions.rb, line 81 def as_json(options={}) scopes.as_json(options) end
as_set()
click to toggle source
# File lib/mumukit/auth/permissions.rb, line 117 def as_set Set.new scopes.flat_map { |role, scope| scope.grants.map {|grant| [role, grant]} } end
assign_to?(other, previous)
click to toggle source
# File lib/mumukit/auth/permissions.rb, line 108 def assign_to?(other, previous) diff = previous.as_set ^ other.as_set diff.all? { |role, grant| has_permission?(role, grant) } end
delegate_to?(other)
click to toggle source
# File lib/mumukit/auth/permissions.rb, line 73 def delegate_to?(other) other.scopes.all? { |role, scope| has_all_permissions?(role, scope) } end
grant_strings_for(role)
click to toggle source
# File lib/mumukit/auth/permissions.rb, line 77 def grant_strings_for(role) scope_for(role).grants.map(&:to_s) end
granted_organizations_for(role)
click to toggle source
# File lib/mumukit/auth/permissions.rb, line 52 def granted_organizations_for(role) scope_for(role)&.grants&.map(&:organization).to_set end
has_permission?(role, resource_slug)
click to toggle source
# File lib/mumukit/auth/permissions.rb, line 15 def has_permission?(role, resource_slug) Mumukit::Auth::Role.parse(role).allows?(resource_slug, self) end
has_role?(role)
click to toggle source
# File lib/mumukit/auth/permissions.rb, line 23 def has_role?(role) scopes[role].present? end
hash()
click to toggle source
# File lib/mumukit/auth/permissions.rb, line 127 def hash scopes.hash end
inspect()
click to toggle source
# File lib/mumukit/auth/permissions.rb, line 135 def inspect "<Mumukit::Auth::Permissions #{to_s}>" end
merge(other)
click to toggle source
# File lib/mumukit/auth/permissions.rb, line 60 def merge(other) self.class.new(scopes.merge(other.scopes) { |_key, left, right| left.merge right }) end
protect_permissions_assignment!(other, previous)
click to toggle source
# File lib/mumukit/auth/permissions.rb, line 113 def protect_permissions_assignment!(other, previous) raise Mumukit::Auth::UnauthorizedAccessError unless assign_to?(self.class.reparse(other), previous) end
remove_permission!(role, grant)
click to toggle source
# File lib/mumukit/auth/permissions.rb, line 64 def remove_permission!(role, grant) scope_for(role).remove_grant!(grant) end
role_allows?(role, resource_slug)
click to toggle source
# File lib/mumukit/auth/permissions.rb, line 19 def role_allows?(role, resource_slug) scope_for(role).allows?(resource_slug) end
scope_for(role)
click to toggle source
# File lib/mumukit/auth/permissions.rb, line 27 def scope_for(role) self.scopes[role] ||= Mumukit::Auth::Scope.new end
student_granted_organizations()
click to toggle source
Answers the organizations for which the user has been explicitly granted acceses as student. This method does not include the organizations the user has access because of the roles hierarchy
# File lib/mumukit/auth/permissions.rb, line 40 def student_granted_organizations granted_organizations_for :student end
to_h()
click to toggle source
# File lib/mumukit/auth/permissions.rb, line 139 def to_h as_json end
to_s()
click to toggle source
# File lib/mumukit/auth/permissions.rb, line 131 def to_s '!' + scopes.map { |role, scope| "#{role}:#{scope}" }.join(';') end
update_permission!(role, old_grant, new_grant)
click to toggle source
# File lib/mumukit/auth/permissions.rb, line 68 def update_permission!(role, old_grant, new_grant) remove_permission! role, old_grant add_permission! role, new_grant end
Private Instance Methods
has_all_permissions?(role, scope)
click to toggle source
# File lib/mumukit/auth/permissions.rb, line 145 def has_all_permissions?(role, scope) scope.grants.all? { |grant| has_permission? role, grant } end