Class: Parse::ACL
Overview
An ACL represents the dirty-trackable Parse Permissions object used for each record. In Parse, it is composed a hash-like object that represent User objectIds and/or a set of Role names. For each entity (ex. User/Role/Public), you can define read/write privileges on a particular record through a Permission instance.
If you want to give privileges for an action (ex. read/write), you set that particular permission it to true. If you want to deny a permission, then you set it to false. Any denied permissions will not be part of the final hash structure that is sent to parse, as omission of a permission means denial.
An ACL is represented by a JSON object with the keys being Parse::User object ids or the special key of “*”, which indicates the public access permissions. The value of each key in the hash is a Permission object which defines the boolean permission state for read and write. The example below illustrates a Parse ACL JSON object where there is a public read permission, but public write is prevented. In addition, the user with id “3KmCvT7Zsb” is allowed to both read and write this record, and the “Admins” role is also allowed write access.
{
"*": { "read": true },
"3KmCvT7Zsb": { "read": true, "write": true },
"role:Admins": { "write": true }
}
All Parse::Object subclasses have an acl property by default. With this property, you can apply and delete permissions for this particular Parse object record.
user = Parse::User.first
artist = Artist.first
artist.acl # "*": { "read": true, "write": true }
# apply public read, but no public write
artist.acl.everyone true, false
# allow user to have read and write access
artist.acl.apply user.id, true, true
# remove all permissions for this user id
artist.acl.delete user.id
# allow the 'Admins' role read and write
artist.acl.apply_role "Admins", true, true
# remove write from all attached privileges
artist.acl.no_write!
# remove all attached privileges
artist.acl.master_key_only!
artist.save
You may also set default ACLs for your subclasses by using Object.set_default_acl. These will be get applied for newly created instances. All subclasses have public read and write enabled by default.
class AdminData < Parse::Object
# Disable public read and write
set_default_acl :public, read: true, write: false
# Allow Admin roles to read/write
set_default_acl 'Admin', role: true, read: true, write: true
end
data = AdminData.new
data.acl # => ACL({"role:Admin"=>{"read"=>true, "write"=>true}})
For more information about Parse record ACLs, see the documentation on Security.
Defined Under Namespace
Classes: Permission
Constant Summary collapse
- PUBLIC =
The key field value for public permissions.
"*".freeze
Instance Attribute Summary collapse
- #delegate ⇒ Object
The instance object to be notified of changes.
- #permissions ⇒ Hash
Contains a hash structure of permissions, with keys mapping to either Public '*', a role name or an objectId for a user and values of type Permission.
Class Method Summary collapse
- .everyone(read = true, write = true) ⇒ Object
Create a new ACL with default Public read/write permissions and any overrides from the input hash format.
- .permission(read, write = nil) ⇒ ACL::Permission
Create a new ACL::Permission instance with the supplied read and write values.
- .typecast(value, delegate = nil) ⇒ ACL
Used for object conversion when formatting the input/output value in Parse::Object properties.
Instance Method Summary collapse
- #==(other_acl) ⇒ Boolean
Determines whether two ACLs or a Parse-ACL hash is equivalent to this object.
- #all_read! ⇒ Array
Grants read permission on all existing users and roles attached to this object.
- #all_write! ⇒ Array
Grants write permission on all existing users and roles attached to this object.
- #apply(id, read = nil, write = nil) ⇒ Hash (also: #add)
Apply a new permission with a given objectId, tag or :public.
- #apply_role(name, read = nil, write = nil) ⇒ Object (also: #add_role)
Apply a Role to this ACL.
- #as_json(*args) ⇒ Hash
- #attributes ⇒ Hash
Used for JSON serialization.
- #delete(id) ⇒ Object
Removes a permission for an objectId or user.
- #everyone(read, write) ⇒ Hash (also: #world)
Set the public read and write permissions.
- #initialize(acls = nil, owner: nil) ⇒ ACL constructor
Create a new ACL with default Public read/write permissions and any overrides from the input hash format.
- #master_key_only! ⇒ Hash (also: #clear!)
Removes all ACLs, which only allows requests using the Parse Server master key to query and modify the object.
- #no_read! ⇒ Array
Denies read permission on all existing users and roles attached to this object.
- #no_write! ⇒ Array
Denies write permission on all existing users and roles attached to this object.
- #present? ⇒ Boolean
True if there are any permissions.
- #will_change! ⇒ Object
Calls `acl_will_change!` on the delegate when the permissions have changed.
Constructor Details
#initialize(acls = nil, owner: nil) ⇒ ACL
Create a new ACL with default Public read/write permissions and any overrides from the input hash format.
141 142 143 144 145 | # File 'lib/parse/model/acl.rb', line 141 def initialize(acls = nil, owner: nil) acls = acls.as_json if acls.is_a?(ACL) self.attributes = acls if acls.is_a?(Hash) @delegate = owner end |
Instance Attribute Details
#delegate ⇒ Object
The instance object to be notified of changes. The delegate must support receiving a Object#acl_will_change! method.
118 | # File 'lib/parse/model/acl.rb', line 118 attr_accessor :permissions, :delegate |
#permissions ⇒ Hash
Contains a hash structure of permissions, with keys mapping to either Public '*', a role name or an objectId for a user and values of type Permission. If you modify this attribute directly, you should call Object#acl_will_change! on the target object in order for dirty tracking to register changes.
118 119 120 | # File 'lib/parse/model/acl.rb', line 118 def @permissions end |
Class Method Details
.everyone(read = true, write = true) ⇒ Object
Create a new ACL with default Public read/write permissions and any overrides from the input hash format.
152 153 154 155 156 | # File 'lib/parse/model/acl.rb', line 152 def self.everyone(read = true, write = true) acl = Parse::ACL.new acl.everyone(read, write) acl end |
.permission(read, write = nil) ⇒ ACL::Permission
Create a new ACL::Permission instance with the supplied read and write values.
163 164 165 | # File 'lib/parse/model/acl.rb', line 163 def self.(read, write = nil) ACL::Permission.new(read, write) end |
Instance Method Details
#==(other_acl) ⇒ Boolean
Determines whether two ACLs or a Parse-ACL hash is equivalent to this object.
184 185 186 187 | # File 'lib/parse/model/acl.rb', line 184 def ==(other_acl) return false unless other_acl.is_a?(self.class) || other_acl.is_a?(Hash) as_json == other_acl.as_json end |
#all_read! ⇒ Array
Grants read permission on all existing users and roles attached to this object.
353 354 355 356 357 358 | # File 'lib/parse/model/acl.rb', line 353 def all_read! will_change! .keys.each do |perm| [perm].read! true end end |
#all_write! ⇒ Array
Grants write permission on all existing users and roles attached to this object.
375 376 377 378 379 380 | # File 'lib/parse/model/acl.rb', line 375 def all_write! will_change! .keys.each do |perm| [perm].write! true end end |
#apply(user, read = nil, write = nil) ⇒ Hash #apply(role, read = nil, write = nil) ⇒ Hash #apply(id, read = nil, write = nil) ⇒ Hash Also known as: add
Apply a new permission with a given objectId, tag or :public.
238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 | # File 'lib/parse/model/acl.rb', line 238 def apply(id, read = nil, write = nil) return apply_role(id, read, write) if id.is_a?(Parse::Role) id = id.id if id.is_a?(Parse::Pointer) unless id.present? raise ArgumentError, "Invalid argument applying ACLs: must be either objectId, role or :public" end id = PUBLIC if id.to_sym == :public # create a new Permissions = ACL.(read, write) # if the input is already an Permission object, then set it directly = read if read.is_a?(Parse::ACL::Permission) if .is_a?(ACL::Permission) if [id.to_s] != will_change! # dirty track [id.to_s] = end end end |
#apply_role(role, read = nil, write = nil) ⇒ Object #apply_role(role_name, read = nil, write = nil) ⇒ Object Also known as: add_role
Apply a Role to this ACL.
269 270 271 272 | # File 'lib/parse/model/acl.rb', line 269 def apply_role(name, read = nil, write = nil) name = name.name if name.is_a?(Parse::Role) apply("role:#{name}", read, write) end |
#as_json(*args) ⇒ Hash
310 311 312 | # File 'lib/parse/model/acl.rb', line 310 def as_json(*args) .select { |k, v| v.present? }.as_json end |
#attributes ⇒ Hash
Used for JSON serialization. Only if an attribute is non-nil, do we allow it in the Permissions hash, since omission means denial of priviledge. If the permission value has neither read or write, then the entire record has been denied all privileges
290 291 292 | # File 'lib/parse/model/acl.rb', line 290 def attributes .select { |k, v| v.present? }.as_json end |
#delete(object) ⇒ Object #delete(id) ⇒ Object
Removes a permission for an objectId or user.
211 212 213 214 215 216 217 | # File 'lib/parse/model/acl.rb', line 211 def delete(id) id = id.id if id.is_a?(Parse::Pointer) if id.present? && .has_key?(id) will_change! .delete(id) end end |
#everyone(read, write) ⇒ Hash Also known as: world
Set the public read and write permissions.
193 194 195 196 | # File 'lib/parse/model/acl.rb', line 193 def everyone(read, write) apply(PUBLIC, read, write) [PUBLIC] end |
#master_key_only! ⇒ Hash Also known as: clear!
Removes all ACLs, which only allows requests using the Parse Server master key to query and modify the object.
332 333 334 335 | # File 'lib/parse/model/acl.rb', line 332 def master_key_only! will_change! @permissions = {} end |
#no_read! ⇒ Array
Denies read permission on all existing users and roles attached to this object.
397 398 399 400 401 402 | # File 'lib/parse/model/acl.rb', line 397 def no_read! will_change! .keys.each do |perm| [perm].read! false end end |
#no_write! ⇒ Array
Denies write permission on all existing users and roles attached to this object.
419 420 421 422 423 424 | # File 'lib/parse/model/acl.rb', line 419 def no_write! will_change! .keys.each do |perm| [perm].write! false end end |
#present? ⇒ Boolean
Returns true if there are any permissions.
315 316 317 | # File 'lib/parse/model/acl.rb', line 315 def present? .values.any? { |v| v.present? } end |