Module: LogicalAuthz
- Defined in:
- lib/logical_authz.rb,
lib/logical_authz/engine.rb,
lib/logical_authz/generator.rb,
lib/logical_authz/application.rb,
lib/logical_authz/spec_helper.rb,
lib/logical_authz/configuration.rb,
app/helpers/logical_authz_helper.rb,
lib/logical_authz/access_control.rb,
lib/logical_authz/authn_facade/authlogic.rb,
lib/logical_authz/generators/specs/generator.rb,
lib/logical_authz/generators/models/generator.rb,
lib/logical_authz/generators/routes/generator.rb,
lib/logical_authz/generators/controllers/generator.rb
Defined Under Namespace
Modules: AccessControl, Application, ControllerExampleGroupMixin, Helper, Matcher
Classes: AuthnFacade, Configuration, ControllerGenerator, Engine, GroupModelGenerator, LogicalAuthzGenerator, ModelGenerator, PermissionModelGenerator, RoutesGenerator, SpecsGenerator
Constant Summary
collapse
- PermissionSelect =
"controller = :controller AND " +
"group_id IN (:group_ids) AND " +
"((action IS NULL AND subject_id IS NULL) OR " +
"(action IN (:action_names) AND " +
"(subject_id IS NULL OR subject_id = :subject_id)))"
Class Method Summary
collapse
Class Method Details
.check_controller(klass, from_criteria) ⇒ Object
50
51
52
53
54
|
# File 'lib/logical_authz.rb', line 50
def check_controller(klass, from_criteria)
if klass.nil?
raise "Could not determine controller class - criteria[:controller] => #{from_criteria}"
end
end
|
.check_permitted(criteria) ⇒ Object
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
|
# File 'lib/logical_authz.rb', line 56
def check_permitted(criteria)
select_on = {
:group_ids => criteria[:group].map {|grp| grp.id},
:controller => criteria[:controller_path],
:action_names => criteria[:action_aliases].map {|a| a.to_s},
:subject_id => criteria[:id]
}
laz_debug{ "LogicalAuthz: checking permissions: #{select_on.inspect}" }
allowed = LogicalAuthz::Configuration::permission_model.exists?([PermissionSelect, select_on])
unless allowed
laz_debug{ "Denied: #{select_on.inspect}"}
else
laz_debug{ "Allowed: #{select_on.inspect}"}
end
return allowed
end
|
.find_controller(reference) ⇒ Object
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
# File 'lib/logical_authz.rb', line 29
def find_controller(reference)
klass = nil
case reference
when Class
if LogicalAuthz::Application > reference
klass = reference
end
when LogicalAuthz::Application
klass = reference.class
when String, Symbol
klass_name = reference.to_s.camelize + "Controller"
begin
klass = klass_name.constantize
rescue NameError
end
end
return klass
end
|
.inspect_criteria(criteria) ⇒ Object
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
# File 'lib/logical_authz.rb', line 13
def inspect_criteria(criteria)
criteria.inject({}) do |hash, name_value|
name, value = *name_value
case value
when ActiveRecord::Base
hash[name] = {value.class.name => value.id}
when ActionController::Base
hash[name] = value.class
else
hash[name] = value
end
hash
end.inspect
end
|
.is_authorized?(criteria = nil, authz_record = nil) ⇒ Boolean
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
# File 'lib/logical_authz.rb', line 75
def is_authorized?(criteria=nil, authz_record=nil)
criteria ||= {}
authz_record ||= {}
authz_record.merge! :criteria => criteria, :result => nil, :reason => nil
laz_debug{"LogicalAuthz: asked to authorize #{inspect_criteria(criteria)}"}
controller_class = find_controller(criteria[:controller])
laz_debug{"LogicalAuthz: determined controller: #{controller_class.name}"}
check_controller(controller_class, criteria[:controller])
unless controller_class.authorization_needed?(criteria[:action])
laz_debug{"LogicalAuthz: controller says no authz needed."}
authz_record.merge! :reason => :no_authorization_needed, :result => true
else
laz_debug{"LogicalAuthz: checking authorization"}
controller_class.normalize_criteria(criteria)
unless (acl_result = controller_class.check_acls(criteria, authz_record)).nil?
authz_record[:result] = acl_result
else
authz_record.merge! :reason => :default, :result => controller_class.default_authorization
end
end
laz_debug{authz_record}
return authz_record[:result]
end
|
.laz_debug ⇒ Object
5
6
7
8
9
10
11
12
|
# File 'app/helpers/logical_authz_helper.rb', line 5
def laz_debug
if block_given? and LogicalAuthz::Configuration::debugging?
Rails::logger::debug do
msg = yield
String === msg ? msg : msg.inspect
end
end
end
|