summaryrefslogtreecommitdiff
path: root/lib/declarative_policy/rule.rb
blob: 964d35cde9e6ae59fb7f65ea576eb246b2b9c6a4 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
# frozen_string_literal: true

module DeclarativePolicy
  module Rule
    # A Rule is the object that results from the `rule` declaration,
    # usually built using the DSL in `RuleDsl`. It is a basic logical
    # combination of building blocks, and is capable of deciding,
    # given a context (instance of DeclarativePolicy::Base) whether it
    # passes or not. Note that this decision doesn't by itself know
    # how that affects the actual ability decision - for that, a
    # `Step` is used.
    class Base
      def self.make(*args)
        new(*args).simplify
      end

      # true or false whether this rule passes.
      # `context` is a policy - an instance of
      # DeclarativePolicy::Base.
      def pass?(context)
        raise 'abstract'
      end

      # same as #pass? except refuses to do any I/O,
      # returning nil if the result is not yet cached.
      # used for accurately scoring And/Or
      def cached_pass?(context)
        raise 'abstract'
      end

      # abstractly, how long would it take to compute
      # this rule? lower-scored rules are tried first.
      def score(context)
        raise 'abstract'
      end

      # unwrap double negatives and nested and/or
      def simplify
        self
      end

      # convenience combination methods
      def or(other)
        Or.make([self, other])
      end

      def and(other)
        And.make([self, other])
      end

      def negate
        Not.make(self)
      end

      alias_method :|, :or
      alias_method :&, :and
      alias_method :~@, :negate

      def inspect
        "#<Rule #{repr}>"
      end
    end

    # A rule that checks a condition. This is the
    # type of rule that results from a basic bareword
    # in the rule dsl (see RuleDsl#method_missing).
    class Condition < Base
      def initialize(name)
        @name = name
      end

      # we delegate scoring to the condition. See
      # ManifestCondition#score.
      def score(context)
        context.condition(@name).score
      end

      # Let the ManifestCondition from the context
      # decide whether we pass.
      def pass?(context)
        context.condition(@name).pass?
      end

      # returns nil unless it's already cached
      def cached_pass?(context)
        condition = context.condition(@name)
        return unless condition.cached?

        condition.pass?
      end

      def description(context)
        context.class.conditions[@name].description
      end

      def repr
        @name.to_s
      end
    end

    # A rule constructed from DelegateDsl - using a condition from a
    # delegated policy.
    class DelegatedCondition < Base
      # Internal use only - this is rescued each time it's raised.
      MissingDelegate = Class.new(StandardError)

      def initialize(delegate_name, name)
        @delegate_name = delegate_name
        @name = name
      end

      def delegated_context(context)
        policy = context.delegated_policies[@delegate_name]
        raise MissingDelegate if policy.nil?

        policy
      end

      def score(context)
        delegated_context(context).condition(@name).score
      rescue MissingDelegate
        0
      end

      def cached_pass?(context)
        condition = delegated_context(context).condition(@name)
        return unless condition.cached?

        condition.pass?
      rescue MissingDelegate
        false
      end

      def pass?(context)
        delegated_context(context).condition(@name).pass?
      rescue MissingDelegate
        false
      end

      def repr
        "#{@delegate_name}.#{@name}"
      end
    end

    # A rule constructed from RuleDsl#can?. Computes a different ability
    # on the same subject.
    class Ability < Base
      attr_reader :ability
      def initialize(ability)
        @ability = ability
      end

      # We ask the ability's runner for a score
      def score(context)
        context.runner(@ability).score
      end

      def pass?(context)
        context.allowed?(@ability)
      end

      def cached_pass?(context)
        runner = context.runner(@ability)
        return unless runner.cached?

        runner.pass?
      end

      def description(context)
        "User can #{@ability.inspect}"
      end

      def repr
        "can?(#{@ability.inspect})"
      end
    end

    # Logical `and`, containing a list of rules. Only passes
    # if all of them do.
    class And < Base
      attr_reader :rules
      def initialize(rules)
        @rules = rules
      end

      def simplify
        simplified_rules = @rules.flat_map do |rule|
          simplified = rule.simplify
          case simplified
          when And then simplified.rules
          else [simplified]
          end
        end

        And.new(simplified_rules)
      end

      def score(context)
        return 0 unless cached_pass?(context).nil?

        # note that cached rules will have score 0 anyways.
        @rules.map { |r| r.score(context) }.inject(0, :+)
      end

      def pass?(context)
        # try to find a cached answer before
        # checking in order
        cached = cached_pass?(context)
        return cached unless cached.nil?

        @rules.all? { |r| r.pass?(context) }
      end

      def cached_pass?(context)
        @rules.each do |rule|
          pass = rule.cached_pass?(context)

          return pass if pass.nil? || pass == false
        end

        true
      end

      def repr
        "all?(#{rules.map(&:repr).join(', ')})"
      end
    end

    # Logical `or`. Mirrors And.
    class Or < Base
      attr_reader :rules
      def initialize(rules)
        @rules = rules
      end

      def pass?(context)
        cached = cached_pass?(context)
        return cached unless cached.nil?

        @rules.any? { |r| r.pass?(context) }
      end

      def simplify
        simplified_rules = @rules.flat_map do |rule|
          simplified = rule.simplify
          case simplified
          when Or then simplified.rules
          else [simplified]
          end
        end

        Or.new(simplified_rules)
      end

      def cached_pass?(context)
        @rules.each do |rule|
          pass = rule.cached_pass?(context)

          return pass if pass.nil? || pass == true
        end

        false
      end

      def score(context)
        return 0 unless cached_pass?(context).nil?

        @rules.map { |r| r.score(context) }.inject(0, :+)
      end

      def repr
        "any?(#{@rules.map(&:repr).join(', ')})"
      end
    end

    class Not < Base
      attr_reader :rule
      def initialize(rule)
        @rule = rule
      end

      def simplify
        case @rule
        when And then Or.new(@rule.rules.map(&:negate)).simplify
        when Or then And.new(@rule.rules.map(&:negate)).simplify
        when Not then @rule.rule.simplify
        else Not.new(@rule.simplify)
        end
      end

      def pass?(context)
        !@rule.pass?(context)
      end

      def cached_pass?(context)
        case @rule.cached_pass?(context)
        when nil then nil
        when true then false
        when false then true
        end
      end

      def score(context)
        @rule.score(context)
      end

      def repr
        "~#{@rule.repr}"
      end
    end
  end
end