module Eaco::Resource::ClassMethods
Singleton methods added to authorized Resources.
Public Instance Methods
Checks whether the {ACL} and permissions defined on this Resource
allow the given actor
to perform the given action
on it, that depends on the role
the user has on the resource, calculated from the {ACL}.
@param action [Symbol] @param actor [Actor] @param resource [Resource]
@return [Boolean]
# File lib/eaco/resource.rb, line 55 def allows?(action, actor, resource) return true if actor.is_admin? role = role_of(actor, resource) return false unless role perms = permissions[role] return false unless perms perms.include?(action.to_sym) end
The permissions defined for each role.
@return [Hash] the defined permissions, keyed by role
@see DSL::Resource::Permissions
# File lib/eaco/resource.rb, line 110 def permissions end
@return [Boolean] checks whether the given role
is valid in the context of this Resource
.
@param role [Symbol] role name.
# File lib/eaco/resource.rb, line 39 def role?(role) roles.include?(role.to_sym) end
@return [Symbol] the given actor
role in the given resource, or nil
if no access is granted.
@param actor_or_designator [Actor or Designator] @param resource [Resource]
# File lib/eaco/resource.rb, line 74 def role_of(actor_or_designator, resource) designators = if actor_or_designator.is_a?(Eaco::Designator) [actor_or_designator] elsif actor_or_designator.respond_to?(:designators) actor_or_designator.designators else raise Error, <<-EOF #{__method__} expects #{actor_or_designator.inspect} to be a Designator or to `respond_to?(:designators)` EOF end role_priority = nil resource.acl.each do |designator, role| if designators.include?(designator) priority = roles_priority[role] end if priority && (role_priority.nil? || priority < role_priority) role_priority = priority break if role_priority == 0 end end roles[role_priority] if role_priority end
The defined roles.
@return [Array]
@see DSL::Resource
# File lib/eaco/resource.rb, line 119 def roles end
Roles' priority map keyed by role symbol.
@return [Hash]
@see DSL::Resource
# File lib/eaco/resource.rb, line 128 def roles_priority end
Role labels map keyed by role symbol
@return [Hash]
@see DSL::Resource
# File lib/eaco/resource.rb, line 137 def roles_with_labels end