| Class | Authorization::AttributeWithPermission |
| In: |
lib/declarative_authorization/authorization.rb
|
| Parent: | Attribute |
An attribute condition that uses existing rules to decide validation and create obligations.
E.g. privilege :read, attr_or_hash either :attribute or { :attribute => :deeper_attribute }
# File lib/declarative_authorization/authorization.rb, line 645
645: def initialize (privilege, attr_or_hash, context = nil)
646: @privilege = privilege
647: @context = context
648: @attr_hash = attr_or_hash
649: end
# File lib/declarative_authorization/authorization.rb, line 651
651: def initialize_copy (from)
652: @attr_hash = deep_hash_clone(@attr_hash) if @attr_hash.is_a?(Hash)
653: end
may return an array of obligations to be OR‘ed
# File lib/declarative_authorization/authorization.rb, line 694
694: def obligation (attr_validator, hash_or_attr = nil, path = [])
695: hash_or_attr ||= @attr_hash
696: case hash_or_attr
697: when Symbol
698: @context ||= begin
699: rule_model = attr_validator.context.to_s.classify.constantize
700: context_reflection = self.class.reflection_for_path(rule_model, path + [hash_or_attr])
701: if context_reflection.klass.respond_to?(:decl_auth_context)
702: context_reflection.klass.decl_auth_context
703: else
704: context_reflection.klass.name.tableize.to_sym
705: end
706: rescue # missing model, reflections
707: hash_or_attr.to_s.pluralize.to_sym
708: end
709:
710: obligations = attr_validator.engine.obligations(@privilege,
711: :context => @context,
712: :user => attr_validator.user)
713:
714: obligations.collect {|obl| {hash_or_attr => obl} }
715: when Hash
716: obligations_array_attrs = []
717: obligations =
718: hash_or_attr.inject({}) do |all, pair|
719: attr, sub_hash = pair
720: all[attr] = obligation(attr_validator, sub_hash, path + [attr])
721: if all[attr].length > 1
722: obligations_array_attrs << attr
723: else
724: all[attr] = all[attr].first
725: end
726: all
727: end
728: obligations = [obligations]
729: obligations_array_attrs.each do |attr|
730: next_array_size = obligations.first[attr].length
731: obligations = obligations.collect do |obls|
732: (0...next_array_size).collect do |idx|
733: obls_wo_array = obls.clone
734: obls_wo_array[attr] = obls_wo_array[attr][idx]
735: obls_wo_array
736: end
737: end.flatten
738: end
739: obligations
740: when NilClass
741: attr_validator.engine.obligations(@privilege,
742: :context => attr_validator.context,
743: :user => attr_validator.user)
744: else
745: raise AuthorizationError, "Wrong conditions hash format: #{hash_or_attr.inspect}"
746: end
747: end
# File lib/declarative_authorization/authorization.rb, line 749
749: def to_long_s
750: "if_permitted_to #{@privilege.inspect}, #{@attr_hash.inspect}"
751: end
# File lib/declarative_authorization/authorization.rb, line 655
655: def validate? (attr_validator, object = nil, hash_or_attr = nil)
656: object ||= attr_validator.object
657: hash_or_attr ||= @attr_hash
658: return false unless object
659:
660: case hash_or_attr
661: when Symbol
662: attr_value = object_attribute_value(object, hash_or_attr)
663: case attr_value
664: when nil
665: raise NilAttributeValueError, "Attribute #{hash_or_attr.inspect} is nil in #{object.inspect}."
666: when Enumerable
667: attr_value.any? do |inner_value|
668: attr_validator.engine.permit? @privilege, :object => inner_value, :user => attr_validator.user
669: end
670: else
671: attr_validator.engine.permit? @privilege, :object => attr_value, :user => attr_validator.user
672: end
673: when Hash
674: hash_or_attr.all? do |attr, sub_hash|
675: attr_value = object_attribute_value(object, attr)
676: if attr_value == nil
677: raise NilAttributeValueError, "Attribute #{attr.inspect} is nil in #{object.inspect}."
678: elsif attr_value.is_a?(Enumerable)
679: attr_value.any? do |inner_value|
680: validate?(attr_validator, inner_value, sub_hash)
681: end
682: else
683: validate?(attr_validator, attr_value, sub_hash)
684: end
685: end
686: when NilClass
687: attr_validator.engine.permit? @privilege, :object => object, :user => attr_validator.user
688: else
689: raise AuthorizationError, "Wrong conditions hash format: #{hash_or_attr.inspect}"
690: end
691: end