Module: ActiveSecurity::Finders

Defined in:

lib/active_security/finders.rb

Overview

## Performing Finds with ActiveSecurity

ActiveSecurity offers enhanced finders which will search for your record while ensuring that a particular scope is present. This makes it easy to add ActiveSecurity to an existing application with minimal code modification.

By default, these enhanced finders are available only on the restricted scope:

Restaurant.restricted.find(23)          #=> Will blow up, because no scope!
Restaurant.find(23)                     #=> works

ActiveSecurity overrides the default finder methods to perform secure finds all the time. This requires modifying parts of Rails that do not have a public API, which is hard to maintain and may cause compatibility issues.

class Restaurant < ActiveRecord::Base
  extend ActiveSecurity

  scope :active, -> {where(active: true)}

  active_security use: :finders
end

Restaurant.restricted.find(23)          #=> blows up, because no scope!
Restaurant.find(23)                     #=> also blows up, because no scope!
Restaurant.active.find(23)              #=> works, because scoped!
Restaurant.active.restricted.find(23)   #=> also works, because scoped!

### Updating your application to use ActiveSecurity’s finders

Unless you’ve chosen to use the :finders addon, be sure to modify the finders in your controllers to use the restricted scope. For example:

# before
def set_restaurant
  @restaurant = Restaurant.find(params[:id])
end

# after
def set_restaurant
  @restaurant = Restaurant.restricted.find(params[:id])
end

#### Active Admin

Unless you use the :finders addon, you should modify your admin controllers for models that use ActiveSecurity with something similar to the following:

controller do
  def find_resource
    scoped_collection.restricted.find(params[:id])
  end
end

Defined Under Namespace

Modules: Configuration

Class Method Summary

• .after_config(model_class) ⇒ Object

  Sets up behavior and that depends on configuration.

• .included(model_class) ⇒ Object

  Sets up behavior and configuration options for finders feature.

• .setup(model_class) ⇒ Object

  ActiveSecurity::Config.use will invoke this method when present, to allow loading dependent modules prior to overriding them when necessary.

Class Method Details

.after_config(model_class) ⇒ Object

Sets up behavior and that depends on configuration

Raises:

• (InvalidConfig)

# File 'lib/active_security/finders.rb', line 83

def after_config(model_class)
  raise InvalidConfig, ":finders plugin must be used with default_finders set to one of :privileged, or :restricted" unless i[restricted privileged].include?(model_class.active_security_config.default_finders)

  model_class.active_security_config.use(model_class.active_security_config.default_finders)
  model_class.class_eval do
    if active_security_config.default_finders == :privileged
      relation.class.send(:include, active_security_config.privileged_hooks)
      send(:extend, active_security_config.privileged_hooks)
    else
      relation.class.send(:include, active_security_config.restricted_hooks)
      send(:extend, active_security_config.restricted_hooks)
    end
  end
  association_relation_delegate_class = model_class.relation_delegate_class(::ActiveRecord::AssociationRelation)
  if model_class.active_security_config.default_finders == :privileged
    association_relation_delegate_class.send(:include, model_class.active_security_config.privileged_hooks)
  else
    model_class.active_security_config.default_finders
    association_relation_delegate_class.send(:include, model_class.active_security_config.restricted_hooks)
  end
end

.included(model_class) ⇒ Object

Sets up behavior and configuration options for finders feature.

# File 'lib/active_security/finders.rb', line 75

def included(model_class)
  model_class.active_security_config.instance_eval do
    self.class.send(:include, Configuration)
    defaults[:default_finders] ||= :restricted
  end
end

.setup(model_class) ⇒ Object

ActiveSecurity::Config.use will invoke this method when present, to allow loading dependent modules prior to overriding them when necessary.

# File 'lib/active_security/finders.rb', line 64

def setup(model_class)
  model_class.class_eval do
    relation.class.send(:include, active_security_config.finder_methods)
    extend(active_security_config.finder_methods)
  end

  association_relation_delegate_class = model_class.relation_delegate_class(::ActiveRecord::AssociationRelation)
  association_relation_delegate_class.send(:include, model_class.active_security_config.finder_methods)
end