Class: Access

Inherits:
Object
  • Object
show all
Defined in:
lib/access.rb,
lib/access/role.rb,
lib/access/user.rb,
lib/access/admin.rb,
lib/access/savable.rb,
lib/access/yamlbase.rb

Defined Under Namespace

Modules: Admin, Savable Classes: Role, Roles, User, YAMLBase

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(user, role, privilege) ⇒ Access

Description

Provides methods to create a user or authenticate an existing. Also is the bridge between Access::User and Access::Role. Access::User’s should be tied to Access::Framework.

Synopsis

access = Access.new(
  Access::YAMLBase.new(Access::User::Base,      "./access/user"),
  Access::YAMLBase.new(Access::Role::Base,      "./access/role"),
  Access::YAMLBase.new(Access::Privilege::Base, "./access/privilege")
)
%w(news news/create news/edit news/delete).each { |privilege|
  access.privilege.create(privilege, "...description...")
}
{ 'newseditor' => %w(news), 'proofreader' => %w(news/edit) }.each { |role, privileges|
  access.role.create(role, "...description...", privileges)
}
testuser = access.user.create("test", "pass")
testuser.activate # inactive users may neither login nor are authorized for anything
testuser.roles.add('proofreader')
testuser.privileges.add('news/delete')
testuser.privileged?('news/edit')   # => true
testuser.privileged?('news/create') # => false
testuser.authorized?('news/edit')   # => false # not logged in
testuser.authorized?('news/create') # => false
user = access.login?('test', 'pass')
user.privileged?('news/edit')   # => true
user.privileged?('news/create') # => false
user.authorized?('news/edit')   # => true  # only users created via Access#login are authorized
user.authorized?('news/create') # => false



55
56
57
58
59
60
61
62
 
# File 'lib/access.rb', line 55

def initialize(user, role, privilege)
	@user      = user
	@role      = role
	@privilege = privilege
	[@user, @role, @privilege].each { |base|
		base.access = self
	}
end

Instance Attribute Details

#default_userObject

Returns the value of attribute default_user.



21
22
23
 
# File 'lib/access.rb', line 21

def default_user
  @default_user
end

#privilegeObject (readonly)

Returns the value of attribute privilege.



20
21
22
 
# File 'lib/access.rb', line 20

def privilege
  @privilege
end

#roleObject (readonly)

Returns the value of attribute role.



19
20
21
 
# File 'lib/access.rb', line 19

def role
  @role
end

#userObject (readonly)

Returns the value of attribute user.



18
19
20
 
# File 'lib/access.rb', line 18

def user
  @user
end

Instance Method Details

#[](user_id) ⇒ Object

Access users by their id.



65
66
67
 
# File 'lib/access.rb', line 65

def [](user_id)
	@user[user_id]
end

#correct_credentials?(stored, credentials, user_id) ⇒ Boolean

Validate non-encrypted credentials against stored encrypted credentials

Returns:

  • (Boolean) 


78
79
80
 
# File 'lib/access.rb', line 78

def correct_credentials?(stored, credentials, user_id)
	return hash_credentials(credentials, user_id) == stored
end

#hash_credentials(credentials, user_id) ⇒ Object

One-way encrypt the credentials. Currently MD5 is used



83
84
85
 
# File 'lib/access.rb', line 83

def hash_credentials(credentials, user_id)
	Digest::MD5.hexdigest(credentials+user_id.downcase).upcase
end

#login(user_id, credentials) ⇒ Object

returns an Access::User if credentials have been correct.



70
71
72
73
74
75
 
# File 'lib/access.rb', line 70

def (user_id, credentials)
	return nil unless user = @user[user_id]
	return nil unless correct_credentials?(user.credentials, credentials, user_id)
	user.
	user
end