lib/proxes/policies/request_policy.rb in proxes-0.9.13 vs lib/proxes/policies/request_policy.rb in proxes-0.10.1

@@ -2,63 +2,62 @@
 
 require 'active_support'
 require 'active_support/core_ext/object/blank'
 require 'ditty/services/logger'
 require 'proxes/models/permission'
-require 'proxes/helpers/indices'
 
 module ProxES
   class RequestPolicy
-    include Helpers::Indices
-
     attr_reader :user, :record
     alias request record
 
     def initialize(user, record)
-      @user = user
+      @user = user || Ditty::User.anonymous_user
       @record = record
     end
 
     def method_missing(method_sym, *arguments, &block)
-      return super if method_sym.to_s[-1] != '?'
+      return super unless respond_to_missing? method_sym
 
-      return true if user && user.super_admin?
-      return false if request.indices? && !index_allowed?
-      action_allowed? method_sym[0..-2].upcase
+      return false if permissions.empty?
+
+      return permissions.count.positive? unless request.indices?
+
+      # Only allow if all the indices match the given permissions
+      request.indices.find do |idx|
+        idx = idx[1..-1] if idx[0] == '-'
+        permissions.find { |perm| perm.index_regex.match idx }.nil?
+      end.nil?
     end
 
     def respond_to_missing?(name, _include_private = false)
       name[-1] == '?'
     end
 
-    def index_allowed?
-      patterns = patterns_for('INDEX').map do |permission|
-        return nil if permission.pattern.blank?
-        permission.pattern.gsub(/\{user.(.*)\}/) { |_match| user.send(Regexp.last_match[1].to_sym) }
-      end.compact
-      filter(request.index, patterns).count > 0
+    def permissions
+      @permissions ||= Permission.for_user(user).for_request(request)
     end
 
-    def action_allowed?(action)
-      # Give me all the user's permissions that match the verb
-      !!patterns_for(action).find { |permission| (request.path =~ /#{permission.pattern}/) }
-    end
-
     class Scope
-      include Helpers::Indices
-
       attr_reader :user, :scope
       alias request scope
 
       def initialize(user, scope)
-        @user = user
+        @user = user || Ditty::User.anonymous_user
         @scope = scope
       end
 
       def resolve
-        current_user = user || Ditty::User.anonymous_user
-        return [] if current_user.nil?
-        filter request.index, patterns
+        return permissions.map(&:index) if request.indices == ['*'] || request.indices == ['_all'] || request.indices.blank?
+
+        request.indices.select do |idx|
+          idx = idx[1..-1] if idx[0] == '-'
+          permissions.find { |perm| perm.index_regex.match idx }
+        end
+      end
+
+      def permissions
+        @permissions ||= Permission.for_user(user).for_request(request)
       end
     end
   end
 end