Class: Rails::Auth::ACL

Inherits:
Object
  • Object
show all
Defined in:
lib/rails/auth/acl.rb,
lib/rails/auth/acl/resource.rb,
lib/rails/auth/acl/middleware.rb,
lib/rails/auth/acl/matchers/allow_all.rb

Overview

Route-based access control lists

Defined Under Namespace

Modules: Matchers Classes: Middleware, Resource

Constant Summary collapse

DEFAULT_MATCHERS =

Matchers available by default in ACLs

{
  allow_all: Matchers::AllowAll
}.freeze

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(acl, matchers: {}) ⇒ ACL

Returns a new instance of ACL.

Parameters:

  • :acl (Array<Hash>)

    Access Control List configuration

  • :matchers (Hash)

    authorizers use with this ACL

Raises:

  • (TypeError)


30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
# File 'lib/rails/auth/acl.rb', line 30

def initialize(acl, matchers: {})
  raise TypeError, "expected Array for acl, got #{acl.class}" unless acl.is_a?(Array)

  @resources = []

  acl.each do |entry|
    raise TypeError, "expected Hash for acl entry, got #{entry.class}" unless entry.is_a?(Hash)

    resources = entry["resources"]
    raise ParseError, "no 'resources' key present in entry: #{entry.inspect}" unless resources

    matcher_instances = parse_matchers(entry, matchers.merge(DEFAULT_MATCHERS))

    resources.each do |resource|
      @resources << Resource.new(resource, matcher_instances).freeze
    end
  end

  @resources.freeze
end

Instance Attribute Details

#resourcesObject (readonly)

Returns the value of attribute resources.



10
11
12
# File 'lib/rails/auth/acl.rb', line 10

def resources
  @resources
end

Class Method Details

.from_yaml(yaml, **args) ⇒ Object

Create a Rails::Auth::ACL from a YAML representation of an ACL

Parameters:

  • :yaml (String)

    serialized YAML to load an ACL from



20
21
22
23
24
25
# File 'lib/rails/auth/acl.rb', line 20

def self.from_yaml(yaml, **args)
  require "yaml"
  # rubocop:todo Security/YAMLLoad
  new(YAML.load(yaml), **args)
  # rubocop:enable Security/YAMLLoad
end

Instance Method Details

#match(env) ⇒ String?

Match the Rack environment against the ACL, checking all matchers

Parameters:

  • :env (Hash)

    Rack environment

Returns:

  • (String, nil)

    name of the first matching matcher, or nil if unauthorized



57
58
59
60
61
62
63
64
# File 'lib/rails/auth/acl.rb', line 57

def match(env)
  @resources.each do |resource|
    matcher_name = resource.match(env)
    return matcher_name if matcher_name
  end

  nil
end

#matching_resources(env) ⇒ Array<Rails::Auth::ACL::Resource>

Find all resources that match the ACL. Matchers are NOT checked, instead only the initial checks for the “resources” section of the ACL are performed. Use the ‘#match` method to validate matchers.

This method is intended for debugging AuthZ failures. It can find all resources that match the given request so the corresponding matchers can be introspected.

Parameters:

  • :env (Hash)

    Rack environment

Returns:



78
79
80
# File 'lib/rails/auth/acl.rb', line 78

def matching_resources(env)
  @resources.find_all { |resource| resource.match!(env) }
end