Module: Ramaze::Helper::ACL

Included in:
Zen::Package::Menu
Defined in:
lib/zen/package/users/lib/users/helper/acl.rb

Overview

The ACL helper makes it easy for developers to allow or deny access to certain resources based on the permissions of a user. This helper is loaded by default and provides the following two methods:

  • user_authorized?()
  • authorize_user!()

Example

class Foo < Zen::Controller::AdminController
  map '/admin/foo'

  def index
    authorize_user!(:show_foo)
  end
end

Since:

Instance Method Summary (collapse)

Instance Method Details

- (Object) authorize_user!(*args)

Method that checks if the user has the given permissions. If this isn't the case an error message is displayed and the user won't be able to access the page.

Examples:

authorize_user!(:edit_user)

Parameters:

  • *args (Array)

    An array of permissions that are required.

Since:

  • 0.2.8



68
69
70
71
72
 
# File 'lib/zen/package/users/lib/users/helper/acl.rb', line 68

def authorize_user!(*args)
  if !user_authorized?(*args)
    respond(lang('zen_general.errors.not_authorized'), 403)
  end
end

- (Array) get_permissions (private)

Retrieves all the permissions of the currently logged in user and stores them in the session.

Returns:

  • (Array)

    An array where the first item is a TrueClass or FalseClass that indicates if the user is member of a super group or not. The second item is an array of all the user's permissions (each permission is a symbol).

Since:

  • 0.3



86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
 
# File 'lib/zen/package/users/lib/users/helper/acl.rb', line 86

def get_permissions
  if !session[:super_group].nil? or !session[:permissions].nil?
    return [session[:super_group], session[:permissions]]
  end

  super_group = false
  perms       = user.permissions.map { |p| p.permission.to_sym }
  group_ids   = []

  user.user_groups.each do |group|
    super_group = true if group.super_group == true
    group_ids << group.id
  end

  ::Users::Model::Permission \
    .filter(:user_group_id => group_ids) \
    .each { |p| perms << p.permission.to_sym }

  perms = perms.uniq

  session[:super_group] = super_group
  session[:permissions] = perms

  return [session[:super_group], session[:permissions]]
end

- (TrueClass|FalseClass) user_authorized?(*required)

Checks if a user has all the specified permissions and returns a TrueClass or FalseClass based on the results. Note that since Zen 0.3 all permissions set will be required, you're no longer able to specify a list of which only 1 permission is required.

This method is useful for hiding certain elements of a page based on a user's permissions. If you want to deny access to an entire method or class you should use Ramaze::Helper::ACL#authorize_user!() instead.

Examples:

if user_authorized?(:show_user)
  # ...
end

Parameters:

  • *required (Array)

    An array of permissions that are required.

Returns:

  • (TrueClass|FalseClass)

Since:

  • 0.1



43
44
45
46
47
48
49
50
51
52
53
54
55
 
# File 'lib/zen/package/users/lib/users/helper/acl.rb', line 43

def user_authorized?(*required)
  super_group, permissions = get_permissions

  required.each do |req|
    req = req.to_sym if req.respond_to?(:to_sym)

    if !permissions.include?(req) and super_group == false
      return false
    end
  end

  return true
end