Module: Opro::Controllers::Concerns::Permissions

Extended by:

ActiveSupport::Concern

Included in:

ApplicationControllerHelper

Defined in:

lib/opro/controllers/concerns/permissions.rb

Defined Under Namespace

Modules: ClassMethods

Instance Method Summary

• #add_oauth_required_permission(permission) ⇒ Object
• #global_oauth_required_permissions ⇒ Object

  By default :write permission is required if included in Opro.request_permissions returns Array.

• #oauth_client_can_write? ⇒ Boolean

  Returns boolean if client has been granted write permissions or request is a ‘GET’ returns true.

• #oauth_client_has_permission?(permission) ⇒ Boolean
• #oauth_client_has_permissions? ⇒ Boolean

  Checks to make sure client has given permission permission checks can be extended by creating methods oauth_client_can_:method? so to over-write a default check for :write permission, you would need to define oauth_client_can_write?.

• #oauth_required_permissions ⇒ Object

  returns Array of permissions required for controller action.

• #skip_oauth_required_permission(permission) ⇒ Object
• #skip_oauth_required_permissions ⇒ Object

Instance Method Details

#add_oauth_required_permission(permission) ⇒ Object

# File 'lib/opro/controllers/concerns/permissions.rb', line 24

def add_oauth_required_permission(permission)
  @oauth_required_permissions ||= global_oauth_required_permissions
  @oauth_required_permissions << permission
end

#global_oauth_required_permissions ⇒ Object

By default :write permission is required if included in Opro.request_permissions returns Array

# File 'lib/opro/controllers/concerns/permissions.rb', line 6

def global_oauth_required_permissions
   [:write] & Opro.request_permissions
end

#oauth_client_can_write? ⇒ Boolean

Returns boolean if client has been granted write permissions or request is a ‘GET’ returns true

Returns:

• (Boolean)

# File 'lib/opro/controllers/concerns/permissions.rb', line 56

def oauth_client_can_write?
  return false unless oauth_access_grant.present?
  return true if env['REQUEST_METHOD'] == 'GET'
  return true if oauth_access_grant.can?(:write)
  false
end

#oauth_client_has_permission?(permission) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/opro/controllers/concerns/permissions.rb', line 44

def oauth_client_has_permission?(permission)
  oauth_permission_method = "oauth_client_can_#{permission}?".to_sym
  if respond_to?(oauth_permission_method)
    has_permission = method(oauth_permission_method).call
  else
    has_permission = oauth_access_grant.can?(permission.to_sym)
  end
  has_permission
end

#oauth_client_has_permissions? ⇒ Boolean

Checks to make sure client has given permission permission checks can be extended by creating methods oauth_client_can_:method? so to over-write a default check for :write permission, you would need to define oauth_client_can_write?

Returns:

• (Boolean)

# File 'lib/opro/controllers/concerns/permissions.rb', line 33

def oauth_client_has_permissions?
  return false unless oauth_access_grant.present?
  permissions_valid_array = []
  oauth_required_permissions.each do |permission|
    permissions_valid_array << oauth_client_has_permission?(permission)
  end

  return true unless permissions_valid_array.include?(false)
  false
end

#oauth_required_permissions ⇒ Object

returns Array of permissions required for controller action

# File 'lib/opro/controllers/concerns/permissions.rb', line 11

def oauth_required_permissions
  (@oauth_required_permissions || global_oauth_required_permissions) - skip_oauth_required_permissions
end

#skip_oauth_required_permission(permission) ⇒ Object

# File 'lib/opro/controllers/concerns/permissions.rb', line 19

def skip_oauth_required_permission(permission)
  @skip_oauth_required_permissions << permission
  @skip_oauth_required_permissions
end

#skip_oauth_required_permissions ⇒ Object

# File 'lib/opro/controllers/concerns/permissions.rb', line 15

def skip_oauth_required_permissions
  @skip_oauth_required_permissions ||= []
end