Class: Authorizer::Base
- Inherits:
-
ApplicationController
- Object
- ActionController::Base
- ApplicationController
- Authorizer::Base
- Defined in:
- lib/authorizer/base.rb
Direct Known Subclasses
Class Method Summary collapse
-
.authorize(options = {}) ⇒ Object
Could’t get alias_method to work.
-
.authorize!(options = {}) ⇒ Object
authorize!.
-
.authorize_user(options) ⇒ Object
authorize_user.
-
.create_ownership(object) ⇒ Object
create_ownership.
-
.find(class_name, what, find_options = {}, authorizer_options = {}) ⇒ Object
find.
-
.is_authorized?(object) ⇒ Boolean
is_authorized?.
-
.remove_authorization(options = {}) ⇒ Object
remove_authorization.
-
.user_is_authorized?(options = {}) ⇒ Boolean
user_is_authorized?.
Class Method Details
.authorize(options = {}) ⇒ Object
Could’t get alias_method to work. Don’t ask me why.
112 113 114 |
# File 'lib/authorizer/base.rb', line 112 def self.( = {}) () end |
.authorize!(options = {}) ⇒ Object
authorize!
Bang version of authorize
56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 |
# File 'lib/authorizer/base.rb', line 56 def self. = {} auth_ok = () # User can override error message = [:message] # Attempt to fetch from I18n begin ||= I18n.translate!("authorizer.access_denied") rescue end # Default error message ||= "You are not authorized to access this resource." raise Authorizer::UserNotAuthorized.new() unless auth_ok auth_ok end |
.authorize_user(options) ⇒ Object
authorize_user
If no user is specified, authorizes the current user. If no role is specified, “owner” is used as role.
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 |
# File 'lib/authorizer/base.rb', line 21 def self.() OptionsChecker.check(, [ :object ]) ret = false object = [:object] role = [:role] || "owner" user = [:user] || get_current_user return false if basic_check_fails?() check_user(user) # Checks done. Let's go. or_ = find_object_role(object, user) # This time, we want it to be nil. if or_.nil? && !user.nil? klazz_name = object.class.to_s object_reference = object.id ObjectRole.create!( :klazz_name => klazz_name, :object_reference => object_reference, :user => user, :role => role ) Rails.logger.debug("Authorizer: created authorization on #{object} for current_user with ID #{user.id} with role #{role}") ret = true end ret end |
.create_ownership(object) ⇒ Object
create_ownership
ObjectRole.create!( :klazz_name => object.class.to_s, :object_reference => object.id, :user => current_user, :role => “owner” )
182 183 184 185 186 187 188 189 190 |
# File 'lib/authorizer/base.rb', line 182 def self.create_ownership object ret = false return ret if basic_check_fails?(object) ret = ( :object => object ) ret end |
.find(class_name, what, find_options = {}, authorizer_options = {}) ⇒ Object
find
From the entire collection of Posts, return the subset that belongs to the current user.
Arguments:
- class_name: which class to use, e.g. "Post"
- what: will be passed on to the ActiveRecord find function (e.g. Post.find(what))
- find_options: will also be passed on (e.g. Post.find(what, find_options))
- authorizer_options: options for authorizer, e.g. { :user => @user }
161 162 163 164 165 166 |
# File 'lib/authorizer/base.rb', line 161 def self.find(class_name, what, = {}, = {}) = { :class_name => class_name, :what => what, :find_options => } = .merge() # options overrides user-specified options. internal_find() end |
.is_authorized?(object) ⇒ Boolean
is_authorized?
172 173 174 |
# File 'lib/authorizer/base.rb', line 172 def self. object :object => object end |
.remove_authorization(options = {}) ⇒ Object
remove_authorization
Remove authorization a user has on a certain object.
122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 |
# File 'lib/authorizer/base.rb', line 122 def self. = {} OptionsChecker.check(, [ :object ]) ret = false return ret if basic_check_fails?() object = [:object] user = [:user] || get_current_user # Check check_user(user) # Checks done. Let's go. or_ = find_object_role(object, user) unless or_.nil? Rails.logger.debug("Authorizer: removed authorization for user ID #{user.id} on #{or_.description}") or_.destroy ret = true end ret end |
.user_is_authorized?(options = {}) ⇒ Boolean
user_is_authorized?
If no user is specified, current_user is used.
80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 |
# File 'lib/authorizer/base.rb', line 80 def self. = {} OptionsChecker.check(, [ :object ]) ret = false check = basic_check_fails?() return ret if check object = [:object] user = [:user] || get_current_user # Checks check_user(user) # Checks done. Let's go. or_ = find_object_role(object, user) # Congratulations, you've been Authorized. unless or_.nil? ret = true end if ret Rails.logger.debug("Authorizer: authorized current_user with ID #{user.id} to access #{or_.description} because of role #{or_.role}") unless user.nil? || or_.nil? else Rails.logger.debug("Authorizer: authorization failed for current_user with ID #{user.id} to access #{object.inspect}") unless user.nil? || object.nil? end ret end |