Class: Incline::ActionSecurity

Inherits:

ActiveRecord::Base

• Object
• ActiveRecord::Base
• Incline::ActionSecurity

Defined in:

app/models/incline/action_security.rb

Constant Summary

SHORT_PERMITTED_FILTERS =

{
    '- Editable -' => 'users|custom',
    'Admins' => 'admins',
    'Anon' => 'anon',
    'Custom' => 'custom',
    'Everyone' => 'everyone',
    'Users' => 'users'
}.freeze

Class Method Summary

• .valid_items(refresh = false, update_flags = true) ⇒ Object

  Generates a list of security items related to all of the current routes in the application.

Instance Method Summary

• #allow_custom? ⇒ Boolean

  Determines if the action allows custom security settings.

• #group_ids ⇒ Object

  Gets the group IDs accepted by this action.

• #group_ids=(values) ⇒ Object

  Sets the group IDs accepted by this action.

• #permitted(refresh = false) ⇒ Object

  Gets a string describing who is permitted to execute the action.

• #short_permitted ⇒ Object

  Gets a short string describing who is permitted to execute the action.

• #to_s ⇒ Object

  Description of action.

• #update_flags ⇒ Object

  Updates the flags based on the controller configuration.

Class Method Details

.valid_items(refresh = false, update_flags = true) ⇒ Object

Generates a list of security items related to all of the current routes in the application.

If “refresh” is true, the list will be rebuilt. If “update_flags” is true, the individual controllers will be loaded to regenerate the flags for the security.

The returned list can be indexed two ways. The normal way with a numeric index and also by specifying the controller_name and action_name.

Incline::ActionSecurity.valid_items[0]
Incline::ActionSecurity.valid_items['incline/welcome','home']

# File 'app/models/incline/action_security.rb', line 74

def self.valid_items(refresh = false, update_flags = true)
  @valid_items = nil if refresh
  @valid_items ||=
      begin
        # remove all paths and set all items to hidden.
        Incline::ActionSecurity.update_all(visible: false, path: '#')

        Incline
            .route_list
            .reject{|r| %w(api locate).include?(r[:action]) }
            .each do |r|

          item = ActionSecurity.find_or_initialize_by(controller_name: r[:controller], action_name: r[:action])

          # ensure the current path is set to the item.
          item_path = "#{r[:path]} [#{r[:verb]}]"
          if item.path == '#' || item.path.blank?
            item.path = item_path
            # only update the flags once if the path has not yet been set.
            item.update_flags if update_flags
          elsif !item.path.include?(item_path)
            item.path += "\n" + item_path
          end

          # re-sort the path list and make the item visible.
          item.path = item.path.split("\n").sort.join("\n")
          item.visible = true

          item.save!
        end

        ret = Incline::ActionSecurity.where(visible: true).to_a.sort do |a,b|
          if a.controller_name == b.controller_name
            a.action_name <=> b.action_name
          else
            a.controller_name <=> b.controller_name
          end
        end

        def ret.[](*args)
          if args.length == 2
            controller = args[0].to_s
            action = args[1].to_s
            find{|item| item.controller_name == controller && item.action_name == action}
          else
            super(*args)
          end
        end

        ret.freeze
      end
end

Instance Method Details

#allow_custom? ⇒ Boolean

Determines if the action allows custom security settings.

Returns:

• (Boolean)

# File 'app/models/incline/action_security.rb', line 58

def allow_custom?
  !(require_admin? || require_anon? || allow_anon?)
end

#group_ids ⇒ Object

Gets the group IDs accepted by this action.

# File 'app/models/incline/action_security.rb', line 187

def group_ids
  groups.pluck(:id)
end

#group_ids=(values) ⇒ Object

Sets the group IDs accepted by this action.

# File 'app/models/incline/action_security.rb', line 193

def group_ids=(values)
  values ||= []
  values = [ values ] unless values.is_a?(::Array)
  values = values.reject{|v| v.blank?}.map{|v| v.to_i}
  self.groups = Incline::AccessGroup.where(id: values).to_a
end

#permitted(refresh = false) ⇒ Object

Gets a string describing who is permitted to execute the action.

# File 'app/models/incline/action_security.rb', line 129

def permitted(refresh = false)
  @permitted = nil if refresh
  @permitted ||=
      if require_admin?
        'Administrators Only'
      elsif require_anon?
        'Anonymous Only'
      elsif allow_anon?
        'Everyone'
      elsif groups.any?
        names = groups.pluck(:name).map{|v| "\"#{v}\""}
        'Members of ' +
            if names.count == 1
              names.first
            elsif names.count == 2
              names.join(' or ')
            else
              names[0...-1].join(', ') + ', or ' + names.last
            end
      else
        'All Users'
      end +
          if non_standard
            ' (Non-Standard)'
          else
            ''
          end
end

#short_permitted ⇒ Object

Gets a short string describing who is permitted to execute the action.

# File 'app/models/incline/action_security.rb', line 160

def short_permitted
  if require_admin?
    'Admins'
  elsif require_anon?
    'Anon'
  elsif allow_anon?
    'Everyone'
  elsif groups.any?
    'Custom'
  else
    'Users'
  end +
      if non_standard
        '*'
      else
        ''
      end
end

#to_s ⇒ Object

Description of action.

# File 'app/models/incline/action_security.rb', line 181

def to_s
  @to_s ||= "#{controller_name}:#{action_name} [#{permitted}]"
end

#update_flags ⇒ Object

Updates the flags based on the controller configuration.

# File 'app/models/incline/action_security.rb', line 30

def update_flags
  self.allow_anon = self.require_anon = self.require_admin = self.unknown_controller = self.non_standard = false

  self.unknown_controller = true
  klass = ::Incline.get_controller_class(controller_name)

  if klass
    self.unknown_controller = false
    if klass.require_admin_for?(action_name)
      self.require_admin = true
    elsif klass.require_anon_for?(action_name)
      self.require_anon = true
    elsif klass.allow_anon_for?(action_name)
      self.allow_anon = true
    end

    # if the authentication methods are overridden, set a flag to alert the user that standard security may not be honored.
    unless klass.instance_method(:valid_user?).owner == Incline::Extensions::ActionControllerBase &&
        klass.instance_method(:authorize!).owner == Incline::Extensions::ActionControllerBase
      self.non_standard = true
    end

  end

end