module Ez::Permissions::API::Authorize

Public Instance Methods

authorize(model, *actions, resource, scoped: nil, raise_exception: false) { || ... } click to toggle source

TODO: Extract object rubocop:disable all

# File lib/ez/permissions/api/authorize.rb, line 23
def authorize(model, *actions, resource, scoped: nil, raise_exception: false)
  return handle_no_permission_model_callback.call(self) if handle_no_permission_model_callback && !model

  if can?(model, *actions, resource, scoped: scoped)
    if block_given?
      return yield
    else
      return true
    end
  end

  if handle_not_authorized_callback
    handle_not_authorized_callback.call(self)
  elsif raise_exception
    raise NotAuthorizedError, not_authorized_msg(model, actions, resource, scoped)
  else
    false
  end
end
authorize!(model, *actions, resource, scoped: nil, &block) click to toggle source
# File lib/ez/permissions/api/authorize.rb, line 17
def authorize!(model, *actions, resource, scoped: nil, &block)
  authorize(model, *actions, resource, scoped: scoped, raise_exception: true, &block)
end
can?(model, *actions, resource, scoped: nil) click to toggle source

rubocop:enable all

# File lib/ez/permissions/api/authorize.rb, line 44
def can?(model, *actions, resource, scoped: nil)
  permissions(model, *actions, resource, scoped: scoped).any?
end
model_permissions(model) click to toggle source
# File lib/ez/permissions/api/authorize.rb, line 9
def model_permissions(model)
  ModelPermissions.new(
    model.permissions.each_with_object({}) do |permission, acum|
      acum["#{permission.action}_#{permission.resource}".to_sym] = true
    end
  )
end

Private Instance Methods

handle_no_permission_model_callback() click to toggle source
# File lib/ez/permissions/api/authorize.rb, line 69
def handle_no_permission_model_callback
  Ez::Permissions.config.handle_no_permission_model
end
handle_not_authorized_callback() click to toggle source
# File lib/ez/permissions/api/authorize.rb, line 73
def handle_not_authorized_callback
  Ez::Permissions.config.handle_not_authorized
end
not_authorized_msg(model, actions, resource, scoped = nil) click to toggle source
# File lib/ez/permissions/api/authorize.rb, line 62
def not_authorized_msg(model, actions, resource, scoped = nil)
  msg = "#{model.class}##{model.id} is not authorized to [#{actions.join(', ')} -> #{resource}]"
  msg = "#{msg} for #{scoped.class}##{scoped.id}" if scoped

  msg
end
permissions(model, *actions, resource, scoped: nil) click to toggle source
# File lib/ez/permissions/api/authorize.rb, line 50
def permissions(model, *actions, resource, scoped: nil)
  # TODO: Refactor to 1 query with joins
  role_ids = model.assigned_roles.where(scoped: scoped).pluck(:role_id)
  permission_ids = Ez::Permissions::PermissionRole.where(role_id: role_ids).pluck(:permission_id)

  Ez::Permissions::Permission.where(
    id: permission_ids,
    resource: resource,
    action: actions.map(&:to_s)
  )
end