Module: AnnotationSecurity::ActionController::ClassMethods
- Defined in:
- lib/annotation_security/rails/2/includes/action_controller.rb,
lib/annotation_security/rails/3/includes/action_controller.rb
Overview
Provides security extensions for rails controllers on the class side.
Instance Method Summary collapse
-
#apply_action_security(*symbols) ⇒ Object
Filters are not affected by the security settings of the action.
-
#apply_security(*symbols) ⇒ Object
Filters are not affected by the security settings of the action.
-
#default_resource(value = nil) ⇒ Object
If no resource type is provided in a description, the default resource will be used.
-
#method_added(method) ⇒ Object
AnnotationSecurity is using the
method_added
callback. -
#security_filter(symbol, &block) ⇒ Object
Creates a new security filter.
Instance Method Details
#apply_action_security(*symbols) ⇒ Object
Filters are not affected by the security settings of the action. If you want the security settings of the action applied to your filter, use this method. It can be combined with #apply_security
45 46 47 |
# File 'lib/annotation_security/rails/2/includes/action_controller.rb', line 45 def apply_action_security(*symbols) symbols.each { |s| pending_action_security_wrappers << s.to_sym } end |
#apply_security(*symbols) ⇒ Object
Filters are not affected by the security settings of the action. If you want security checkings in your filters, activate them with apply_security
.
apply_security :get_user
private
desc "shows a user"
def get_user
@user = User.find params[:id]
end
You can use apply_security
to secure any methods, not only filters. Notice that these rules are not taken into account when evaluating AnnotationSecurity::Helper#link_to_if_allowed and similar methods.
38 39 40 |
# File 'lib/annotation_security/rails/2/includes/action_controller.rb', line 38 def apply_security(*symbols) symbols.each { |s| pending_security_wrappers << s.to_sym } end |
#default_resource(value = nil) ⇒ Object
If no resource type is provided in a description, the default resource will be used. Once set the value cannot be changed.
This is still experimental. You should not use it unless you have a reason. It might be usefull for inheritance.
68 69 70 |
# File 'lib/annotation_security/rails/2/includes/action_controller.rb', line 68 def default_resource(value=nil) @default_resource ||= value || compute_default_resource end |
#method_added(method) ⇒ Object
AnnotationSecurity is using the method_added
callback. If this method is overwritten without calling super
, apply_security
will not work.
52 53 54 55 56 57 58 59 60 |
# File 'lib/annotation_security/rails/2/includes/action_controller.rb', line 52 def method_added(method) super(method) if pending_security_wrappers.delete method build_security_wrapper(method) end if pending_action_security_wrappers.delete method build_action_security_wrapper(method) end end |
#security_filter(symbol, &block) ⇒ Object
Creates a new security filter.
Security filters are around filters that are evaluated before the first before filter. Use security filters to set the credentials and to react to security violations.
class ApplicationController < ActionController::Base
security_filter :security_filter
private
def security_filter
SecurityContext.current_credential = session[:user]
yield
rescue SecurityViolationError
if SecurityContext.is? :logged_in
render :template => "welcome/not_allowed"
else
render :template => "welcome/please_login"
end
end
See SecurityContext#current_credential= and SecurityViolationError.
96 97 98 |
# File 'lib/annotation_security/rails/2/includes/action_controller.rb', line 96 def security_filter(symbol, &block) filter_chain.append_filter_to_chain([symbol], :security, &block) end |