Class: RubyRest::SecureApplication

Inherits:

SimpleApplication

• Object
• AbstractApplication
• SimpleApplication
• RubyRest::SecureApplication

Defined in:

lib/rubyrest/application.rb

Overview

Specialization of a Simple application, that introduces the notion of security services and principals. It overrides the retrieve, create, update and delete methods and adds some extras like automatic binding.

Direct Known Subclasses

SequelApplication

Instance Attribute Summary

Attributes inherited from AbstractApplication

#config

Instance Method Summary

• #auto_bind ⇒ Object

  Defines whether update and create operations should automatically load and create new domain model, and automatically bind values from the request body document.

• #create(params) ⇒ Object

  Invoked by the web layer, on a POST request.

• #delete(params) ⇒ Object

  Invoked by the web layer, on a DELETE request.

• #initialize(config) ⇒ SecureApplication constructor

  Builds a new secured application and register its security service.

• #register_security ⇒ Object

  Register the security service, if specified in the application configuration hash.

• #resolve_principal(params) ⇒ Object

  Resolves the principal, by inoking the security service.

• #retrieve(params) ⇒ Object

  Invoked by the web layer, on a GET request.

• #security ⇒ Object

  Returns the security service, of nil if not configured.

• #update(params) ⇒ Object

  Invoked by the web layer, on a PUT request This method delegates to the resource’s service and provides an existing model object, loaded and populated with the data found in the request body.

Methods inherited from AbstractApplication

#formatter, #init_database, #is_a_collection, #is_a_service_doc, #register_domain, #register_formatters, #register_resource, #render_model, #resource_by_domain, #resource_by_name, #resource_by_path, #setup, #to_domain_class, #to_resource_class, #to_s

Constructor Details

#initialize(config) ⇒ SecureApplication

Builds a new secured application and register its security service

# File 'lib/rubyrest/application.rb', line 179

def initialize( config )
  super( config )
  register_security
end

Instance Method Details

#auto_bind ⇒ Object

Defines whether update and create operations should automatically load and create new domain model, and automatically bind values from the request body document. Can be disabled in subclasses.

# File 'lib/rubyrest/application.rb', line 175

def auto_bind; true end

#create(params) ⇒ Object

Invoked by the web layer, on a POST request. This method delegates to the resource’s service and provides a fresh new model object populated with the data found in the request body.

# File 'lib/rubyrest/application.rb', line 227

def create( params )
  params = resolve_principal( params )
  res = resource_by_path( params[:path] )
  params[:body] = res.bind( res.domain.create( params[:principal] ), params[:body] ) if auto_bind == true
  object = res.domain.save_new( params[:body], params[:principal] )
  render_model( params, object )
end

#delete(params) ⇒ Object

Invoked by the web layer, on a DELETE request

# File 'lib/rubyrest/application.rb', line 247

def delete( params )
  params = resolve_principal( params )
  res = resource_by_path( params[:path] )
  res.domain.delete( res.domain.single( params[:target], params[:principal] ), params[:principal] )
end

#register_security ⇒ Object

Register the security service, if specified in the application configuration hash

# File 'lib/rubyrest/application.rb', line 186

def register_security
  raise "no security service was defined in application #{self}" if !@config[:security_service]
  client_class = Class.by_name( (@config[:security_module]||@config[:module]).to_s.capitalize + "::" + @config[:security_service].to_s.capitalize + "::Client" )
  @security = client_class.new( @config[:security_host]||"localhost", @config[:security_port] )
end

#resolve_principal(params) ⇒ Object

Resolves the principal, by inoking the security service

# File 'lib/rubyrest/application.rb', line 198

def resolve_principal( params )
  principal = @security.principal( params[:authkey] ) 
  raise "No principal was found for authentication key: #{params[:authkey]}" if !principal
  params[:principal]=principal
  return params
end

#retrieve(params) ⇒ Object

Invoked by the web layer, on a GET request. Retrieves the collection or resource, and formats the result as a feed, entry or service document

# File 'lib/rubyrest/application.rb', line 208

def retrieve( params )
  params = resolve_principal( params )
  res = resource_by_path( params[:path] )
  if params[:target] == nil
    objects = res.domain.list( params[:principal] )
  else
    if params[:property] == nil
      objects = res.domain.single( params[:target], params[:principal] )
    else
      objects = res.domain.list_related( params[:target], params[:property], params[:principal] )
    end
  end
  render_model( params, objects )
end

#security ⇒ Object

Returns the security service, of nil if not configured

# File 'lib/rubyrest/application.rb', line 193

def security
  @security
end

#update(params) ⇒ Object

Invoked by the web layer, on a PUT request This method delegates to the resource’s service and provides an existing model object, loaded and populated with the data found in the request body.

# File 'lib/rubyrest/application.rb', line 238

def update( params )
  params = resolve_principal( params )
  res = resource_by_path( params[:path] )
  params[:body] = res.bind( res.domain.single( params[:target], params[:principal] ), params[:body] ) if auto_bind == true
  object = res.domain.save_existing( params[:target], params[:body], params[:principal] )
  render_model( params, object )
end