Class Authorization::Engine
In: lib/declarative_authorization/authorization.rb
Parent: Object

Authorization::Engine implements the reference monitor. It may be used for querying the permission and retrieving obligations under which a certain privilege is granted for the current user.

Methods

Attributes

reader  [R] 

Public Class methods

Returns an instance of Engine, which is created if there isn‘t one yet. If dsl_file is given, it is passed on to Engine.new and a new instance is always created.

If reader is not given, a new one is created with the default authorization configuration of AUTH_DSL_FILES. If given, may be either a Reader object or a path to a configuration file.

Public Instance methods

Returns the description for the given role. The description may be specified with the authorization rules. Returns nil if none was given.

Returns the obligations to be met by the current user for the given privilege as an array of obligation hashes in form of

  [{:object_attribute => obligation_value, ...}, ...]

where obligation_value is either (recursively) another obligation hash or a value spec, such as

  [operator, literal_value]

The obligation hashes in the array should be OR‘ed, conditions inside the hashes AND‘ed.

Example

  {:branch => {:company => [:is, 24]}, :active => [:is, true]}

Options

:context
See permit!
:user
See permit!

Returns true if privilege is met by the current user. Raises AuthorizationError otherwise. privilege may be given with or without context. In the latter case, the :context option is required.

Options:

:context
The context part of the privilege. Defaults either to the tableized class_name of the given :object, if given. That is, :users for :object of type User. Raises AuthorizationUsageError if context is missing and not to be inferred.
:object
An context object to test attribute checks against.
:skip_attribute_test
Skips those attribute checks in the authorization rules. Defaults to false.
:user
The user to check the authorization for. Defaults to Authorization#current_user.
:bang
Should NotAuthorized exceptions be raised Defaults to true.

Calls permit! but doesn‘t raise authorization errors. If no exception is raised, permit? returns true and yields to the optional block.

{[priv, ctx] => [priv, …]}

{[priv, ctx] => [priv, …]}

Returns the role symbols of the given user.

Returns the role symbols and inherritted role symbols for the given user

Returns the title for the given role. The title may be specified with the authorization rules. Returns nil if none was given.

[Validate]