Module: ActiveSecurity::RestrictedHooks
- Extended by:
- ActiveSupport::Concern
- Defined in:
- lib/active_security/restricted_hooks.rb
Constant Summary collapse
- VALID_CONFIG_VALUES =
%i[log log_and_raise raise]
Instance Method Summary collapse
- #_active_security_not_scoped_handler ⇒ Object
- #_active_security_unhandled_predicate(predicate) ⇒ Object
Instance Method Details
#_active_security_not_scoped_handler ⇒ Object
7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
# File 'lib/active_security/restricted_hooks.rb', line 7 def _active_security_not_scoped_handler return active_security_config.on_restricted_no_scope.call(active_security_config) if active_security_config.on_restricted_no_scope.respond_to?(:call) unless VALID_CONFIG_VALUES.include?(active_security_config.on_restricted_no_scope) raise InvalidConfig, "on_restricted_no_scope must either be set to a callable lambda/proc or one of [:log, :log_and_raise, :raise]" end if /log/.match?(active_security_config.on_restricted_no_scope) active_security_config.logger.error("#{_active_security_name_for} does not have secure scope: #{respond_to?(:to_sql) ? to_sql : ""}") end if /raise/.match?(active_security_config.on_restricted_no_scope) raise RestrictedAccessError.new("prevented query without a secure scope #{_active_security_name_for}") end end |
#_active_security_unhandled_predicate(predicate) ⇒ Object
23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
# File 'lib/active_security/restricted_hooks.rb', line 23 def _active_security_unhandled_predicate(predicate) return active_security_config.on_restricted_unhandled_predicate.call(active_security_config) if active_security_config.on_restricted_unhandled_predicate.respond_to?(:call) unless VALID_CONFIG_VALUES.include?(active_security_config.on_restricted_unhandled_predicate) raise InvalidConfig, "on_restricted_unhandled_predicate must either be set to a callable lambda/proc or one of [:log, :log_and_raise, :raise]" end if /log/.match?(active_security_config.on_restricted_unhandled_predicate) active_security_config.logger.error("#{_active_security_name_for} predicate type #{predicate.class.name} is unhandled; See: https://www.rubydoc.info/github/rails/rails/Arel/Nodes") end if /raise/.match?(active_security_config.on_restricted_unhandled_predicate) raise UnhandledArelPredicateError.new( "#{_active_security_name_for} predicate type #{predicate.class.name} is unhandled; See: https://www.rubydoc.info/github/rails/rails/Arel/Nodes", ) end end |