Module: ActiveSecurity::Finders

Defined in:

lib/active_security/finders.rb

Overview

## Performing Finds with ActiveSecurity

ActiveSecurity offers enhanced finders which will search for your record while ensuring that a particular scope is present. This makes it easy to add ActiveSecurity to an existing application with minimal code modification.

By default, these enhanced finders are available only on the ‘restricted` scope:

Restaurant.restricted.find(23)          #=> Will blow up, because no scope!
Restaurant.find(23)                     #=> works

ActiveSecurity overrides the default finder methods to perform secure finds all the time. This requires modifying parts of Rails that do not have a public API, which is hard to maintain and may cause compatibility issues.

class Restaurant < ActiveRecord::Base
  extend ActiveSecurity

  scope :active, -> {where(active: true)}

  active_security use: :finders
end

Restaurant.restricted.find(23)          #=> blows up, because no scope!
Restaurant.find(23)                     #=> also blows up, because no scope!
Restaurant.active.find(23)              #=> works, because scoped!
Restaurant.active.restricted.find(23)   #=> also works, because scoped!

### Updating your application to use ActiveSecurity’s finders

Unless you’ve chosen to use the ‘:finders` addon, be sure to modify the finders in your controllers to use the `restricted` scope. For example:

# before
def set_restaurant
  @restaurant = Restaurant.find(params[:id])
end

# after
def set_restaurant
  @restaurant = Restaurant.restricted.find(params[:id])
end

#### Active Admin

Unless you use the ‘:finders` addon, you should modify your admin controllers for models that use ActiveSecurity with something similar to the following:

controller do
  def find_resource
    scoped_collection.restricted.find(params[:id])
  end
end

Defined Under Namespace

Modules: Configuration

Class Method Summary

• .after_config(model_class) ⇒ Object

  Sets up behavior and that depends on configuration.

• .included(model_class) ⇒ Object

  Sets up behavior and configuration options for finders feature.

• .setup(model_class) ⇒ Object

  ActiveSecurity::Config.use will invoke this method when present, to allow loading dependent modules prior to overriding them when necessary.

Class Method Details

.after_config(model_class) ⇒ Object

Sets up behavior and that depends on configuration

Raises:

• (InvalidConfig)

# File 'lib/active_security/finders.rb', line 83

def after_config(model_class)
  raise InvalidConfig, ":finders plugin must be used with default_finders set to one of :privileged, or :restricted" unless i[restricted privileged].include?(model_class.active_security_config.default_finders)

  model_class.active_security_config.use(model_class.active_security_config.default_finders)
  model_class.class_eval do
    if active_security_config.default_finders == :privileged
      relation.class.send(:include, active_security_config.privileged_hooks)
      send(:extend, active_security_config.privileged_hooks)
    else
      relation.class.send(:include, active_security_config.restricted_hooks)
      send(:extend, active_security_config.restricted_hooks)
    end
  end
  association_relation_delegate_class = model_class.relation_delegate_class(::ActiveRecord::AssociationRelation)
  if model_class.active_security_config.default_finders == :privileged
    association_relation_delegate_class.send(:include, model_class.active_security_config.privileged_hooks)
  else
    model_class.active_security_config.default_finders
    association_relation_delegate_class.send(:include, model_class.active_security_config.restricted_hooks)
  end
end

.included(model_class) ⇒ Object

Sets up behavior and configuration options for finders feature.

# File 'lib/active_security/finders.rb', line 75

def included(model_class)
  model_class.active_security_config.instance_eval do
    self.class.send(:include, Configuration)
    defaults[:default_finders] ||= :restricted
  end
end

.setup(model_class) ⇒ Object

ActiveSecurity::Config.use will invoke this method when present, to allow loading dependent modules prior to overriding them when necessary.

# File 'lib/active_security/finders.rb', line 64

def setup(model_class)
  model_class.class_eval do
    relation.class.send(:include, active_security_config.finder_methods)
    extend(active_security_config.finder_methods)
  end

  association_relation_delegate_class = model_class.relation_delegate_class(::ActiveRecord::AssociationRelation)
  association_relation_delegate_class.send(:include, model_class.active_security_config.finder_methods)
end