class PermissionPolicy::Authorization

Attributes

context[R]
preconditions[R]
verified[R]

Public Class Methods

new(context) click to toggle source
# File lib/permission_policy/authorization.rb, line 5
def initialize(context)
  @preconditions = []
  @context = context

  context.authorization_preconditions.each do |precondition|
    set! precondition, context.public_send(precondition)
    @preconditions << precondition
  end
end

Public Instance Methods

allowed?(action, options = {}) click to toggle source

Decides if the action is allowed based on the matching strategy. You may want to use this method for controlflow inside views.

Example:

do_something if allowed?(:manage, subject: my_subject)
# File lib/permission_policy/authorization.rb, line 22
def allowed?(action, options = {})
  strategy_for(action, options).allowed?
end
authorize!(action, options = {}) click to toggle source

Delegates to allowed? but raises a NotAllowed exception when false. You may want to use this method for halting the execution of a controller method.

Example:

def edit
  allow!(:manage, subject: my_subject)
end
# File lib/permission_policy/authorization.rb, line 35
def authorize!(action, options = {})
  @verified = true
  !!allowed?(action, options) or raise PermissionPolicy::NotAllowed
end

Private Instance Methods

set!(var, value) click to toggle source
# File lib/permission_policy/authorization.rb, line 49
def set!(var, value)
  self.class.send(:attr_reader, var)
  instance_variable_set(:"@#{var}", value) or raise PermissionPolicy::MissingPrecondition.new(var)
end
strategy_for(*args) click to toggle source

Finds the matching strategy which can decide if the action is allowed by lazy checking

# File lib/permission_policy/authorization.rb, line 43
def strategy_for(*args)
  @context.authorization_strategies.lazy.map do |klass|
    Strategies.const_get(klass).new(self, *args)
  end.find(&:match?)
end