module AccessGranted::Policy

Attributes

cache[RW]
roles[RW]
user[R]

Public Class Methods

new(user, cache_enabled = true) click to toggle source
# File lib/access-granted/policy.rb, line 6
def initialize(user, cache_enabled = true)
  @user          = user
  @roles         = []
  @cache         = {}
  configure
end

Public Instance Methods

applicable_roles() click to toggle source
# File lib/access-granted/policy.rb, line 66
def applicable_roles
  @applicable_roles ||= roles.select do |role|
    role.applies_to?(user)
  end
end
authorize!(action, subject, message = 'Access Denied') click to toggle source
# File lib/access-granted/policy.rb, line 59
def authorize!(action, subject, message = 'Access Denied')
  if cannot?(action, subject)
    raise AccessDenied.new(action, subject, message)
  end
  subject
end
can?(action, subject = nil) click to toggle source
# File lib/access-granted/policy.rb, line 30
def can?(action, subject = nil)
  cache[action] ||= {}

  if cache[action][subject]
    cache[action][subject]
  else
    granted, actions = check_permission(action, subject)
    actions.each do |a|
      cache[a] ||= {}
      cache[a][subject] ||= granted
    end

    granted
  end
end
cannot?(*args) click to toggle source
# File lib/access-granted/policy.rb, line 55
def cannot?(*args)
  !can?(*args)
end
check_permission(action, subject) click to toggle source
# File lib/access-granted/policy.rb, line 46
def check_permission(action, subject)
  applicable_roles.each do |role|
    permission = role.find_permission(action, subject)
    return [permission.granted, permission.actions] if permission
  end

  [false, []]
end
configure() click to toggle source
# File lib/access-granted/policy.rb, line 13
def configure
end
role(name, conditions_or_klass = nil, conditions = nil, &block) click to toggle source
# File lib/access-granted/policy.rb, line 16
def role(name, conditions_or_klass = nil, conditions = nil, &block)
  name = name.to_sym
  if roles.select {|r| r.name == name }.any?
    raise DuplicateRole, "Role '#{name}' already defined"
  end
  r = if conditions_or_klass.is_a?(Class) && conditions_or_klass <= AccessGranted::Role
    conditions_or_klass.new(name, conditions, user, block)
  else
    Role.new(name, conditions_or_klass, user, block)
  end
  roles << r
  r
end