| Class | Authorization::AuthorizationRule |
| In: |
lib/declarative_authorization/authorization.rb
|
| Parent: | Object |
| attributes | [R] | |
| contexts | [R] | |
| join_operator | [R] | |
| privileges | [R] | |
| role | [R] | |
| source_file | [R] | |
| source_line | [R] |
# File lib/declarative_authorization/authorization.rb, line 407
407: def initialize (role, privileges = [], contexts = nil, join_operator = :or,
408: options = {})
409: @role = role
410: @privileges = Set.new(privileges)
411: @contexts = Set.new((contexts && !contexts.is_a?(Array) ? [contexts] : contexts))
412: @join_operator = join_operator
413: @attributes = []
414: @source_file = options[:source_file]
415: @source_line = options[:source_line]
416: end
# File lib/declarative_authorization/authorization.rb, line 428
428: def append_attribute (attribute)
429: @attributes << attribute
430: end
# File lib/declarative_authorization/authorization.rb, line 424
424: def append_privileges (privs)
425: @privileges.merge(privs)
426: end
# File lib/declarative_authorization/authorization.rb, line 418
418: def initialize_copy (from)
419: @privileges = @privileges.clone
420: @contexts = @contexts.clone
421: @attributes = @attributes.collect {|attribute| attribute.clone }
422: end
# File lib/declarative_authorization/authorization.rb, line 432
432: def matches? (roles, privs, context = nil)
433: roles = [roles] unless roles.is_a?(Array)
434: @contexts.include?(context) and roles.include?(@role) and
435: not (@privileges & privs).empty?
436: end
# File lib/declarative_authorization/authorization.rb, line 449
449: def obligations (attr_validator)
450: exceptions = []
451: obligations = @attributes.collect do |attr|
452: begin
453: attr.obligation(attr_validator)
454: rescue NotAuthorized => e
455: exceptions << e
456: nil
457: end
458: end
459:
460: if exceptions.length > 0 and (@join_operator == :and or exceptions.length == @attributes.length)
461: raise NotAuthorized, "Missing authorization in collecting obligations: #{exceptions.map(&:to_s) * ", "}"
462: end
463:
464: if @join_operator == :and and !obligations.empty?
465: # cross product of OR'ed obligations in arrays
466: arrayed_obligations = obligations.map {|obligation| obligation.is_a?(Hash) ? [obligation] : obligation}
467: merged_obligations = arrayed_obligations.first
468: arrayed_obligations[1..-1].each do |inner_obligations|
469: previous_merged_obligations = merged_obligations
470: merged_obligations = inner_obligations.collect do |inner_obligation|
471: previous_merged_obligations.collect do |merged_obligation|
472: merged_obligation.deep_merge(inner_obligation)
473: end
474: end.flatten
475: end
476: obligations = merged_obligations
477: else
478: obligations = obligations.flatten.compact
479: end
480: obligations.empty? ? [{}] : obligations
481: end
# File lib/declarative_authorization/authorization.rb, line 483
483: def to_long_s
484: attributes.collect {|attr| attr.to_long_s } * "; "
485: end
# File lib/declarative_authorization/authorization.rb, line 438
438: def validate? (attr_validator, skip_attribute = false)
439: skip_attribute or @attributes.empty? or
440: @attributes.send(@join_operator == :and ? :all? : :any?) do |attr|
441: begin
442: attr.validate?(attr_validator)
443: rescue NilAttributeValueError => e
444: nil # Bumping up against a nil attribute value flunks the rule.
445: end
446: end
447: end