module Authorization::DevelopmentSupport::AnalyzerEngine

Groups utility methods and classes to better work with authorization object model.

Public Class Methods

apply_change(engine, change) click to toggle source
# File lib/declarative_authorization/development_support/development_support.rb, line 40
def self.apply_change (engine, change)
  case change[0]
  when :add_role
    role_symbol = change[1]
    if engine.roles.include?(role_symbol)
      false
    else
      engine.roles << role_symbol
      true
    end
  when :add_privilege
    privilege, context, role = change[1,3]
    role = Role.for_sym(role.to_sym, engine)
    privilege = Privilege.for_sym(privilege.to_sym, engine)
    if ([privilege] + privilege.ancestors).any? {|ancestor_privilege| ([role] + role.ancestors).any? {|ancestor_role| !ancestor_role.rules_for_permission(ancestor_privilege, context).empty?}}
      false
    else
      engine.auth_rules << AuthorizationRule.new(role.to_sym,
          [privilege.to_sym], [context])
      true
    end
  when :remove_privilege
    privilege, context, role = change[1,3]
    role = Role.for_sym(role.to_sym, engine)
    privilege = Privilege.for_sym(privilege.to_sym, engine)
    rules_with_priv = role.rules_for_permission(privilege, context)
    if rules_with_priv.empty?
      false
    else
      rules_with_priv.each do |rule|
        rule.rule.privileges.delete(privilege.to_sym)
        engine.auth_rules.delete(rule.rule) if rule.rule.privileges.empty?
      end
      true
    end
  end
end
relevant_roles(engine, users) click to toggle source
# File lib/declarative_authorization/development_support/development_support.rb, line 28
def self.relevant_roles (engine, users)
  users.collect {|user| user.role_symbols.map {|role_sym| Role.for_sym(role_sym, engine)}}.
      flatten.uniq.collect {|role| [role] + role.ancestors}.flatten.uniq
end
roles(engine) click to toggle source
# File lib/declarative_authorization/development_support/development_support.rb, line 24
def self.roles (engine)
  Role.all(engine)
end
rule_for_permission(engine, privilege, context, role) click to toggle source
# File lib/declarative_authorization/development_support/development_support.rb, line 33
def self.rule_for_permission (engine,  privilege, context, role)
  AnalyzerEngine.roles(engine).
        find {|cloned_role| cloned_role.to_sym == role.to_sym}.rules.find do |rule|
      rule.contexts.include?(context) and rule.privileges.include?(privilege)
    end
end