class Croods::Policy

Constants

DEFAULT_ROLES

Attributes

member[RW]
user[RW]

Public Class Methods

new(user, member) click to toggle source
# File lib/croods/policy.rb, line 9
def initialize(user, member)
  self.user = user
  self.member = member
end

Protected Instance Methods

authorize_action(action) click to toggle source
# File lib/croods/policy.rb, line 98
def authorize_action(action)
  return true if action.public

  return false unless authorize_associations

  roles = action.roles || DEFAULT_ROLES

  roles.each do |role|
    return true if authorize_role(role)
  end

  false
end
authorize_associations() click to toggle source
# File lib/croods/policy.rb, line 82
def authorize_associations
  return true if skip_associations_authorization?
  return false if other_tenant_user?

  associations = list_associations(member)

  return true if associations.empty?

  associations.each do |association|
    association_user = reflection_user(member.public_send(association.name))
    return false if association_user && other_tenant?(association_user)
  end

  true
end
authorize_role(role) click to toggle source
# File lib/croods/policy.rb, line 112
def authorize_role(role)
  return owner? if role.to_sym == :owner

  super?(role)
end
list_associations(record) click to toggle source
# File lib/croods/policy.rb, line 66
def list_associations(record)
  record.class.reflect_on_all_associations(:belongs_to)
end
member_user() click to toggle source
# File lib/croods/policy.rb, line 37
def member_user
  return @member_user if @member_user

  return if member.instance_of?(Class)

  @member_user = reflection_user(member)
end
other_tenant?(user_to_compare) click to toggle source
# File lib/croods/policy.rb, line 70
def other_tenant?(user_to_compare)
  user.tenant != user_to_compare.tenant
end
other_tenant_user?() click to toggle source
# File lib/croods/policy.rb, line 78
def other_tenant_user?
  member.respond_to?(:user) && other_tenant?(member.user)
end
owner?() click to toggle source
# File lib/croods/policy.rb, line 29
def owner?
  return true unless member_user

  return false unless user

  member_user == user
end
reflection_user(record) click to toggle source
# File lib/croods/policy.rb, line 49
def reflection_user(record)
  return unless record

  return record.user if user_is_the_owner?(record)

  associations = list_associations(record)

  return if associations.empty?

  associations.each do |association|
    association_user = reflection_user(record.public_send(association.name))
    return association_user if association_user
  end

  nil
end
role?(role) click to toggle source
# File lib/croods/policy.rb, line 25
def role?(role)
  user&.public_send("#{role}?")
end
skip_associations_authorization?() click to toggle source
# File lib/croods/policy.rb, line 74
def skip_associations_authorization?
  !Croods.multi_tenancy? || member.instance_of?(Class)
end
super?(role) click to toggle source
# File lib/croods/policy.rb, line 19
def super?(role)
  return role?(role) unless Croods.multi_tenancy? && user && member_user

  role?(role) && member_user.tenant == user.tenant
end
user_is_the_owner?(record) click to toggle source
# File lib/croods/policy.rb, line 45
def user_is_the_owner?(record)
  record.respond_to?(:user) && record.resource.user_is_the_owner?
end