module Ddr module Auth module Roles # # The assignment of a role to an agent within a scope. # class Role < Valkyrie::Resource DEFAULT_SCOPE = Roles::RESOURCE_SCOPE ValidScope = Valkyrie::Types::Strict::String.enum(*(Roles::SCOPES)) ValidRoleType = Valkyrie::Types::Strict::String.enum(*(Roles::role_types.map(&:title))) attribute :agent, Valkyrie::Types::Strict::String.constrained(min_size: 1) attribute :role_type, ValidRoleType attribute :scope, ValidScope class << self # Build a Role instance from hash attributes # @param args [Hash] the attributes # @return [Role] the role # @example # Role.build type: "Curator", agent: "bob", scope: "resource" def build(args={}) new.tap do |role| args[:role_type] ||= args.delete(:type) args[:agent] ||= nil # Triggers a constraint error args[:agent] = args[:agent].to_s # Coerce Ddr::Auth:Group to string args.each do |attr, val| role.set_value(attr, val) end role.scope ||= DEFAULT_SCOPE end end end # class << self # Roles are considered equal (==) if they # are of the same type and have the same agent and scope. # @param other [Object] the object of comparison # @return [Boolean] the result def ==(other) self.class == other.class && role_type == other.role_type && scope == other.scope && agent == other.agent end alias_method :eql?, :== def in_resource_scope? scope == Roles::RESOURCE_SCOPE end def in_policy_scope? scope == Roles::POLICY_SCOPE end def inspect "#<#{self.class.name} role_type=#{role_type.inspect}, " \ "agent=#{agent.inspect}, scope=#{scope.inspect}>" end # Returns the permissions associated with the role # @return [Array] the permissions def permissions Roles.type_map[role_type].permissions end end end end end