Module: Area51::ClassMethods

Defined in:

lib/area_51.rb

Class Method Summary

• .extended(klass) ⇒ Object

Instance Method Summary

• #authorization_trigger(trigger, default_access = nil, &block) ⇒ Object

  Defines a trigger condition that when met, will cause authorization to be performed.

• #restricted_area(path) ⇒ Object

  Ties a restricted path to the authorization trigger.

• #unrestricted_area(path) ⇒ Object

  Ties an unrestricted path to the authorization trigger.

Class Method Details

.extended(klass) ⇒ Object

# File 'lib/area_51.rb', line 45

def self.extended(klass)
  klass.cattr_accessor :authorization_trigger_paths
  klass.cattr_accessor :authorization_triggers
  klass.cattr_accessor :safe_zone
  klass.cattr_accessor :default_access
end

Instance Method Details

#authorization_trigger(trigger, default_access = nil, &block) ⇒ Object

Defines a trigger condition that when met, will cause authorization to be performed.

The trigger can be either a String, lambda, or Proc. If a String, it will be eval‘d, if a lambda or Proc, it will be called, and anything else will be returned as-is. If the result does not return an explicit true, authorization will not be performed.

The default_access parameter, if provided, must be one of :restricted or :unrestricted. The default is :restricted. This specifies what type of access the undefined areas will have. For example:

area_51 do
  authorization_trigger("current_user.active?", :unrestricted) do
    restricted_area "^/memers_only"
    unrestricted_area "^/$"
  end
end

Now if a user tries to access a path that isn’t defined above, they will be granted access due to the :unrestricted parameter.

# File 'lib/area_51.rb', line 74

def authorization_trigger(trigger, default_access = nil, &block)
  trigger = AuthorizationTrigger.new(trigger, default_access)

  yield

  self.authorization_triggers ||= {}
  self.authorization_triggers[trigger] = self.authorization_trigger_paths.dup
  self.authorization_trigger_paths.clear
end

#restricted_area(path) ⇒ Object

Ties a restricted path to the authorization trigger. Must be called within an authorization_trigger block:

authorization_trigger("current_user.signed_in?") do
  restricted_area %r{/top/secret/path/}
end

path can be either a String or a Regexp. If a String, it will be converted to a Regexp.

# File 'lib/area_51.rb', line 94

def restricted_area(path)
  add_path_to_trigger_paths path, :restricted
end

#unrestricted_area(path) ⇒ Object

Ties an unrestricted path to the authorization trigger. Must be called within an authorization_trigger block:

authorization_trigger("current_user.signed_in?") do
  unrestricted_area %r{/top/secret/path/}
end

path can be either a String or a Regexp. If a String, it will be converted to a Regexp.

# File 'lib/area_51.rb', line 108

def unrestricted_area(path)
  add_path_to_trigger_paths path, :unrestricted
end