Class: Authorizer::Base

Inherits:

ApplicationController

• Object
• ActionController::Base
• ApplicationController
• Authorizer::Base

Defined in:

lib/authorizer/base.rb

Direct Known Subclasses

Admin

Class Method Summary

• .authorize(options = {}) ⇒ Object

  Could’t get alias_method to work.

• .authorize!(options = {}) ⇒ Object

  authorize!.

• .authorize_user(options) ⇒ Object

  authorize_user.

• .create_ownership(object) ⇒ Object

  create_ownership.

• .find(class_name, what, find_options = {}, authorizer_options = {}) ⇒ Object

  find.

• .is_authorized?(object) ⇒ Boolean

  is_authorized?.

• .remove_authorization(options = {}) ⇒ Object

  remove_authorization.

• .user_is_authorized?(options = {}) ⇒ Boolean

  user_is_authorized?.

Class Method Details

.authorize(options = {}) ⇒ Object

Could’t get alias_method to work. Don’t ask me why.

# File 'lib/authorizer/base.rb', line 112

def self.authorize(options = {})
  user_is_authorized?(options)
end

.authorize!(options = {}) ⇒ Object

authorize!

Bang version of authorize

Raises:

• (Authorizer::UserNotAuthorized)

# File 'lib/authorizer/base.rb', line 56

def self.authorize! options = {}
  auth_ok = user_is_authorized?(options)

  # User can override error message
  message = options[:message]
  # Attempt to fetch from I18n
  begin
    message ||= I18n.translate!("authorizer.access_denied")
  rescue
  end
  # Default error message
  message ||= "You are not authorized to access this resource."

  raise Authorizer::UserNotAuthorized.new(message) unless auth_ok

  auth_ok
end

.authorize_user(options) ⇒ Object

authorize_user

If no user is specified, authorizes the current user. If no role is specified, “owner” is used as role.

# File 'lib/authorizer/base.rb', line 21

def self.authorize_user(options)
  OptionsChecker.check(options, [ :object ])

  ret = false

  object = options[:object]
  role = options[:role] || "owner"
  user = options[:user] || get_current_user

  return false if basic_check_fails?(options)

  check_user(user)
  # Checks done. Let's go.

  or_ = find_object_role(object, user)

  # This time, we want it to be nil.
  if or_.nil? && !user.nil?
    klazz_name = object.class.to_s
    object_reference = object.id

    ObjectRole.create!( :klazz_name => klazz_name, :object_reference => object_reference, :user => user, :role => role )
    Rails.logger.debug("Authorizer: created authorization on #{object} for current_user with ID #{user.id} with role #{role}")
    ret = true
  end

  ret
end

.create_ownership(object) ⇒ Object

create_ownership

ObjectRole.create!( :klazz_name => object.class.to_s, :object_reference => object.id, :user => current_user, :role => “owner” )

# File 'lib/authorizer/base.rb', line 182

def self.create_ownership object
  ret = false

  return ret if basic_check_fails?(object)

  ret = authorize_user( :object => object )

  ret
end

.find(class_name, what, find_options = {}, authorizer_options = {}) ⇒ Object

find

From the entire collection of Posts, return the subset that belongs to the current user.

Arguments:

- class_name: which class to use, e.g. "Post"
- what: will be passed on to the ActiveRecord find function (e.g. Post.find(what))
- find_options: will also be passed on (e.g. Post.find(what, find_options))
- authorizer_options: options for authorizer, e.g. { :user => @user }

# File 'lib/authorizer/base.rb', line 161

def self.find(class_name, what, find_options = {}, authorizer_options = {})
  options = { :class_name => class_name, :what => what, :find_options => find_options }
  my_options = authorizer_options.merge(options) # options overrides user-specified options.

  internal_find(my_options)
end

.is_authorized?(object) ⇒ Boolean

is_authorized?

Returns:

• (Boolean)

# File 'lib/authorizer/base.rb', line 172

def self.is_authorized? object
  user_is_authorized? :object => object
end

.remove_authorization(options = {}) ⇒ Object

remove_authorization

Remove authorization a user has on a certain object.

# File 'lib/authorizer/base.rb', line 122

def self.remove_authorization options = {}
  OptionsChecker.check(options, [ :object ])

  ret = false

  return ret if basic_check_fails?(options)

  object = options[:object]
  user = options[:user] || get_current_user

  # Check
  check_user(user)
  # Checks done. Let's go.

  or_ = find_object_role(object, user)

  unless or_.nil?
    Rails.logger.debug("Authorizer: removed authorization for user ID #{user.id} on #{or_.description}")

    or_.destroy

    ret = true
  end

  ret
end

.user_is_authorized?(options = {}) ⇒ Boolean

user_is_authorized?

If no user is specified, current_user is used.

Returns:

• (Boolean)

# File 'lib/authorizer/base.rb', line 80

def self.user_is_authorized? options = {}
  OptionsChecker.check(options, [ :object ])

  ret = false

  check = basic_check_fails?(options)
  return ret if check

  object = options[:object]
  user = options[:user] || get_current_user

  # Checks
  check_user(user)
  # Checks done. Let's go.

  or_ = find_object_role(object, user)
    
  # Congratulations, you've been Authorized.
  unless or_.nil?
    ret = true
  end

  if ret
    Rails.logger.debug("Authorizer: authorized current_user with ID #{user.id} to access #{or_.description} because of role #{or_.role}") unless user.nil? || or_.nil?
  else
    Rails.logger.debug("Authorizer: authorization failed for current_user with ID #{user.id} to access #{object.inspect}") unless user.nil? || object.nil?
  end

  ret
end