module Authorization::DevelopmentSupport::AnalyzerEngine
Groups utility methods and classes to better work with authorization object model.
Public Class Methods
apply_change(engine, change)
click to toggle source
# File lib/declarative_authorization/development_support/development_support.rb, line 40 def self.apply_change (engine, change) case change[0] when :add_role role_symbol = change[1] if engine.roles.include?(role_symbol) false else engine.roles << role_symbol true end when :add_privilege privilege, context, role = change[1,3] role = Role.for_sym(role.to_sym, engine) privilege = Privilege.for_sym(privilege.to_sym, engine) if ([privilege] + privilege.ancestors).any? {|ancestor_privilege| ([role] + role.ancestors).any? {|ancestor_role| !ancestor_role.rules_for_permission(ancestor_privilege, context).empty?}} false else engine.auth_rules << AuthorizationRule.new(role.to_sym, [privilege.to_sym], [context]) true end when :remove_privilege privilege, context, role = change[1,3] role = Role.for_sym(role.to_sym, engine) privilege = Privilege.for_sym(privilege.to_sym, engine) rules_with_priv = role.rules_for_permission(privilege, context) if rules_with_priv.empty? false else rules_with_priv.each do |rule| rule.rule.privileges.delete(privilege.to_sym) engine.auth_rules.delete(rule.rule) if rule.rule.privileges.empty? end true end end end
relevant_roles(engine, users)
click to toggle source
# File lib/declarative_authorization/development_support/development_support.rb, line 28 def self.relevant_roles (engine, users) users.collect {|user| user.role_symbols.map {|role_sym| Role.for_sym(role_sym, engine)}}. flatten.uniq.collect {|role| [role] + role.ancestors}.flatten.uniq end
roles(engine)
click to toggle source
# File lib/declarative_authorization/development_support/development_support.rb, line 24 def self.roles (engine) Role.all(engine) end
rule_for_permission(engine, privilege, context, role)
click to toggle source
# File lib/declarative_authorization/development_support/development_support.rb, line 33 def self.rule_for_permission (engine, privilege, context, role) AnalyzerEngine.roles(engine). find {|cloned_role| cloned_role.to_sym == role.to_sym}.rules.find do |rule| rule.contexts.include?(context) and rule.privileges.include?(privilege) end end