Module: AuthorizeRbac

Defined in:

lib/authorize_rbac.rb,
lib/authorize_rbac/version.rb,
lib/authorize_rbac/configuration.rb,
lib/authorize_rbac/authorize_rbac_methods.rb,
lib/generators/authorize_rbac/authorize_rbac_generator.rb

Defined Under Namespace

Modules: AuthorizeRbacMethods Classes: AuthorizeRbacGenerator, Configuration

Constant Summary

VERSION =

"0.1.0"

Class Method Summary

• .configuration ⇒ Object
• .configure {|configuration| ... } ⇒ Object
• .included(base) ⇒ Object

Instance Method Summary

• #access_allowed? ⇒ Boolean
• #action_name ⇒ Object
• #action_roles ⇒ Object
• #auth_user ⇒ Object
• #authorization_filter ⇒ Object
• #permission_name(cotroller, action) ⇒ Object
• #user_permissions ⇒ Object
• #user_role ⇒ Object

Class Method Details

.configuration ⇒ Object

# File 'lib/authorize_rbac.rb', line 11

def self.configuration
  @configration ||= Configuration.new
end

.configure {|configuration| ... } ⇒ Object

Yields:

• (configuration)

# File 'lib/authorize_rbac.rb', line 15

def self.configure
  yield(configuration)
end

.included(base) ⇒ Object

# File 'lib/authorize_rbac.rb', line 7

def self.included(base)
  base.extend(AuthorizeRbacMethods)
end

Instance Method Details

#access_allowed? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/authorize_rbac.rb', line 44

def access_allowed?
  return true if action_roles.nil?

  allowed_from_source = action_roles.include? user_role.to_sym
  allowed_from_db     = user_permissions.include?(permission_name(self.class, action_name))

  allowed_from_source || allowed_from_db
end

#action_name ⇒ Object

# File 'lib/authorize_rbac.rb', line 40

def action_name
  request.parameters[:action].to_sym
end

#action_roles ⇒ Object

# File 'lib/authorize_rbac.rb', line 36

def action_roles
  self.class.rbac[action_name]
end

#auth_user ⇒ Object

# File 'lib/authorize_rbac.rb', line 57

def auth_user
  self.send(AuthorizeRbac.configuration.current_user_method)
end

#authorization_filter ⇒ Object

# File 'lib/authorize_rbac.rb', line 19

def authorization_filter
  if access_allowed?
    logger.debug "Authorized to access #{request.original_url}, User: #{auth_user.user_name} (role: #{user_role})"
    return true
  else
    logger.info "#{auth_user.user_name} (role: #{user_role}) attempted to access\
      #{self.class}##{action_name} without the proper permissions."
    flash[:notice] = "Not authorized to access #{request.original_url}!"
    redirect_to :controller => AuthorizeRbac.configuration.default_controller , :action => AuthorizeRbac.configuration.default_action
    return false
  end
end

#permission_name(cotroller, action) ⇒ Object

# File 'lib/authorize_rbac.rb', line 53

def permission_name(cotroller, action)
  "#{cotroller.to_s.chomp("Controller").downcase}_#{action}"
end

#user_permissions ⇒ Object

# File 'lib/authorize_rbac.rb', line 61

def user_permissions
  auth_user.role.permissions
end

#user_role ⇒ Object

# File 'lib/authorize_rbac.rb', line 32

def user_role
  auth_user.role.nil? ? "user" : auth_user.role.name.to_s
end