class Authorization::Reader::PrivilegesReader

The PrivilegeReader handles the part of the authorization DSL in a privileges block. Here, privilege hierarchies are defined.

Public Instance Methods

includes(*privileges) click to toggle source

Specifies privileges that are to be assigned as lower ones. Only to be used inside a privilege block.

# File lib/declarative_authorization/reader.rb, line 180
def includes (*privileges)
  raise DSLError, "includes only in privilege block" if @current_priv.nil?
  privileges.each do |priv|
    append_privilege priv
    @privilege_hierarchy[@current_priv] ||= []
    @privilege_hierarchy[@current_priv] << [priv, @current_context]
  end
end
privilege(privilege, context = nil, options = {}, &block) click to toggle source

Defines part of a privilege hierarchy. For the given privilege, included privileges may be defined in the block (through includes) or as option :includes. If the optional context is given, the privilege hierarchy is limited to that context.

# File lib/declarative_authorization/reader.rb, line 163
def privilege (privilege, context = nil, options = {}, &block)
  if context.is_a?(Hash)
    options = context
    context = nil
  end
  @current_priv = privilege
  @current_context = context
  append_privilege privilege
  instance_eval(&block) if block
  includes(*options[:includes]) if options[:includes]
ensure
  @current_priv = nil
  @current_context = nil
end