module RighterForUser
Public Instance Methods
add_role(role)
click to toggle source
# File lib/injections/righter_for_user.rb, line 39 def add_role(role) RighterRight.clear_cache if role.class != RighterRole fail RighterError.new("User.add_role accepts only RighterRole instance as input (provided :#{role.class.inspect})") end righter_roles << role save! end
can?(right_name, resource)
click to toggle source
# File lib/injections/righter_for_user.rb, line 97 def can?(right_name, resource) righter_accessible_resource?(right: right_name, resource: resource) end
grantable_roles()
click to toggle source
# File lib/injections/righter_for_user.rb, line 74 def grantable_roles righter_roles.collect(&:grantable_roles).flatten end
remove_role(role)
click to toggle source
# File lib/injections/righter_for_user.rb, line 48 def remove_role(role) RighterRight.clear_cache if role.class != RighterRole fail RighterError.new("User.add_role accepts only RighterRole instance as input (provided :#{role.class.inspect})") end righter_roles.delete role end
righter_accessible?(opts = {})
click to toggle source
# File lib/injections/righter_for_user.rb, line 56 def righter_accessible?(opts = {}) if opts[:resource] righter_accessible_resource? opts elsif opts[:role] righter_accessible_role? opts[:role] elsif opts[:right] righter_accessible_right? opts[:right] elsif opts[:controller] && opts[:action] righter_accessible_ca? opts[:controller], opts[:action] else fail RighterError.new("User.righter_accessible? expects as parameter role/right/controller+action. provided: #{opts.inspect}") end end
righter_rights()
click to toggle source
@return [Array<RighterRight>} scope returning associated RighterrRights
# File lib/injections/righter_for_user.rb, line 31 def righter_rights @@users_id ||= self.class.arel_table[:id] @@right_id ||= RighterRight.arel_table[:id] @@righter_user_class ||= ActiveModel::Naming.singular(self) right_ids = RighterRight.joins(righter_roles: @@righter_user_class).where(@@users_id.eq(id)).select(@@right_id).collect &:id RighterRight.where id: right_ids.uniq end
update_roles_with_respect_to_grants(list_of_roles)
click to toggle source
should we raise RighterError
when user is trying to break the grant rules ?
# File lib/injections/righter_for_user.rb, line 79 def update_roles_with_respect_to_grants(list_of_roles) user_who_is_updating_roles = User.current_user user_whom_roles_will_be_updated = self RighterRight.clear_cache User.transaction do remove_all_roles_which_can_be_granted grantable_roles = user_who_is_updating_roles.grantable_roles list_of_roles.each do |role| if grantable_roles.include? role user_whom_roles_will_be_updated.add_role role end end end end
Private Instance Methods
_righter_accessible_right?(right)
click to toggle source
# File lib/injections/righter_for_user.rb, line 151 def _righter_accessible_right?(right) fail RighterError.new('no right provided!') unless right righter_role_ids = RighterRightsRighterRole.where(righter_right_id: right.id).collect &:righter_role_id user_role_ids = righter_roles.collect &:id righter_role_ids.each do |righter_role_id| return true if user_role_ids.include?(righter_role_id) end false end
remove_all_roles_which_can_be_granted()
click to toggle source
# File lib/injections/righter_for_user.rb, line 103 def remove_all_roles_which_can_be_granted user_who_is_updating_roles = User.current_user user_whom_roles_will_be_updated = self user_who_is_updating_roles.grantable_roles.each do |grantable_role| if user_whom_roles_will_be_updated.righter_roles.include? grantable_role user_whom_roles_will_be_updated.remove_role grantable_role end end end
righter_accessible_ca?(controller, action)
click to toggle source
# File lib/injections/righter_for_user.rb, line 164 def righter_accessible_ca?(controller, action) all_user_rights = righter_rights.where(controller: controller.to_s) all_user_rights.each do |user_right| if user_right.controller && user_right.actions if user_right.controller.to_sym == controller right_actions = user_right.actions.collect(&:to_sym) return true if right_actions.include?(action) right_actions.each do |right_action| # wildcards return true if right_action.to_s == '*' if right_action.to_s.include?('*') regex = right_action.to_s.gsub('*', '(.*)').gsub('/', '\/') regex_match_result = (action.match /#{regex}/) return true unless regex_match_result.nil? end end end end end false end
righter_accessible_resource?(opts)
click to toggle source
# File lib/injections/righter_for_user.rb, line 114 def righter_accessible_resource?(opts) resource = opts[:resource] fail RighterError('cannot check rights for nil resource') unless resource unless opts[:right] fail RighterError.new('option :right is missing - which right should be checked on a resource?') end unless resource.respond_to?(:righter_right) fail RighterError('cannot check rights for resource which does not respond to righter_right method') end right = resource.righter_right(opts[:right], opts) fail RighterError.new("cannot find resource right #{opts[:right].inspect} for resource #{opts[:resource].inspect}") unless right _righter_accessible_right?(right) end
righter_accessible_right?(right_name)
click to toggle source
# File lib/injections/righter_for_user.rb, line 140 def righter_accessible_right?(right_name) unless [String, Symbol].include?(right_name.class) fail RighterError.new('User.righter_accessible? :right expects right_name as input') end r = RighterRight.cached_find_by_name right_name fail RighterError.new("cannot find righter_right with name #{right_name.inspect}") unless r _righter_accessible_right?(r) end
righter_accessible_role?(role_name)
click to toggle source
# File lib/injections/righter_for_user.rb, line 132 def righter_accessible_role?(role_name) unless [String, Symbol].include?(role_name.class) fail RighterError.new('User.righter_accessible? :role expects role_name as input') end all_user_role_names = righter_roles.collect { |r| r.name.to_sym } all_user_role_names.include? role_name end