Module: Ruil::Authorizer

Includes:: Controller

Defined in:: lib/ruil/authorizer.rb

Overview

Authorizer allow us to define an ACL.

Access rules

Each access rule is composed by a pattern and a condition to check.

The next example shows a rule authorizing all requests mathing the path pattern ‘/foo/:bar’.

Ruil::Authorizer << '/foo/:bar'

The next example shows a rule authorizing only requests associated to logged users.

Ruil::Authorizer << '/foo/:bar', lambda { |r| not r.session[:user].nil? }

Reject action

By default rejected requests are redirected to ‘/login’. You can change that behavior:

Ruil::Authorizer.rejector lambda { |r| ok :text, 'Forbidden resource!' }

Constant Summary collapse

@@rules = Access rules.

{}

@@rejector = The action to respond when access is denegated.

lambda { |request| redirect(request, '/login') }

Class Method Summary collapse

.<<(patterns, condition = nil) ⇒ Object

Creates a new access rule.
.call(request, responder) ⇒ Object

Authorize access for an user.
.rejector(responder) ⇒ Object

Set the action to perform when access is denied.

Methods included from Controller

#ok, #redirect, #resource

Class Method Details

.<<(patterns, condition = nil) ⇒ `Object`

Creates a new access rule.

# File 'lib/ruil/authorizer.rb', line 36

def self.<<(patterns, condition = nil)
  # Set the condition.
  condition = condition || lambda { |request| true }
  # Add this rule to the list
  case patterns
  when Array
    patterns.each { |p| @@rules[p] = condition }
  when String
    @@rules[patterns] = condition
  end
end

.call(request, responder) ⇒ `Object`

Authorize access for an user.

# File 'lib/ruil/authorizer.rb', line 49

def self.call(request, responder)
  unless ( rule = @@rules[request[:path_info_pattern]] ).nil? or rule.call(request)
    # Deny access.
    @rejector.call request
  else
    # Allow access
    responder.call request
  end
end

.rejector(responder) ⇒ `Object`

Set the action to perform when access is denied.



60
61
62

# File 'lib/ruil/authorizer.rb', line 60

def self.rejector(responder)
  @@rejector = responder
end