module CantCantCant

Constants

InvalidConfiguration
PermissionDenied
UnfilledAction

Public Class Methods

all_actions() click to toggle source
# File lib/cant_cant_cant.rb, line 70
def all_actions
  @all_actions = nil unless @config.caching
  @all_actions ||= permission_table
                   .values
                   .map(&:keys)
                   .flatten
                   .uniq
                   .to_set
end
allow?(action, roles) click to toggle source
# File lib/cant_cant_cant.rb, line 37
def allow?(action, roles)
  return true if allowed_actions_for(roles).include? action
  return false if denied_actions_for(roles).include?(action)

  case @config.report_unfilled_actions
  # when :ignore, do nothing
  when :warn
    warn "Please fill in CantCantCant permission #{action}"
  when :raise
    raise UnfilledAction, [action, roles]
  end

  case @config.default_policy
  when :allow then true
  when :deny  then false
  end
end
allowed_actions_for(roles) click to toggle source
# File lib/cant_cant_cant.rb, line 55
def allowed_actions_for(roles)
  roles = [roles] unless roles.is_a? Array
  key = roles.sort.join(',')
  return @allow_cache[key] if @allow_cache[key] && @config.caching

  perms = permission_table
          .values_at(*roles.map(&:to_s))
          .select(&:present?)
  allowed_perms = perms
                  .map { |x| x.select { |_, v| v == 'allow' }.keys }
                  .flatten
                  .uniq
  @allow_cache[key] = allowed_perms.to_set
end
denied_actions_for(roles) click to toggle source
# File lib/cant_cant_cant.rb, line 80
def denied_actions_for(roles)
  roles = [roles] unless roles.is_a? Array
  key = roles.sort.join(',')
  return @deny_cache[key] if @deny_cache[key] && @config.caching
  @deny_cache[key] = all_actions - allowed_actions_for(roles)
end
initialize(config, &block) click to toggle source
# File lib/cant_cant_cant.rb, line 12
def initialize(config, &block)
  @config_file = config

  @config = OpenStruct.new(
    injection_mode: :base_controller,
    base_controller: ActionController::Base,
    default_policy: :allow,
    report_unfilled_actions: :ignore,
    caching: true
  )
  @config.instance_eval(&block) if block_given?

  @allow_cache = {}
  @deny_cache = {}

  validate_config

  case @config.injection_mode
  when :base_controller
    inject_base_controller
  when :individual
    inject_individual_actions
  end
end

Private Class Methods

extract_controller(param) click to toggle source
# File lib/cant_cant_cant.rb, line 109
def extract_controller(param)
  controller_param, action = param.split('#')
  raise if controller_param.blank? || action.blank?

  const_name = "#{controller_param.camelize}Controller"
  controller_class = ActiveSupport::Dependencies.constantize(const_name)

  [controller_class, action]
end
inject_base_controller() click to toggle source
# File lib/cant_cant_cant.rb, line 89
def inject_base_controller
  base_controller_class = @config.base_controller
  base_controller_class.before_action CantCantCantAuth
end
inject_individual_actions() click to toggle source
# File lib/cant_cant_cant.rb, line 94
def inject_individual_actions
  controller_actions = all_actions
                       .map { |x| extract_controller(x) }
                       .group_by(&:first)
  controller_actions.each do |controller, actions|
    actions = actions.map(&:second)
    controller.before_action CantCantCantAuth, only: actions
  end
end
permission_table() click to toggle source
# File lib/cant_cant_cant.rb, line 104
def permission_table
  @permission_table = nil unless @config.caching
  @permission_table ||= YAML.load_file(@config_file).freeze
end
validate_config() click to toggle source
# File lib/cant_cant_cant.rb, line 119
def validate_config
  permission_table.each do |_, perms|
    perms.each do |param, access|
      next unless access.blank?
      next unless access.in? %w(allow deny)
      raise InvalidConfiguration, param
    end
  end
end