blob: 12f60d8f76efd74e5329ab3e3120b0ab753f24af (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
class BasePolicy
def self.abilities(user, subject)
new(user, subject).abilities
end
def self.class_for(subject)
subject.class.ancestors.each do |klass|
next unless klass.name
begin
policy_class = "#{klass.name}Policy".constantize
# NB: the < operator here tests whether policy_class
# inherits from BasePolicy
return policy_class if policy_class < BasePolicy
rescue NameError
nil
end
end
raise "no policy for #{subject.class.name}"
end
attr_reader :user, :subject
def initialize(user, subject)
@user = user
@subject = subject
end
def abilities
return anonymous_abilities if @user.nil?
collect_rules { rules }
end
def anonymous_abilities
collect_rules { anonymous_rules }
end
def anonymous_rules
rules
end
def delegate!(new_subject)
@can.merge(BasePolicy.class_for(new_subject).abilities(@user, new_subject))
end
def can?(rule)
@can.include?(rule) && !@cannot.include?(rule)
end
def can!(*rules)
@can.merge(rules)
end
def cannot!(*rules)
@cannot.merge(rules)
end
private
def collect_rules(&b)
return Set.new if @subject.nil?
@can = Set.new
@cannot = Set.new
yield
@can - @cannot
end
end
|
