module AccessGranted::Policy
Attributes
cache[RW]
roles[RW]
user[R]
Public Class Methods
new(user, cache_enabled = true)
click to toggle source
# File lib/access-granted/policy.rb, line 6 def initialize(user, cache_enabled = true) @user = user @roles = [] @cache = {} configure end
Public Instance Methods
applicable_roles()
click to toggle source
# File lib/access-granted/policy.rb, line 66 def applicable_roles @applicable_roles ||= roles.select do |role| role.applies_to?(user) end end
can?(action, subject = nil)
click to toggle source
# File lib/access-granted/policy.rb, line 30 def can?(action, subject = nil) cache[action] ||= {} if cache[action][subject] cache[action][subject] else granted, actions = check_permission(action, subject) actions.each do |a| cache[a] ||= {} cache[a][subject] ||= granted end granted end end
cannot?(*args)
click to toggle source
# File lib/access-granted/policy.rb, line 55 def cannot?(*args) !can?(*args) end
check_permission(action, subject)
click to toggle source
# File lib/access-granted/policy.rb, line 46 def check_permission(action, subject) applicable_roles.each do |role| permission = role.find_permission(action, subject) return [permission.granted, permission.actions] if permission end [false, []] end
configure()
click to toggle source
# File lib/access-granted/policy.rb, line 13 def configure end
role(name, conditions_or_klass = nil, conditions = nil, &block)
click to toggle source
# File lib/access-granted/policy.rb, line 16 def role(name, conditions_or_klass = nil, conditions = nil, &block) name = name.to_sym if roles.select {|r| r.name == name }.any? raise DuplicateRole, "Role '#{name}' already defined" end r = if conditions_or_klass.is_a?(Class) && conditions_or_klass <= AccessGranted::Role conditions_or_klass.new(name, conditions, user, block) else Role.new(name, conditions_or_klass, user, block) end roles << r r end