Module: LogicalAuthz::Application

Includes:
Helper
Defined in:
lib/logical_authz/application.rb

Defined Under Namespace

Modules: ClassMethods Classes: CheckAuthorization

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Helper

#authorized?, #authorized_menu, #authorized_url?, #button_to_if_authorized, #button_to_remote_if_authorized, #controller_pairs, #criteria_from_url, #groups, #laz_debug, #link_to_if_authorized, #link_to_remote_if_authorized, #nonmembered_groups

Class Method Details

.included(klass) ⇒ Object 



5
6
7
 
# File 'lib/logical_authz/application.rb', line 5

def self.included(klass)
  klass.extend(ClassMethods)
end

Instance Method Details

#check_authorizedObject 



36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
 
# File 'lib/logical_authz/application.rb', line 36

def check_authorized
  current_user = AuthnFacade.current_user(self)

  criteria = {
    :user => current_user, 
    :controller => self.class,
    :action => action_name, 
    :id => params[:id],
    :params => params.dup
  }

  logical_authz_record = {:authz_path => request.path.dup}
  LogicalAuthz.is_authorized?(criteria, logical_authz_record)
  laz_debug{"Logical Authz result: #{logical_authz_record.inspect}"}
  flash[:logical_authz_record] = strip_record(logical_authz_record)
  if logical_authz_record[:result]
    return true
  else
    request.session[:logical_authz] ||= {}
    request.session[:logical_authz][:unauthzd_path] = request.path
    flash[:logical_authz_last_denial] = flash[:logical_authz_record]

    redirect_to_lobby("Your account is not authorized to perform this action.")
    return false
  end
end

#redirect_to_lobby(message = nil) ⇒ Object 



10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
 
# File 'lib/logical_authz/application.rb', line 10

def redirect_to_lobby(message = nil)
  back = request.headers["Referer"]
  laz_debug{"Sending user back to: #{back} Authz'd?"}
  back_criteria = criteria_from_url(back)
  if back_criteria.nil? 
    laz_debug{"Back is nil - going to the default_unauthorized_url"}
    redirect_to default_unauthorized_url
  elsif LogicalAuthz::is_authorized?(back_criteria)
    laz_debug{"Back authorized - going to #{back}"}
    redirect_to back
  else
    laz_debug{"Back is unauthorized - going to the default_unauthorized_url"}
    redirect_to default_unauthorized_url
  end
end

#strip_record(record) ⇒ Object 



26
27
28
29
30
31
32
33
34
 
# File 'lib/logical_authz/application.rb', line 26

def strip_record(record)
  laz_debug{"Logical Authz: stripping: #{record.inspect}"}
  {
    :rule => record[:determining_rule].try(:name),
    :logged_in => !(record[:criteria] || {})[:user].nil?,
    :reason => record[:reason],
    :result => record[:result]
  }
end