| Class | Authorization::Attribute |
| In: |
lib/declarative_authorization/authorization.rb
|
| Parent: | Object |
attr_conditions_hash of form { :object_attribute => [operator, value_block], … } { :object_attribute => { :attr => … } }
# File lib/declarative_authorization/authorization.rb, line 492
492: def initialize (conditions_hash)
493: @conditions_hash = conditions_hash
494: end
# File lib/declarative_authorization/authorization.rb, line 496
496: def initialize_copy (from)
497: @conditions_hash = deep_hash_clone(@conditions_hash)
498: end
resolves all the values in condition_hash
# File lib/declarative_authorization/authorization.rb, line 585
585: def obligation (attr_validator, hash = nil)
586: hash = (hash || @conditions_hash).clone
587: hash.each do |attr, value|
588: if value.is_a?(Hash)
589: hash[attr] = obligation(attr_validator, value)
590: elsif value.is_a?(Array) and value.length == 2
591: hash[attr] = [value[0], attr_validator.evaluate(value[1])]
592: else
593: raise AuthorizationError, "Wrong conditions hash format"
594: end
595: end
596: hash
597: end
# File lib/declarative_authorization/authorization.rb, line 599
599: def to_long_s (hash = nil)
600: if hash
601: hash.inject({}) do |memo, key_val|
602: key, val = key_val
603: memo[key] = case val
604: when Array then "#{val[0]} { #{val[1].respond_to?(:to_ruby) ? val[1].to_ruby.gsub(/^proc \{\n?(.*)\n?\}$/m, '\1') : "..."} }"
605: when Hash then to_long_s(val)
606: end
607: memo
608: end
609: else
610: "if_attribute #{to_long_s(@conditions_hash).inspect}"
611: end
612: end
# File lib/declarative_authorization/authorization.rb, line 500
500: def validate? (attr_validator, object = nil, hash = nil)
501: object ||= attr_validator.object
502: return false unless object
503:
504: (hash || @conditions_hash).all? do |attr, value|
505: attr_value = object_attribute_value(object, attr)
506: if value.is_a?(Hash)
507: if attr_value.is_a?(Enumerable)
508: attr_value.any? do |inner_value|
509: validate?(attr_validator, inner_value, value)
510: end
511: elsif attr_value == nil
512: raise NilAttributeValueError, "Attribute #{attr.inspect} is nil in #{object.inspect}."
513: else
514: validate?(attr_validator, attr_value, value)
515: end
516: elsif value.is_a?(Array) and value.length == 2 and value.first.is_a?(Symbol)
517: evaluated = if value[1].is_a?(Proc)
518: attr_validator.evaluate(value[1])
519: else
520: value[1]
521: end
522: case value[0]
523: when :is
524: attr_value == evaluated
525: when :is_not
526: attr_value != evaluated
527: when :contains
528: begin
529: attr_value.include?(evaluated)
530: rescue NoMethodError => e
531: raise AuthorizationUsageError, "Operator contains requires a " +
532: "subclass of Enumerable as attribute value, got: #{attr_value.inspect} " +
533: "contains #{evaluated.inspect}: #{e}"
534: end
535: when :does_not_contain
536: begin
537: !attr_value.include?(evaluated)
538: rescue NoMethodError => e
539: raise AuthorizationUsageError, "Operator does_not_contain requires a " +
540: "subclass of Enumerable as attribute value, got: #{attr_value.inspect} " +
541: "does_not_contain #{evaluated.inspect}: #{e}"
542: end
543: when :intersects_with
544: begin
545: !(evaluated.to_set & attr_value.to_set).empty?
546: rescue NoMethodError => e
547: raise AuthorizationUsageError, "Operator intersects_with requires " +
548: "subclasses of Enumerable, got: #{attr_value.inspect} " +
549: "intersects_with #{evaluated.inspect}: #{e}"
550: end
551: when :is_in
552: begin
553: evaluated.include?(attr_value)
554: rescue NoMethodError => e
555: raise AuthorizationUsageError, "Operator is_in requires a " +
556: "subclass of Enumerable as value, got: #{attr_value.inspect} " +
557: "is_in #{evaluated.inspect}: #{e}"
558: end
559: when :is_not_in
560: begin
561: !evaluated.include?(attr_value)
562: rescue NoMethodError => e
563: raise AuthorizationUsageError, "Operator is_not_in requires a " +
564: "subclass of Enumerable as value, got: #{attr_value.inspect} " +
565: "is_not_in #{evaluated.inspect}: #{e}"
566: end
567: when :lt
568: attr_value && attr_value < evaluated
569: when :lte
570: attr_value && attr_value <= evaluated
571: when :gt
572: attr_value && attr_value > evaluated
573: when :gte
574: attr_value && attr_value >= evaluated
575: else
576: raise AuthorizationError, "Unknown operator #{value[0]}"
577: end
578: else
579: raise AuthorizationError, "Wrong conditions hash format"
580: end
581: end
582: end
# File lib/declarative_authorization/authorization.rb, line 625
625: def deep_hash_clone (hash)
626: hash.inject({}) do |memo, (key, val)|
627: memo[key] = case val
628: when Hash
629: deep_hash_clone(val)
630: when NilClass, Symbol
631: val
632: else
633: val.clone
634: end
635: memo
636: end
637: end
# File lib/declarative_authorization/authorization.rb, line 615
615: def object_attribute_value (object, attr)
616: begin
617: object.send(attr)
618: rescue ArgumentError, NoMethodError => e
619: raise AuthorizationUsageError, "Error occurred while validating attribute ##{attr} on #{object.inspect}: #{e}.\n" +
620: "Please check your authorization rules and ensure the attribute is correctly spelled and \n" +
621: "corresponds to a method on the model you are authorizing for."
622: end
623: end