Module: RoleRequirementSystem::RoleSecurityClassMethods

Defined in:
lib/role_requirement_system.rb

Instance Method Summary collapse

Instance Method Details

#require_role(roles, options = {}) ⇒ Object

Add this to the top of your controller to require a role in order to access it. Example Usage:

require_role "contractor"
require_role "admin", :only => :destroy # don't allow contractors to destroy
require_role "admin", :only => :update, :unless => "current_user.authorized_for_listing?(params[:id]) "

Valid options

* :only - Only require the role for the given actions
* :except - Require the role for everything but 
* :if - a Proc or a string to evaluate.  If it evaluates to true, the role is required.
* :unless - The inverse of :if



36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
 
# File 'lib/role_requirement_system.rb', line 36

def require_role(roles, options = {})
  options.assert_valid_keys(:if, :unless,
    :for, :only, 
    :for_all_except, :except
  )
  
  # only declare that before filter once
  unless (@before_filter_declared||=false)
    @before_filter_declared=true
    before_filter :check_roles
  end
  
  # convert to an array if it isn't already
  roles = [roles] unless Array===roles
  
  options[:only] ||= options[:for] if options[:for]
  options[:except] ||= options[:for_all_except] if options[:for_all_except]      
        
  # convert any actions into symbols
  for key in [:only, :except]
    if options.has_key?(key)          
      options[key] = [options[key]] unless Array === options[key]
      options[key] = options[key].compact.collect{|v| v.to_sym}
    end 
  end
  
  self.role_requirements||=[]
  self.role_requirements << {:roles => roles, :options => options }      
end

#reset_role_requirements!Object 



18
19
20
 
# File 'lib/role_requirement_system.rb', line 18

def reset_role_requirements!
  self.role_requirements.clear
end

#user_authorized_for?(user, params = {}, binding = self.binding) ⇒ Boolean

This is the core of RoleRequirement. Here is where it discerns if a user can access a controller or not./

Returns:

  • (Boolean) 


67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
 
# File 'lib/role_requirement_system.rb', line 67

def user_authorized_for?(user, params = {}, binding = self.binding)
  return true unless Array===self.role_requirements
  self.role_requirements.each{| role_requirement|
    
    roles = role_requirement[:roles]
    options = role_requirement[:options]
    # do the options match the params?
    
    # check the action
    if options.has_key?(:only)
      next unless options[:only].include?( (params[:action]||"index").to_sym )
    end
            
    if options.has_key?(:except)
      next if options[:except].include?( (params[:action]||"index").to_sym)
    end
    
    if options.has_key?(:if)
      # execute the proc.  if the procedure returns false, we don't need to authenticate these roles
      next unless ( String===options[:if] ? eval(options[:if], binding) : options[:if].call(params) )
    end
    
    if options.has_key?(:unless)
      # execute the proc.  if the procedure returns true, we don't need to authenticate these roles
      next if ( String===options[:unless] ? eval(options[:unless], binding) : options[:unless].call(params) )
    end
    
    # check to see if they have one of the required roles
    passed = false
    roles.each { |role|          
      passed = true if user.has_role?(role)
    } unless (user.nil? || user==false)
    
    return false unless passed
  }
  
  return true
end