2016-08-11 22:12:52 +00:00
|
|
|
class BasePolicy
|
2016-08-30 18:09:21 +00:00
|
|
|
class RuleSet
|
|
|
|
|
attr_reader :can_set, :cannot_set
|
|
|
|
|
def initialize(can_set, cannot_set)
|
|
|
|
|
@can_set = can_set
|
|
|
|
|
@cannot_set = cannot_set
|
|
|
|
|
end
|
|
|
|
|
|
2017-02-22 17:51:46 +00:00
|
|
|
delegate :size, to: :to_set
|
2016-08-30 18:42:23 +00:00
|
|
|
|
2016-08-30 18:09:21 +00:00
|
|
|
def self.empty
|
|
|
|
|
new(Set.new, Set.new)
|
|
|
|
|
end
|
|
|
|
|
|
2017-02-28 21:08:07 +00:00
|
|
|
def self.none
|
|
|
|
|
empty.freeze
|
|
|
|
|
end
|
|
|
|
|
|
2016-08-30 18:09:21 +00:00
|
|
|
def can?(ability)
|
|
|
|
|
@can_set.include?(ability) && !@cannot_set.include?(ability)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def include?(ability)
|
|
|
|
|
can?(ability)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def to_set
|
|
|
|
|
@can_set - @cannot_set
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def merge(other)
|
|
|
|
|
@can_set.merge(other.can_set)
|
|
|
|
|
@cannot_set.merge(other.cannot_set)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def can!(*abilities)
|
|
|
|
|
@can_set.merge(abilities)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def cannot!(*abilities)
|
|
|
|
|
@cannot_set.merge(abilities)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def freeze
|
|
|
|
|
@can_set.freeze
|
|
|
|
|
@cannot_set.freeze
|
|
|
|
|
super
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2016-08-12 18:36:16 +00:00
|
|
|
def self.abilities(user, subject)
|
|
|
|
|
new(user, subject).abilities
|
|
|
|
|
end
|
|
|
|
|
|
2016-08-16 18:10:34 +00:00
|
|
|
def self.class_for(subject)
|
2017-02-28 21:08:07 +00:00
|
|
|
return GlobalPolicy if subject == :global
|
|
|
|
|
raise ArgumentError, 'no policy for nil' if subject.nil?
|
2016-08-16 23:29:19 +00:00
|
|
|
|
2017-01-10 22:41:04 +00:00
|
|
|
if subject.class.try(:presenter?)
|
2017-01-09 20:43:15 +00:00
|
|
|
subject = subject.subject
|
|
|
|
|
end
|
|
|
|
|
|
2016-08-16 19:55:44 +00:00
|
|
|
subject.class.ancestors.each do |klass|
|
|
|
|
|
next unless klass.name
|
|
|
|
|
|
|
|
|
|
begin
|
|
|
|
|
policy_class = "#{klass.name}Policy".constantize
|
|
|
|
|
|
2016-08-30 22:55:28 +00:00
|
|
|
# NOTE: the < operator here tests whether policy_class
|
2016-08-16 19:55:44 +00:00
|
|
|
# inherits from BasePolicy
|
|
|
|
|
return policy_class if policy_class < BasePolicy
|
|
|
|
|
rescue NameError
|
|
|
|
|
nil
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
raise "no policy for #{subject.class.name}"
|
2016-08-16 18:10:34 +00:00
|
|
|
end
|
|
|
|
|
|
2016-08-12 18:36:16 +00:00
|
|
|
attr_reader :user, :subject
|
2016-08-11 22:12:52 +00:00
|
|
|
def initialize(user, subject)
|
|
|
|
|
@user = user
|
|
|
|
|
@subject = subject
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def abilities
|
2017-02-28 21:08:07 +00:00
|
|
|
return RuleSet.none if @user && @user.blocked?
|
2016-08-12 18:36:16 +00:00
|
|
|
return anonymous_abilities if @user.nil?
|
|
|
|
|
collect_rules { rules }
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def anonymous_abilities
|
|
|
|
|
collect_rules { anonymous_rules }
|
2016-08-11 22:12:52 +00:00
|
|
|
end
|
|
|
|
|
|
2016-08-16 18:10:34 +00:00
|
|
|
def anonymous_rules
|
|
|
|
|
rules
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def delegate!(new_subject)
|
2016-08-30 18:09:21 +00:00
|
|
|
@rule_set.merge(Ability.allowed(@user, new_subject))
|
2016-08-11 22:12:52 +00:00
|
|
|
end
|
|
|
|
|
|
2016-08-16 19:05:44 +00:00
|
|
|
def can?(rule)
|
2016-08-30 18:09:21 +00:00
|
|
|
@rule_set.can?(rule)
|
2016-08-16 19:05:44 +00:00
|
|
|
end
|
|
|
|
|
|
2016-08-11 22:12:52 +00:00
|
|
|
def can!(*rules)
|
2016-08-30 18:09:21 +00:00
|
|
|
@rule_set.can!(*rules)
|
2016-08-11 22:12:52 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def cannot!(*rules)
|
2016-08-30 18:09:21 +00:00
|
|
|
@rule_set.cannot!(*rules)
|
2016-08-11 22:12:52 +00:00
|
|
|
end
|
2016-08-12 18:36:16 +00:00
|
|
|
|
|
|
|
|
private
|
|
|
|
|
|
|
|
|
|
def collect_rules(&b)
|
2016-08-30 18:09:21 +00:00
|
|
|
@rule_set = RuleSet.empty
|
2016-08-12 18:36:16 +00:00
|
|
|
yield
|
2016-08-30 18:09:21 +00:00
|
|
|
@rule_set
|
2016-08-12 18:36:16 +00:00
|
|
|
end
|
2016-08-11 22:12:52 +00:00
|
|
|
end
|
