Class: Access
- Inherits:
-
Object
- Object
- Access
- Defined in:
- lib/access.rb,
lib/access/role.rb,
lib/access/user.rb,
lib/access/admin.rb,
lib/access/savable.rb,
lib/access/yamlbase.rb
Defined Under Namespace
Modules: Admin, Savable Classes: Role, Roles, User, YAMLBase
Instance Attribute Summary collapse
-
#default_user ⇒ Object
Returns the value of attribute default_user.
-
#privilege ⇒ Object
readonly
Returns the value of attribute privilege.
-
#role ⇒ Object
readonly
Returns the value of attribute role.
-
#user ⇒ Object
readonly
Returns the value of attribute user.
Instance Method Summary collapse
-
#[](user_id) ⇒ Object
Access users by their id.
-
#correct_credentials?(stored, credentials, user_id) ⇒ Boolean
Validate non-encrypted credentials against stored encrypted credentials.
-
#hash_credentials(credentials, user_id) ⇒ Object
One-way encrypt the credentials.
-
#initialize(user, role, privilege) ⇒ Access
constructor
Description Provides methods to create a user or authenticate an existing.
-
#login(user_id, credentials) ⇒ Object
returns an Access::User if credentials have been correct.
Constructor Details
#initialize(user, role, privilege) ⇒ Access
Description
Provides methods to create a user or authenticate an existing. Also is the bridge between Access::User and Access::Role. Access::User’s should be tied to Access::Framework.
Synopsis
access = Access.new(
Access::YAMLBase.new(Access::User::Base, "./access/user"),
Access::YAMLBase.new(Access::Role::Base, "./access/role"),
Access::YAMLBase.new(Access::Privilege::Base, "./access/privilege")
)
%w(news news/create news/edit news/delete).each { |privilege|
access.privilege.create(privilege, "...description...")
}
{ 'newseditor' => %w(news), 'proofreader' => %w(news/edit) }.each { |role, privileges|
access.role.create(role, "...description...", privileges)
}
testuser = access.user.create("test", "pass")
testuser.activate # inactive users may neither login nor are authorized for anything
testuser.roles.add('proofreader')
testuser.privileges.add('news/delete')
testuser.privileged?('news/edit') # => true
testuser.privileged?('news/create') # => false
testuser.('news/edit') # => false # not logged in
testuser.('news/create') # => false
user = access.login?('test', 'pass')
user.privileged?('news/edit') # => true
user.privileged?('news/create') # => false
user.('news/edit') # => true # only users created via Access#login are authorized
user.('news/create') # => false
55 56 57 58 59 60 61 62 |
# File 'lib/access.rb', line 55 def initialize(user, role, privilege) @user = user @role = role @privilege = privilege [@user, @role, @privilege].each { |base| base.access = self } end |
Instance Attribute Details
#default_user ⇒ Object
Returns the value of attribute default_user.
21 22 23 |
# File 'lib/access.rb', line 21 def default_user @default_user end |
#privilege ⇒ Object (readonly)
Returns the value of attribute privilege.
20 21 22 |
# File 'lib/access.rb', line 20 def privilege @privilege end |
#role ⇒ Object (readonly)
Returns the value of attribute role.
19 20 21 |
# File 'lib/access.rb', line 19 def role @role end |
#user ⇒ Object (readonly)
Returns the value of attribute user.
18 19 20 |
# File 'lib/access.rb', line 18 def user @user end |
Instance Method Details
#[](user_id) ⇒ Object
Access users by their id.
65 66 67 |
# File 'lib/access.rb', line 65 def [](user_id) @user[user_id] end |
#correct_credentials?(stored, credentials, user_id) ⇒ Boolean
Validate non-encrypted credentials against stored encrypted credentials
78 79 80 |
# File 'lib/access.rb', line 78 def correct_credentials?(stored, credentials, user_id) return hash_credentials(credentials, user_id) == stored end |
#hash_credentials(credentials, user_id) ⇒ Object
One-way encrypt the credentials. Currently MD5 is used
83 84 85 |
# File 'lib/access.rb', line 83 def hash_credentials(credentials, user_id) Digest::MD5.hexdigest(credentials+user_id.downcase).upcase end |
#login(user_id, credentials) ⇒ Object
returns an Access::User if credentials have been correct.
70 71 72 73 74 75 |
# File 'lib/access.rb', line 70 def login(user_id, credentials) return nil unless user = @user[user_id] return nil unless correct_credentials?(user.credentials, credentials, user_id) user.login user end |