lib/ddr/auth/roles/role_set_query.rb
module Ddr::Auth
module Roles
#
# RoleSet query interface
#
# @api private
#
class RoleSetQuery
include Enumerable
attr_reader :role_set
def initialize(role_set)
@role_set = role_set
end
def criteria
@criteria ||= {}
end
def where(conditions={})
criteria.merge!(conditions)
self
end
def scope(s)
where(scope: s)
end
def in_policy_scope
scope(Roles::POLICY_SCOPE)
end
def in_resource_scope
scope(Roles::RESOURCE_SCOPE)
end
def agent(a)
where(agent: a)
end
alias_method :group, :agent
def role_type(r)
where(role_type: r)
end
alias_method :type, :role_type
def each(&block)
role_set.select { |role| matches_all?(role) }.each(&block)
end
# Return the list of agents for the Roles matching the criteria.
# @return [Array] the agents
def agents
map { |role| role.agent.first }
end
# Return a list of the permissions granted to the Roles matching the criteria.
# @return [Array<Symbol>] the permissions
def permissions
map(&:permissions).flatten.uniq
end
def detach
DetachedRoleSet.new(self)
end
private
# Return a list of the permissions granted to any of the agents in the given scope
def permissions_for_agents_in_scope(agents, scope)
agent(agents).scope(scope).permissions
end
def matches_all?(role)
criteria.all? { |key, value| matches_one?(role, key, value) }
end
def matches_one?(role, key, value)
Array(value).include?(role.send(key).first)
end
end
end
end