bali 2.1.2 → 2.2.0

checksums.yaml

@@ -1,15 +1,15 @@
 ---
 !binary "U0hBMQ==":
   metadata.gz: !binary |-
-    ZGNkMWUxZjYxNjc3ODBiNzk5ODI4ZWFhMTM3NTgyOGU0MzAzNTZkNA==
+    ZTcxZjc2ZmMyNDgzYWVmMDNjOWNhMzNmNjZiZmNjYTcwMjkzZGE0YQ==
   data.tar.gz: !binary |-
-    OWU3MjVhNjYwM2U0YTM4YWFjZDBkNDRlOGE0MTM1MzVlMDdkZDNiNg==
+    ZTYwYzIwMWE2Nzg1ZjM5YmIwM2RjNTcwY2E2MDQ4OTQ0ZTUzNWZmOA==
 SHA512:
   metadata.gz: !binary |-
-    OGY3ZDhiNTNlNDEzZGMxZmIyNDIyM2E5NmRkZjY1MGI2N2ZiOTE2ZDU0NTIz
-    ZmZhMjMwZTE5NTg4NTM1MjUxOGM0OTNkZTc4NDNiZDdiODBlYzY3MWZkZTIx
-    YTJkZGNlODA4ZTAyMzk5YThkZmNlNWNmMGYzMDJhZjA4MzE5OTg=
+    MDdkNTNhODc2NTRkNmY1NTBmNDk3MTQ3Mzc5YWUwMjBkNmQzODkzYTliOTA3
+    MGJkMjBkMWE0ZTE1ODZkYTY0MmFhMmJmMzMxNTMwM2I0ZWU1ZDE1Y2ZmOWUz
+    N2I0NDg5MGYxZjU1NzMyOWU3MzcwOTJhMmUxOTBkNTQ0YWEzNGQ=
   data.tar.gz: !binary |-
-    MTY1NDQ1MzRiOTRlZjhiNmRiYTZhNjM4MmFjODVlYjg5YzkzZDE4Yzk3Nzlk
-    MWVmODIwM2ZjMDFhYTE0YmM5NDMwODI2Y2RmYmJkNTA4Y2JlYjliZGZiYjY5
-    ZjhhZmFkMmVmMTdjODkyNmUyMTBkOTMwOTAzYWQ4OWYzYmZmNjk=
+    YmI1YjcxMmNmOGFjOWFmZjk1NDA0MGIzZWFlMmEwNTk3ODgxNzVkYzRmZjQz
+    ZTNkNTU4ZWYwYTBjNWNiZDdjZTNjODA2ZTBjNzc0NDRhZTU3MmQ0NWJiZmI0
+    MGViMWE0ZjllNzZjM2U0N2ViYjNjZDYzY2ZlOWRkOTJkNWVhNjM=

data/CHANGELOG.md

@@ -72,3 +72,9 @@
 
 1. `nil` will be printed <nil> when objecting with can! or cannot! for better readability.
 2. Bug fixes on declaring multiple rules with decider. Previously, others were ignored--now, every single rule will get defined whether decider is present or not.
+
+== Version 2.2.0
+
+1. Deprecating `describe` block in favour of `role` block, `describe` is to be deprecated in version 3.0.
+2. Using strategy pattern, heavy refactoring 
+3. Human-readable authorisation error message when invoking !-version of can/cannot, for eg: Role general_user is not allowed to perform operation `update` on My::Transaction 

data/README.md

@@ -28,6 +28,7 @@ And then execute:
 
 1. `cant` and `cant_all` which are used to declare rules will be deprecated on version 3.0, in favor of `cannot` and `cannot_all`. The reason behind this is that `can` and `cant` only differ by 1 letter, it is thought to be better to make it less ambiguous.
 2. `cant?` and subsequently new-introduced `cant!` will be deprecated on version 3.0, in favor of `cannot?` and `cannot!` for the same reason as above.
+3. Since version 2.1.3, `describe` block is replaced with `role` block. `describe` block will be deprecated on version 3.0.
 
 ## Usage
 
@@ -88,21 +89,21 @@ The specification above seems very terrifying, but with Bali, those can be defin
 ```ruby
   Bali.map_rules do
     rules_for My::Transaction do
-      describe(:supreme_user) { can_all }
-      describe :admin_user do
+      role(:supreme_user) { can_all }
+      role :admin_user do
         can_all
         # a more specific rule would be executed even if can_all is present
         can :cancel,
           if: proc { |record| record.payment_channel == "CREDIT_CARD" &&
                               !record.is_settled? }
       end
-      describe "general user", can: [:download]
-      describe "finance" do
+      role "general user", can: [:download]
+      role "finance" do
         can :delete, if: proc { |record| record.is_settled? }
         can :cancel, unless: proc { |record| record.is_settled? }
       end # finance_user description
-      describe :guest, nil { can :report_fraud }
-      describe :client do
+      role :guest, nil { can :report_fraud }
+      role :client do
         can :create
       end
       others do

data/lib/bali/dsl/map_rules_dsl.rb

@@ -42,8 +42,12 @@ class Bali::MapRulesDsl
     raise Bali::DslError, "describe block must be within rules_for block"
   end
 
+  def role(*params)
+    raise Bali::DslError, "role block must be within rules_for block"
+  end
+
   def can(*params)
-    raise Bali::DslError, "can block must be within describe block"
+    raise Bali::DslError, "can block must be within role block"
   end
 
   def cant(*params)
@@ -52,15 +56,15 @@ class Bali::MapRulesDsl
   end
 
   def cannot(*params)
-    raise Bali::DslError, "cant block must be within describe block"
+    raise Bali::DslError, "cant block must be within role block"
   end
 
   def can_all(*params)
-    raise Bali::DslError, "can_all block must be within describe block"
+    raise Bali::DslError, "can_all block must be within role block"
   end
 
   def clear_rules
-    raise Bali::DslError, "clear_rules must be called within describe block"
+    raise Bali::DslError, "clear_rules must be called within role block"
   end
 
   def cant_all(*params)
@@ -69,6 +73,6 @@ class Bali::MapRulesDsl
   end
 
   def cannot_all(*params)
-    raise Bali::DslError, "cant_all block must be within describe block"
+    raise Bali::DslError, "cant_all block must be within role block"
   end
 end

data/lib/bali/dsl/rules_for_dsl.rb

@@ -4,6 +4,11 @@ class Bali::RulesForDsl
   attr_accessor :map_rules_dsl
   attr_accessor :current_rule_group
 
+  # all to be processed subtargets
+  attr_accessor :current_subtargets
+  # rules defined with hash can: [] and cannot: []
+  attr_accessor :shortcut_rules
+
   def initialize(map_rules_dsl)
     @@lock = Mutex.new
     self.map_rules_dsl = map_rules_dsl
@@ -12,123 +17,43 @@ class Bali::RulesForDsl
   def current_rule_class
     self.map_rules_dsl.current_rule_class
   end
+  protected :current_rule_class
 
-  def describe(*params)
+  def role(*params)
     @@lock.synchronize do
-      subtargets = []
-      rules = {}
-
-      params.each do |passed_argument|
-        if passed_argument.is_a?(Symbol) || passed_argument.is_a?(String)
-          subtargets << passed_argument
-        elsif passed_argument.is_a?(NilClass)
-          subtargets << passed_argument
-        elsif passed_argument.is_a?(Array)
-          subtargets += passed_argument
-        elsif passed_argument.is_a?(Hash)
-          rules = passed_argument
-        else
-          raise Bali::DslError, "Allowed argument for describe: symbol, string, nil and hash"
-        end
-      end
-
-      target_class = self.map_rules_dsl.current_rule_class.target_class
-
-      subtargets.each do |subtarget|
-        rule_group = self.current_rule_class.rules_for(subtarget)
-        if rule_group.nil?
-          rule_group = Bali::RuleGroup.new(target_class, subtarget)
-        end
-
-        self.current_rule_group = rule_group
-
+      bali_scrap_actors(*params)
+      bali_scrap_shortcut_rules(*params)
+      current_subtargets.each do |subtarget|
         if block_given?
-          yield
-        else
-          # auth_val is either can or cant
-          rules.each do |auth_val, operations|
-            if operations.is_a?(Array)
-              operations.each do |op|
-                rule = Bali::Rule.new(auth_val, op)
-                self.current_rule_group.add_rule(rule)
-              end
-            else
-              operation = operations # well, basically is 1 only
-              rule = Bali::Rule.new(auth_val, operation)
-              self.current_rule_group.add_rule(rule)
-            end
-          end # each rules
-        end # block_given?
-
-        # add current_rule_group
-        self.map_rules_dsl.current_rule_class.add_rule_group(self.current_rule_group)
-      end # each subtarget
-    end # sync block
-  end # describe
-
-  # others block
-  def others(*params)
-    @@lock.synchronize do
-      rules = {}
-
-      params.each do |passed_argument|
-        if passed_argument.is_a?(Hash)
-          rules = passed_argument
+          bali_process_subtarget(subtarget) do
+            yield
+          end
         else
-          raise Bali::DslError, "Allowed argument for others: hash"
+          bali_process_subtarget(subtarget)
         end
       end
+    end
+  end # role
 
-      self.current_rule_group  = self.map_rules_dsl.current_rule_class.others_rule_group
-
-      if block_given?
+  def describe(*params)
+    puts "Bali Deprecation Warning: describing rules using describe will be deprecated on major release 3.0, use role instead"
+    if block_given?
+      role(*params) do
         yield
-      else
-        rules.each do |auth_val, operations|
-          if operations.is_a?(Array)
-            operations.each do |op|
-              rule = Bali::Rule.new(auth_val, op)
-              self.current_rule_group.add_rule(rule)
-            end
-          else
-            operation = operations
-            rule = Bali::Rule.new(auth_val, operation)
-            self.current_rule_group.add_rule(rule)
-          end
-        end # each rules
-      end # block_given?
-    end # synchronize
-  end # others
-
-  # to define can and cant is basically using this method
-  def bali_process_auth_rules(auth_val, args)
-    conditional_hash = nil
-    operations = []
-
-    # scan args for options
-    args.each do |elm|
-      if elm.is_a?(Hash)
-        conditional_hash = elm
-      else
-        operations << elm
       end
+    else
+      role(*params)
     end
+  end
 
-    # add operation one by one
-    operations.each do |op|
-      rule = Bali::Rule.new(auth_val, op)
-      if conditional_hash
-        if conditional_hash[:if] || conditional_hash["if"]
-          rule.decider = conditional_hash[:if] || conditional_hash["if"]
-          rule.decider_type = :if
-        elsif conditional_hash[:unless] || conditional_hash[:unless]
-          rule.decider = conditional_hash[:unless] || conditional_hash["unless"]
-          rule.decider_type = :unless
-        end
+  # others block
+  def others(*params)
+    if block_given?
+      role("__*__") do
+        yield
       end
-      self.current_rule_group.add_rule(rule)
     end
-  end # bali_process_auth_rules
+  end # others
 
   # clear all defined rules
   def clear_rules
@@ -163,4 +88,101 @@ class Bali::RulesForDsl
     puts "Deprecation Warning: declaring rules with cant_all will be deprecated on major release 3.0, use cannot_all instead"
     cannot_all
   end
+  
+  private
+    def bali_scrap_actors(*params)
+      self.current_subtargets = []
+      params.each do |passed_argument|
+        if passed_argument.is_a?(Symbol) || passed_argument.is_a?(String)
+          self.current_subtargets << passed_argument
+        elsif passed_argument.is_a?(NilClass)
+          self.current_subtargets << passed_argument
+        elsif passed_argument.is_a?(Array)
+          self.current_subtargets += passed_argument
+        end
+      end
+      nil
+    end
+
+    def bali_scrap_shortcut_rules(*params)
+      self.shortcut_rules = {}
+      params.each do |passed_argument|
+        if passed_argument.is_a?(Hash)
+          self.shortcut_rules = passed_argument
+        end
+      end
+      nil
+    end
+
+    def bali_process_subtarget(subtarget)
+      target_class = self.map_rules_dsl.current_rule_class.target_class
+      rule_class = self.map_rules_dsl.current_rule_class
+
+      rule_group = rule_class.rules_for(subtarget)
+
+      if rule_group.nil?
+        rule_group = Bali::RuleGroup.new(target_class, subtarget)
+      end
+
+      self.current_rule_group = rule_group
+
+      if block_given?
+        yield
+      else
+        # auth_val is either can or cannot
+        shortcut_rules.each do |auth_val, operations|
+          if operations.is_a?(Array)
+            operations.each do |op|
+              rule = Bali::Rule.new(auth_val, op)
+              rule_group.add_rule(rule)
+            end
+          else
+            operation = operations # well, basically is 1 only
+            rule = Bali::Rule.new(auth_val, operation)
+            rule_group.add_rule(rule)
+          end
+        end # each rules
+      end # block_given?
+
+      # add current_rule_group
+      rule_class.add_rule_group(rule_group)
+
+      nil
+    end
+
+    # to define can and cant is basically using this method
+    def bali_process_auth_rules(auth_val, args)
+      conditional_hash = nil
+      operations = []
+
+      # scan args for options
+      args.each do |elm|
+        if elm.is_a?(Hash)
+          conditional_hash = elm
+        else
+          operations << elm
+        end
+      end
+
+      # add operation one by one
+      operations.each do |op|
+        rule = Bali::Rule.new(auth_val, op)
+        bali_embed_conditions(rule, conditional_hash)
+        self.current_rule_group.add_rule(rule)
+      end
+    end # bali_process_auth_rules
+
+    # process conditional statement in rule definition
+    def bali_embed_conditions(rule, conditional_hash = nil)
+      return if conditional_hash.nil?
+
+      condition_type = conditional_hash.keys[0].to_s.downcase
+      condition_type_symb = condition_type.to_sym
+
+      if condition_type_symb == :if || condition_type_symb == :unless
+        rule.decider = conditional_hash.values[0]
+        rule.decider_type = condition_type_symb
+      end
+      nil
+    end
 end # class

data/lib/bali/foundations/all_foundations.rb

@@ -9,3 +9,9 @@ require_relative "rule/rule"
 require_relative "rule/rule_class"
 require_relative "rule/rule_group"
 
+# role extractor
+require_relative "role_extractor"
+
+require_relative "judger/judge"
+require_relative "judger/negative_judge"
+require_relative "judger/positive_judge"

data/lib/bali/foundations/exceptions/authorization_error.rb

@@ -11,9 +11,28 @@ class Bali::AuthorizationError < Bali::Error
   # whether a class or an object
   attr_accessor :target
 
+  def target_proper_class
+    if target.is_a?(Class)
+      target
+    else
+      target.class
+    end
+  end
+
   def to_s
-    # better error message for nil, so that it won't be empty
-    role = self.role ? self.role : "<nil>"
-    "Role #{role} is performing #{operation} using precedence #{auth_level}"
+    role = humanise_value(self.role)
+    operation = humanise_value(self.operation)
+    auth_level = humanise_value(self.auth_level)
+
+    if auth_level == :can
+      "Role #{role} is not allowed to perform operation `#{operation}` on #{target_proper_class}"
+    else
+      "Role #{role} is allowed to perform operation `#{operation}` on #{target_proper_class}"
+    end
   end
+
+  private
+    def humanise_value(val)
+      val.nil? ? "<nil>" : val
+    end
 end

data/lib/bali/foundations/judger/judge.rb

@@ -0,0 +1,329 @@
+module Bali::Judger
+  # FUZY-ed value is happen when it is not really clear, need further cross checking,
+  # whether it is really allowed or not. It happens for example in block with others, such as this:
+  #
+  # role :finance do
+  #   cannot :view
+  # end
+  # others do
+  #   can :view
+  #   can :index
+  # end
+  #
+  # In the example above, objecting cannot view on finance will result in STRONG_FALSE, but
+  # objecting can index on finance will result in FUZY_TRUE.
+  #
+  # Eventually, all FUZY value will be normal TRUE or FALSE if no definite counterpart
+  # is found/defined
+  BALI_FUZY_FALSE = -2
+  BALI_FUZY_TRUE = 2
+  BALI_FALSE = -1
+  BALI_TRUE = 1
+
+  class Judge
+    attr_accessor :original_subtarget
+    attr_accessor :subtarget
+    attr_accessor :operation
+    # record can be the class, or an instance of a class
+    attr_accessor :record
+
+    # determine if this judger should not call other judger
+    attr_accessor :cross_checking
+
+    # this class is abstract, shouldn't be initialized
+    def initialize(unconstructable = true)
+      if unconstructable
+        raise Bali::Error, "Bali::Judge::Judger is unconstructable, properly construct by using build to get a concrete class!"
+      end
+      self
+    end 
+
+    def self.build(auth_level, options = {})
+      judge = nil
+      if auth_level == :can
+        judge = Bali::Judger::PositiveJudge.new
+      elsif auth_level == :cannot
+        judge = Bali::Judger::NegativeJudge.new
+      else
+        raise Bali::Error, "Unable to find judge for `#{auth_level}` case"
+      end
+
+      judge.original_subtarget = options[:original_subtarget]
+      judge.subtarget = options[:subtarget]
+      judge.operation = options[:operation]
+      judge.record = options[:record]
+      judge.cross_checking = false
+
+      judge
+    end
+
+    def clone(options = {})
+      if options[:reverse]
+        new_judge = Bali::Judger::Judge.build(self.reverse_auth_level)
+      else
+        new_judge = Bali::Judger::Judge.build(self.auth_level)
+      end
+
+      new_judge.subtarget = subtarget
+      new_judge.operation = operation
+      new_judge.record = record
+      new_judge.cross_checking = cross_checking
+      new_judge.original_subtarget = original_subtarget
+
+      new_judge
+    end
+
+    def record_class
+      record.is_a?(Class) ? record : record.class
+    end
+
+    def rule_group
+      unless @rule_group_checked
+        @rule_group = Bali::Integrators::Rule.rule_group_for(record_class, subtarget)
+        @rule_group_checked = true
+      end
+      @rule_group
+    end
+
+    def other_rule_group
+      unless @other_rule_group_checked
+        @other_rule_group = Bali::Integrators::Rule.rule_group_for(record_class, "__*__")
+        @other_rule_group_checked = true
+      end
+      @other_rule_group
+    end
+
+    def rule
+      unless @rule_checked
+        # rule group may be nil, for when user checking for undefined rule group
+        if rule_group
+          @rule = rule_group.get_rule(auth_level, operation)
+        else
+          self.rule = nil
+        end
+      end
+      @rule
+    end
+
+    def rule=(the_rule)
+      @rule = the_rule
+      @rule_checked = true
+      @rule
+    end
+
+    def otherly_rule
+      unless @otherly_rule_checked
+        if other_rule_group
+          # retrieve rule from others group
+          @otherly_rule = other_rule_group.get_rule(auth_level, operation)
+          @otherly_rule_checked = true
+        end
+      end
+      @otherly_rule
+    end
+
+    # return either true or false
+    # options can specify if returning raw, by specifying holy: true
+    def judgement(options = {})
+      # the divine judgement will come to thee, O Thou 
+      # the doer of truth. return raw, untranslated to true/false.
+      our_holy_judgement = nil
+
+      # default of can? is false whenever RuleClass for that class is undefined
+      # or RuleGroup for that subtarget is not defined
+      if rule_group.nil?
+        if other_rule_group.nil?
+          # no more chance for checking
+          our_holy_judgement = natural_value 
+        end
+      end
+
+      if our_holy_judgement.nil? && need_to_check_for_intervention? 
+        our_holy_judgement = check_intervention
+      end
+
+      if our_holy_judgement.nil? && 
+          rule_group && rule_group.plant? &&
+          rule.nil? && otherly_rule.nil?
+        our_holy_judgement = natural_value
+      end
+
+      if our_holy_judgement.nil? && rule.nil?
+        cross_check_value = nil
+        # default if can? for undefined rule is false, after related clause
+        # cannot be found in cannot?
+        unless cross_checking
+          reversed_self = self.clone reverse: true
+          reversed_self.cross_checking = true
+          cross_check_value = reversed_self.judgement holy: true
+        end 
+
+        # if cross check value nil, then the reverse rule is not defined,
+        # let's determine whether he is zeus or plant
+        if cross_check_value.nil?
+          # rule_group can be nil for when user checking under undefined rule-group
+          if rule_group
+            if rule_group.plant?
+              our_holy_judgement = plant_return_value
+            end
+
+            if rule_group.zeus?
+              our_holy_judgement = zeus_return_value
+            end 
+          end # if rule_group exist
+        else
+          # process value from cross checking
+          
+          if can_use_otherly_rule?(cross_check_value, cross_checking)
+            # give chance to check at others block
+            self.rule = otherly_rule
+          else
+            our_holy_judgement = cross_check_reverse_value(cross_check_value)
+          end
+        end
+      end # if our judgement nil and rule is nil
+
+      # if our holy judgement is still nil, but rule is defined
+      if our_holy_judgement.nil? && rule
+        if rule.has_decider?
+          our_holy_judgement = get_decider_result(rule, original_subtarget, record)
+        else
+          our_holy_judgement = default_positive_return_value
+        end
+      end
+
+      # return fuzy if otherly rule defines contrary to this auth_level
+      if our_holy_judgement.nil? && rule.nil? && (other_rule_group && other_rule_group.get_rule(reverse_auth_level, operation))
+        if rule_group && (rule_group.zeus? || rule_group.plant?)
+          # don't overwrite our holy judgement with fuzy value if rule group
+          # zeus/plant, because zeus/plant is more definite than any fuzy values
+          # eventhough the rule is abstractly defined
+        else
+          our_holy_judgement = default_negative_fuzy_return_value
+        end
+      end
+
+      # if at this point still nil, well, 
+      # return the natural value for this judge
+      if our_holy_judgement.nil?
+        if otherly_rule
+          our_holy_judgement = BALI_FUZY_TRUE
+        else
+          our_holy_judgement = natural_value
+        end
+      end
+
+      holy = !!options[:holy]
+      return holy ? our_holy_judgement : translate_holy_judgement(our_holy_judgement)
+    end
+
+    private
+      # translate response for value above to traditional true/false
+      # holy judgement refer to non-standard true/false being used inside Bali
+      # which need to be translated from other beings to know
+      def translate_holy_judgement(bali_bool_value)
+        unless bali_bool_value.is_a?(Integer)
+          raise Bali::Error, "Expect bali value to be an Integer, got: `#{bali_bool_value}`" 
+        end
+        if bali_bool_value < 0
+          return false
+        elsif bali_bool_value > 0
+          return true
+        end
+      end
+
+      def can_use_otherly_rule?(cross_check_value, is_cross_checking)
+        # either if rule from others block is defined, and the result so far is fuzy
+        # or, otherly rule is defined, and it is still a cross check
+        # plus, the result is not a definite BALI_TRUE/BALI_FALSE
+        #
+        # rationalisation:
+        # 1. Definite answer such as BALI_TRUE and BALI_FALSE is to be prioritised over
+        #    FUZY answer, because definite answer is not gathered from others block where
+        #    FUZY answer is. Therefore, it is an intended result
+        # 2. If the answer is FUZY, otherly_rule only be considered if the result
+        #    is either FUZY TRUE or FUZY FALSE, or
+        # 3. Or, when already in cross check mode, we cannot retrieve cross_check_value
+        #    what we can is instead, if otherly rule is available, just to try the odd
+        (!otherly_rule.nil? && cross_check_value && !(cross_check_value == BALI_TRUE || cross_check_value == BALI_FALSE)) ||
+          (!otherly_rule.nil? && (cross_check_value == BALI_FUZY_FALSE || cross_check_value == BALI_FUZY_TRUE)) ||
+          (!otherly_rule.nil? && is_cross_checking && cross_check_value.nil?)
+      end
+
+      # if after cross check (checking for cannot) the return is false,
+      # meaning for us, (checking for can), the return have to be true
+      def cross_check_reverse_value(cross_check_value)
+        # either the return is not fuzy, or otherly rule is undefined
+        if cross_check_value == BALI_TRUE
+          return BALI_FALSE
+        elsif cross_check_value == BALI_FALSE
+          return BALI_TRUE
+        elsif cross_check_value == BALI_FUZY_FALSE 
+          return BALI_FUZY_TRUE
+        elsif cross_check_value == BALI_FUZY_TRUE
+          return BALI_FUZY_FALSE
+        else
+          raise Bali::Error, "Unknown how to process cross check value: `#{cross_check_value}`"
+        end
+      end # cross_check_reverse_value
+
+      def check_intervention
+        if rule.nil?
+          self_clone = self.clone reverse: true
+          self_clone.cross_checking = true
+
+          check_val = self_clone.judgement holy: true
+
+          # check further whether contradicting rule is defined to overwrite this
+          # super-power either can_all or cannot_all rule
+          if check_val == BALI_TRUE
+            # it is defined, must overwrite
+            return BALI_FALSE
+          else
+            # futher inspection said no such overwriting value is exist
+            return BALI_TRUE
+          end # check_val
+        end # if rule nil
+      end # check intervention
+
+      # what is the result when decider is executed
+      # rule: the rule object
+      # original subtarget: raw, unprocessed arugment passed as subtarget
+      def get_decider_result(rule, original_subtarget, record)
+        # must test first
+        decider = rule.decider
+        case decider.arity
+        when 0
+          if rule.decider_type == :if
+            return decider.() ? BALI_TRUE : BALI_FALSE
+          elsif rule.decider_type == :unless
+            unless decider.()
+              return BALI_TRUE
+            else
+              return BALI_FALSE
+            end
+          end
+        when 1
+          if rule.decider_type == :if
+            return decider.(record) ? BALI_TRUE : BALI_FALSE
+          elsif rule.decider_type == :unless
+            unless decider.(record)
+              return BALI_TRUE
+            else
+              return BALI_FALSE
+            end
+          end
+        when 2
+          if rule.decider_type == :if
+            return decider.(record, original_subtarget) ? BALI_TRUE : BALI_FALSE
+          elsif rule.decider_type == :unless
+            unless decider.(record, original_subtarget)
+              return BALI_TRUE
+            else
+              return BALI_FALSE
+            end
+          end
+        end
+      end
+  end # class
+end # module