class Shamu::Security::PolicyRule

A rule capturing the permitted actions and resources for {Policy} permissions.

Attributes

actions[R]
block[R]
resource[R]
result[R]

@!attribute @return [Object] the value to return as the result of a {Policy#permit?}

call if the rule matches the request.

Public Class Methods

new( actions, resource, result, block ) click to toggle source

@!endgroup Attributes

# File lib/shamu/security/policy_rule.rb, line 20
def initialize( actions, resource, result, block )
  @actions  = actions
  @resource = resource
  @result   = result
  @block    = block
end

Public Instance Methods

match?( action, resource, additional_context ) click to toggle source

Determines if the rule matches the request action permission on the given resource.

@param [Symbol] action to be performed. @param [Object] resource the action will be performed on. @param [Object] additional context offered to {Policy#permit?}.

@return [Boolean] true if the rule is a match.

# File lib/shamu/security/policy_rule.rb, line 35
def match?( action, resource, additional_context )
  return true  if actions.include? :any
  return false unless actions.include? action
  return false unless resource_match?( resource )

  if block && !resource.is_a?( Module )
    block.call( resource, additional_context )
  else
    true
  end
end

Private Instance Methods

resource_match?( candidate ) click to toggle source
# File lib/shamu/security/policy_rule.rb, line 53
def resource_match?( candidate )
  return true if resource == candidate
  return true if resource.is_a?( Module ) && candidate.is_a?( resource )

  # Allow 'doubles' to match in specs
  true if defined?( RSpec::Mocks::Double ) && candidate.is_a?( RSpec::Mocks::Double )
end