class AccessPolicy::PolicyCheck

Attributes

default_error_policy[RW]
scope_storage[RW]

Public Class Methods

new(default_error_policy: ->(*) { raise } click to toggle source
# File lib/access_policy/policy_check.rb, line 7
def initialize(default_error_policy: ->(*) { raise },
    scope_storage: ScopedStorage::ThreadLocalStorage)

  self.default_error_policy = default_error_policy
  self.scope_storage = scope_storage
end

Public Instance Methods

authorize(object_to_guard, action_to_guard, error_policy: default_error_policy) click to toggle source
# File lib/access_policy/policy_check.rb, line 15
def authorize(object_to_guard, action_to_guard, error_policy: default_error_policy)
  PolicyEnforcer.new(current_user_or_role_for_policy, object_to_guard, action_to_guard).authorize(error_policy) do
    self.policy_authorize_called=true
  end
end
current_user_or_role_for_policy() click to toggle source
# File lib/access_policy/policy_check.rb, line 42
def current_user_or_role_for_policy
  scope['current_user_or_role_for_policy']
end
current_user_or_role_for_policy=(new_user) click to toggle source
# File lib/access_policy/policy_check.rb, line 38
def current_user_or_role_for_policy=(new_user)
  scope['current_user_or_role_for_policy'] = new_user
end
policy_authorize_called=(new_value) click to toggle source
# File lib/access_policy/policy_check.rb, line 46
def policy_authorize_called=(new_value)
  scope['policy_authorize_called'] = new_value
end
policy_authorize_called?() click to toggle source
# File lib/access_policy/policy_check.rb, line 50
def policy_authorize_called?
  !!policy_authorize_called
end
policy_for(object_or_class, error_policy = default_error_policy) click to toggle source
# File lib/access_policy/policy_check.rb, line 21
def policy_for(object_or_class, error_policy = default_error_policy)
  PolicyEnforcer.new(current_user_or_role_for_policy, object_or_class).policy(error_policy)
end
with_user_or_role(new_current_user_or_role_for_policy, error_policy = default_error_policy) { || ... } click to toggle source
# File lib/access_policy/policy_check.rb, line 25
def with_user_or_role(new_current_user_or_role_for_policy, error_policy = default_error_policy)
  self.policy_authorize_called = false

  switched_user_or_role(new_current_user_or_role_for_policy) do
    begin
      yield if block_given?
      raise(AccessPolicy::AuthorizeNotCalledError, "#{new_current_user_or_role_for_policy}") unless policy_authorize_called?
    rescue => e
      error_policy.call(e)
    end
  end
end

Protected Instance Methods

policy_authorize_called() click to toggle source
# File lib/access_policy/policy_check.rb, line 56
def policy_authorize_called
  scope['policy_authorize_called']
end
scope() click to toggle source
# File lib/access_policy/policy_check.rb, line 60
def scope
  @scope ||= ScopedStorage::Scope.new('policy_infos', scope_storage)
end
switched_user_or_role(new_current_user_or_role_for_policy) { || ... } click to toggle source
# File lib/access_policy/policy_check.rb, line 64
def switched_user_or_role(new_current_user_or_role_for_policy)
  old_current_user_or_role = self.current_user_or_role_for_policy
  self.current_user_or_role_for_policy = new_current_user_or_role_for_policy

  yield if block_given?

ensure
  self.current_user_or_role_for_policy = old_current_user_or_role
end