Class: AnnotationSecurity::Utils
- Defined in:
- lib/annotation_security/utils.rb
Overview
lib/annotation_security/utils.rb
Provides some methods that are needed at several locations in the plug-in.
Constant Summary collapse
- PREFIXES =
:nodoc:
/\A(may|is|can|has)_/
- SUFFIXES =
/(_(for|in|of|to)|\?)\Z/
Class Method Summary collapse
-
.method_body(method) ⇒ Object
Removes pre- and suffixes from
method
, returnsnil
if no change was made. -
.parse_action_args(args) ⇒ Object
Returns controller, action, objects and parameters.
-
.parse_controller(controller) ⇒ Object
Try to find the controller class from a name.
-
.parse_description(description, allow_binding = false) ⇒ Object
Parses a description string *
description
description of a controller action *allow_binding
if false, an exception is raised if the description contains a variable Returns right, resource and binding. -
.parse_policy_arguments(args) ⇒ Object
Parses arguments provided to #apply_policy or #allowed? and returns [ [:action, :resource_type, resource || nil], … ].
-
.parse_resource_arguments(args) ⇒ Object
returns resource type and resource object without action expects [resource object], [resource type], or both.
-
.prepare_objects_resources(controller, objects) ⇒ Object
if there are non-resources in objects, use the values to get resources from the controllers default resource type.
-
.prepare_params_resources(controller, params) ⇒ Object
if there are non-resources in objects, use the values to get resources assuming the keys are the resource types (:id is defalut resource).
Class Method Details
.method_body(method) ⇒ Object
Removes pre- and suffixes from method
, returns nil
if no change was made.
15 16 17 18 |
# File 'lib/annotation_security/utils.rb', line 15 def self.method_body(method) body = method.to_s.gsub(PREFIXES,'').gsub(SUFFIXES,'') method.to_s == body ? nil : body end |
.parse_action_args(args) ⇒ Object
Returns controller, action, objects and parameters
82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 |
# File 'lib/annotation_security/utils.rb', line 82 def self.parse_action_args(args) controller = parse_controller(args.first) action = args.second.to_sym objects = args.third || [] objects = [objects] unless objects.is_a? Array prepare_objects_resources(controller, objects) params = args.fourth || {} prepare_params_resources(controller, params) objects += params.values objects = objects.select { |o| o and o.__is_resource? } return [controller, action, objects, params] end |
.parse_controller(controller) ⇒ Object
Try to find the controller class from a name. Looks for [name](s)Controller.
parse_controller :welcome #=> WelcomeController
parse_controller :user # => UsersController
105 106 107 108 109 110 111 112 113 |
# File 'lib/annotation_security/utils.rb', line 105 def self.parse_controller(controller) # :nodoc: begin "#{controller.to_s.camelize}Controller".constantize rescue NameError "#{controller.to_s.pluralize.camelize}Controller".constantize end rescue NameError raise NameError, "Controller '#{controller}' was not found" end |
.parse_description(description, allow_binding = false) ⇒ Object
Parses a description string
-
description
description of a controller action -
allow_binding
if false, an exception is raised if the descriptioncontains a variable
Returns right, resource and binding
26 27 28 |
# File 'lib/annotation_security/utils.rb', line 26 def self.parse_description(description,allow_binding=false) ActionAnnotation::Utils.parse_description(description,allow_binding) end |
.parse_policy_arguments(args) ⇒ Object
Parses arguments provided to #apply_policy or #allowed? and returns
- [:action, :resource_type, resource || nil], …
-
See SecurityContext#allowed? for details.
Each element of the result can be send to a policy using
policy_of_res_type.allowed?(rule, resource)
or
policy_of_res_type.static_policy.allowed?(rule, nil)
Raises ArgumentError if args could not be parsed.
42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 |
# File 'lib/annotation_security/utils.rb', line 42 def self.parse_policy_arguments(args) if args.first.is_a? String hash = AnnotationSecurity::Utils.parse_description(args.first) elsif args.first.is_a? Hash hash = args.first end if hash action = hash.delete(:action) || hash.delete('action') resource = hash.delete(:resource) || hash.delete('resource') || args.delete_at(1) unless resource.__is_resource? resource_type = resource resource = nil end resource_type ||= hash.delete(:resource_type) resource_type ||= resource ? resource.resource_type : nil a = [action, resource_type] a << resource if resource args = a + args[1..-1] end args << :all_resources unless args.size > 1 action, resource = args if resource.__is_resource? args = [action, resource.resource_type] + args[1..-1] end # if args.size > 2 && args.third == nil # raise ArgumentError, "Did not expect nil as resource" # end args end |
.parse_resource_arguments(args) ⇒ Object
returns resource type and resource object without action expects [resource object], [resource type], or both
77 78 79 |
# File 'lib/annotation_security/utils.rb', line 77 def self.parse_resource_arguments(args) parse_policy_arguments([:r]+args)[1..2] end |
.prepare_objects_resources(controller, objects) ⇒ Object
if there are non-resources in objects, use the values to get resources from the controllers default resource type
118 119 120 121 122 123 124 125 126 127 |
# File 'lib/annotation_security/utils.rb', line 118 def self.prepare_objects_resources(controller, objects) res_type = controller.default_resource objects.collect! do |o| if o.__is_resource? o else AnnotationSecurity::ResourceManager.get_resource(res_type, o) end end end |
.prepare_params_resources(controller, params) ⇒ Object
if there are non-resources in objects, use the values to get resources assuming the keys are the resource types (:id is defalut resource)
132 133 134 135 136 137 138 139 140 |
# File 'lib/annotation_security/utils.rb', line 132 def self.prepare_params_resources(controller, params) params.each do |k, v| unless v.__is_resource? res_type = k == :id ? controller.default_resource : k v = AnnotationSecurity::ResourceManager.get_resource(res_type, v) params[k] = v end end end |