module Eaco::Adapters::ActiveRecord::PostgresJSONb

Authorized collection extractor on PostgreSQL >= 9.4 and a jsonb column named acl.

TODO negative authorizations (using a separate column?)

@see ACL @see Actor @see Resource

Public Instance Methods

accessible_by(actor) click to toggle source

Uses the json key existance operator +?|+ to check whether one of the Actor's Designator instances exist as keys in the ACL objects.

@param actor [Actor]

@return [ActiveRecord::Relation] the authorized collection scope.

# File lib/eaco/adapters/active_record/postgres_jsonb.rb, line 25
def accessible_by(actor)
  return scoped if actor.is_admin?

  designators = actor.designators.map {|d| sanitize(d) }

  column = "#{connection.quote_table_name(table_name)}.acl"

  where("#{column} ?| array[#{designators.join(',')}]::varchar[]")
end