Module: LogicalAuthz::Application
- Includes:
- Helper
- Defined in:
- lib/logical_authz/application.rb
Defined Under Namespace
Modules: ClassMethods
Classes: CheckAuthorization
Class Method Summary
collapse
Instance Method Summary
collapse
Methods included from Helper
#authorized?, #authorized_menu, #authorized_url?, #button_to_if_authorized, #button_to_remote_if_authorized, #controller_pairs, #criteria_from_url, #groups, #laz_debug, #link_to_if_authorized, #link_to_remote_if_authorized, #nonmembered_groups
Class Method Details
.included(klass) ⇒ Object
5
6
7
|
# File 'lib/logical_authz/application.rb', line 5
def self.included(klass)
klass.extend(ClassMethods)
end
|
Instance Method Details
#check_authorized ⇒ Object
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
# File 'lib/logical_authz/application.rb', line 36
def check_authorized
current_user = AuthnFacade.current_user(self)
criteria = {
:user => current_user,
:controller => self.class,
:action => action_name,
:id => params[:id],
:params => params.dup
}
logical_authz_record = {:authz_path => request.path.dup}
LogicalAuthz.is_authorized?(criteria, logical_authz_record)
laz_debug{"Logical Authz result: #{logical_authz_record.inspect}"}
flash[:logical_authz_record] = strip_record(logical_authz_record)
if logical_authz_record[:result]
return true
else
request.session[:logical_authz] ||= {}
request.session[:logical_authz][:unauthzd_path] = request.path
flash[:logical_authz_last_denial] = flash[:logical_authz_record]
redirect_to_lobby("Your account is not authorized to perform this action.")
return false
end
end
|
#redirect_to_lobby(message = nil) ⇒ Object
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
# File 'lib/logical_authz/application.rb', line 10
def redirect_to_lobby(message = nil)
back = request.["Referer"]
laz_debug{"Sending user back to: #{back} Authz'd?"}
back_criteria = criteria_from_url(back)
if back_criteria.nil?
laz_debug{"Back is nil - going to the default_unauthorized_url"}
redirect_to default_unauthorized_url
elsif LogicalAuthz::is_authorized?(back_criteria)
laz_debug{"Back authorized - going to #{back}"}
redirect_to back
else
laz_debug{"Back is unauthorized - going to the default_unauthorized_url"}
redirect_to default_unauthorized_url
end
end
|
#strip_record(record) ⇒ Object
26
27
28
29
30
31
32
33
34
|
# File 'lib/logical_authz/application.rb', line 26
def strip_record(record)
laz_debug{"Logical Authz: stripping: #{record.inspect}"}
{
:rule => record[:determining_rule].try(:name),
:logged_in => !(record[:criteria] || {})[:user].nil?,
:reason => record[:reason],
:result => record[:result]
}
end
|