Class: AbilityAnalysis

Inherits:

Object

• Object
• AbilityAnalysis

Defined in:

lib/ability_analysis.rb

Overview

Tools to assist with analysing permissions

Defined Under Namespace

Classes: SpecGenerator, UserStub

Constant Summary

ALIAS =

{ update: [:edit], show: [:read], index: [:read], manage: %i[create edit read delete] }.freeze

AUTHORIZED_ROLES =

Roles associated with an authorizable

{
  'manager' => %w[project study],
  'follower' => %w[project study],
  'owner' => %w[project sample study]
}.freeze

BASE_ABILITIES =

These were pulled directly out of Sequencescape by finding can?[ (]:w+, *[w@_]+ and then were re-jigged semi-manually

{
  'AssetGroup' => %i[create edit read delete],
  'BaitLibrary' => %i[create edit read delete],
  'BarcodePrinter' => %i[create edit read delete],
  'Batch' => [:rollback],
  'Comment' => %i[create delete],
  'CustomText' => %i[create edit read delete],
  'Delayed::Job' => [:read],
  'Document' => [:delete],
  'FacultySponsor' => %i[create edit read delete],
  'GelsController' => %i[create edit read delete],
  'Labware' => %i[rename change_purpose edit],
  'Order' => [:create],
  'Plate' => [:convert_to_tube],
  'PlateTemplate' => [:read],
  'PrimerPanel' => %i[create edit read delete],
  'Program' => %i[create edit read delete],
  'Project' => %i[administer edit create],
  'Purpose' => %i[create edit read delete],
  'QcDecision' => [:create],
  'Receptacle' => %i[edit close],
  'ReferenceGenome' => %i[create edit read delete],
  'Request' => %i[
    create_additional
    copy
    cancel
    change_priority
    see_previously_failed
    edit_additional
    reset_qc_information
    edit
    change_decision
  ],
  'Robot' => %i[create edit read delete],
  'Role' => %i[create administer edit read delete],
  'Sample' => %i[edit release accession],
  'SampleLogisticsController' => [:read],
  'SampleManifest' => [:create],
  'Sequencescape' => [:administer],
  'Study' => %i[administer unlink_sample link_sample edit create activate deactivate print_asset_group_labels],
  'Submission' => %i[create read edit delete change_priority],
  'Supplier' => [:create],
  'TagGroup' => [:create],
  'TagLayoutTemplate' => [:create],
  'User' => [:administer]
}.freeze

Instance Attribute Summary

• #ability ⇒ Object readonly

  Returns the value of attribute ability.

• #permissions ⇒ Object readonly

  Returns the value of attribute permissions.

• #roles ⇒ Object readonly

  Returns the value of attribute roles.

Instance Method Summary

• #abilities_for(user) ⇒ Object
• #ability_for_role(role_name) ⇒ Ability

  Returns an Ability for a user with a role named role_name.

• #all_roles ⇒ Object
• #generate_spec(output = $stdout) ⇒ Object
• #initialize(permissions: BASE_ABILITIES, roles: Role.keys, ability: Ability) ⇒ AbilityAnalysis constructor

  A new instance of AbilityAnalysis.

• #permission_matrix ⇒ Array

  Returns a matrix of permission in the format [ ModelClass, [ [:action, [*permissions_for_each_role]] ]].

• #sorted_permissions ⇒ Object

  Returns an array of arrays in the format: [[Model, [:permissions]]].

• #user_with_roles(*role_names) ⇒ Object

Constructor Details

#initialize(permissions: BASE_ABILITIES, roles: Role.keys, ability: Ability) ⇒ AbilityAnalysis

Returns a new instance of AbilityAnalysis.

# File 'lib/ability_analysis.rb', line 67

def initialize(permissions: BASE_ABILITIES, roles: Role.keys, ability: Ability)
  @roles = roles
  @permissions = permissions.deep_dup
  @ability = ability
  populate_permissions
  @permissions.freeze
end

Instance Attribute Details

#ability ⇒ Object (readonly)

Returns the value of attribute ability.

# File 'lib/ability_analysis.rb', line 5

def ability
  @ability
end

#permissions ⇒ Object (readonly)

Returns the value of attribute permissions.

# File 'lib/ability_analysis.rb', line 5

def permissions
  @permissions
end

#roles ⇒ Object (readonly)

Returns the value of attribute roles.

# File 'lib/ability_analysis.rb', line 5

def roles
  @roles
end

Instance Method Details

#abilities_for(user) ⇒ Object

# File 'lib/ability_analysis.rb', line 79

def abilities_for(user)
  ability.new(user)
end

#ability_for_role(role_name) ⇒ Ability

Returns an Ability for a user with a role named role_name

Parameters:

• role_name (String) —

  The name of a role

Returns:

• (Ability) —

  An ability covering the role

# File 'lib/ability_analysis.rb', line 119

def ability_for_role(role_name)
  abilities_for(user_with_roles(role_name))
end

#all_roles ⇒ Object

# File 'lib/ability_analysis.rb', line 89

def all_roles
  ['Logged Out', 'Basic User', *roles]
end

#generate_spec(output = $stdout) ⇒ Object

# File 'lib/ability_analysis.rb', line 75

def generate_spec(output = $stdout)
  AbilityAnalysis::SpecGenerator.new(self, output:).generate
end

#permission_matrix ⇒ Array

Returns a matrix of permission in the format [ ModelClass, [ [:action, [*permissions_for_each_role]] ]]

Returns:

• (Array) —

  Nested array of each model and their permissions

# File 'lib/ability_analysis.rb', line 101

def permission_matrix
  abilities = [abilities_for(nil), abilities_for(user_with_roles), *roles.map { |role| ability_for_role(role) }]
  sorted_permissions.map do |model, actions|
    [model, actions.map { |action| [action, abilities.map { |ability| check_ability?(ability, action, model) }] }]
  end
end

#sorted_permissions ⇒ Object

Returns an array of arrays in the format: [[Model, [:permissions]]]

# File 'lib/ability_analysis.rb', line 85

def sorted_permissions
  permissions.sort_by(&:first)
end

#user_with_roles(*role_names) ⇒ Object

# File 'lib/ability_analysis.rb', line 108

def user_with_roles(*role_names)
  UserStub.new('user_id', role_names)
end