Class: Access

Inherits:
Object
  • Object
show all
Defined in:
lib/access.rb,
lib/access/role.rb,
lib/access/user.rb,
lib/access/admin.rb,
lib/access/savable.rb,
lib/access/version.rb,
lib/access/rolelist.rb,
lib/access/yamlbase.rb,
lib/access/privilege.rb,
lib/access/role/base.rb

Defined Under Namespace

Modules: Admin, Savable, VERSION Classes: Privilege, Role, RoleList, User, YAMLBase

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(user, role, privilege) ⇒ Access

Description

Provides methods to create a user or authenticate an existing. Also is the bridge between Access::User and Access::Role. Access::User’s should be tied to Access::Framework.

Synopsis

access = Access.new(
  Access::YAMLBase.new(Access::User::Base,      "./access/user"),     # second arg is optional
  Access::YAMLBase.new(Access::Role::Base,      "./access/role"),     # second arg is optional
  Access::YAMLBase.new(Access::Privilege::Base, "./access/privilege") # second arg is optional
)
%w(news news/create news/edit news/delete).each { |privilege|
  access.privilege.create(privilege, "...description...")
}
{ 'newseditor' => %w(news), 'proofreader' => %w(news/edit) }.each { |role, privileges|
  access.role.create(role, "...description...", privileges)
}
testuser = access.user.create("test", "pass")
testuser.activate # inactive users may neither login nor are authorized for anything
testuser.roles.add('proofreader')
testuser.privileges.add('news/delete')
testuser.privileged?('news/edit')   # => true
testuser.privileged?('news/create') # => false
testuser.authorized?('news/edit')   # => false # not logged in
testuser.authorized?('news/create') # => false
user = access.login?('test', 'pass')
user.privileged?('news/edit')   # => true
user.privileged?('news/create') # => false
user.authorized?('news/edit')   # => true  # only users created via Access#login are authorized
user.authorized?('news/create') # => false



58
59
60
61
62
63
64
65
 
# File 'lib/access.rb', line 58

def initialize(user, role, privilege)
	@user      = user
	@role      = role
	@privilege = privilege
	[@user, @role, @privilege].each { |base|
		base.access = self
	}
end

Instance Attribute Details

#default_userObject

Returns the value of attribute default_user.



24
25
26
 
# File 'lib/access.rb', line 24

def default_user
  @default_user
end

#privilegeObject (readonly)

Returns the value of attribute privilege.



23
24
25
 
# File 'lib/access.rb', line 23

def privilege
  @privilege
end

#roleObject (readonly)

Returns the value of attribute role.



22
23
24
 
# File 'lib/access.rb', line 22

def role
  @role
end

#userObject (readonly)

Returns the value of attribute user.



21
22
23
 
# File 'lib/access.rb', line 21

def user
  @user
end

Instance Method Details

#[](user_id) ⇒ Object

Access users by their id.



68
69
70
 
# File 'lib/access.rb', line 68

def [](user_id)
	@user[user_id]
end

#correct_credentials?(stored, credentials, user_id) ⇒ Boolean

Validate non-encrypted credentials against stored encrypted credentials

Returns:

  • (Boolean) 


81
82
83
 
# File 'lib/access.rb', line 81

def correct_credentials?(stored, credentials, user_id)
	return hash_credentials(credentials, user_id) == stored
end

#hash_credentials(credentials, user_id) ⇒ Object

One-way encrypt the credentials. Currently MD5 is used



86
87
88
 
# File 'lib/access.rb', line 86

def hash_credentials(credentials, user_id)
	Digest::MD5.hexdigest(credentials+user_id.downcase).upcase
end

#login(user_id, credentials) ⇒ Object

returns an Access::User if credentials have been correct.



73
74
75
76
77
78
 
# File 'lib/access.rb', line 73

def (user_id, credentials)
	return nil unless user = @user[user_id]
	return nil unless correct_credentials?(user.credentials, credentials, user_id)
	user.
	user
end