Class: RubyRest::SecureApplication

Inherits:

AbstractApplication

• Object
• AbstractApplication
• RubyRest::SecureApplication

Defined in:

lib/rubyrest/application.rb

Overview

Specialization of an Abstract application, that introduces the notion of security services and principals. It overrides the retrieve, create, update and delete methods and adds some extras like automatic binding.

Direct Known Subclasses

SequelApplication

Instance Attribute Summary

Attributes inherited from AbstractApplication

#config, #logger

Instance Method Summary

• #auto_bind ⇒ Object

  Defines whether update and create operations should automatically load and create new domain model, and automatically bind values from the request body document.

• #create(params) ⇒ Object

  Invoked by the web layer, on a POST request.

• #delete(params) ⇒ Object

  Invoked by the web layer, on a DELETE request.

• #initialize(config) ⇒ SecureApplication constructor

  Builds a new secured application and register its security service.

• #register_security ⇒ Object
• #resolve_principal(params) ⇒ Object

  Resolves the principal, by inoking the security service.

• #retrieve(params) ⇒ Object

  Invoked by the web layer, on a GET request.

• #security ⇒ Object

  Returns the security service, of nil if not configured.

• #update(params) ⇒ Object

  Invoked by the web layer, on a PUT request This method delegates to the resource’s service and provides an existing model object, loaded and populated with the data found in the request body.

Methods inherited from AbstractApplication

#bind, #check_config, #create_tables, #formatter, #init_database, #is_a_collection, #is_a_service_doc, #parse_request, #register_formatters, #register_resources, #register_service, #register_services, #render_model, #resource, #resource_by_path, resources, #service, #to_resource_class, #to_s, #to_service_class, with_resources

Methods included from ApplicationLogger

#init_logger

Constructor Details

#initialize(config) ⇒ SecureApplication

Builds a new secured application and register its security service

# File 'lib/rubyrest/application.rb', line 204

def initialize( config )
  super( config )
  register_security if !@config[:disable_security]
end

Instance Method Details

#auto_bind ⇒ Object

Defines whether update and create operations should automatically load and create new domain model, and automatically bind values from the request body document. Can be disabled in subclasses.

# File 'lib/rubyrest/application.rb', line 200

def auto_bind; true end

#create(params) ⇒ Object

Invoked by the web layer, on a POST request. This method delegates to the resource’s service and provides a fresh new model object populated with the data found in the request body.

# File 'lib/rubyrest/application.rb', line 253

def create( params )
  params = resolve_principal( params )
  res = resource_by_path( params[:path] )
  params[:resource]=res
  params[:body] = bind( res.new_instance( params[:principal] ), params ) if auto_bind == true
  object = res.save_new( params[:body], params[:principal] )
  render_model( params, object )
end

#delete(params) ⇒ Object

Invoked by the web layer, on a DELETE request

# File 'lib/rubyrest/application.rb', line 275

def delete( params )
  params = resolve_principal( params )
  res = resource_by_path( params[:path] )
  params[:resource]=res
  res.delete_existing( res.single( params[:target], params[:principal] ), params[:principal] )
end

#register_security ⇒ Object

# File 'lib/rubyrest/application.rb', line 209

def register_security
  if !@services[:security]
    raise "no security service was defined in application #{self}" 
  end
end

#resolve_principal(params) ⇒ Object

Resolves the principal, by inoking the security service

# File 'lib/rubyrest/application.rb', line 221

def resolve_principal( params )
  return params if @config[:disable_security]
  principal = security.principal( params[:authkey] ) 
  raise "No principal was found for authentication key: #{params[:authkey]}" if !principal
  params[:principal]=principal
  return params
end

#retrieve(params) ⇒ Object

Invoked by the web layer, on a GET request. Retrieves the collection or resource, and formats the result as a feed, entry or service document

# File 'lib/rubyrest/application.rb', line 232

def retrieve( params )
  params = resolve_principal( params )
  res = resource_by_path( params[:path] )
  params[:resource]=res
  
  if params[:target] == nil
    objects = res.list( params[:principal] )
  else
    if params[:property] == nil
      objects = res.single( params[:target], params[:principal] )
    else
      objects = res.list_related( params[:target], params[:property], params[:principal] )
    end
  end
  render_model( params, objects )
end

#security ⇒ Object

Returns the security service, of nil if not configured

# File 'lib/rubyrest/application.rb', line 216

def security
  @services[:security]
end

#update(params) ⇒ Object

Invoked by the web layer, on a PUT request This method delegates to the resource’s service and provides an existing model object, loaded and populated with the data found in the request body.

# File 'lib/rubyrest/application.rb', line 265

def update( params )
  params = resolve_principal( params )
  res = resource_by_path( params[:path] )
  params[:resource]=res
  params[:body] = bind( res.single( params[:target], params[:principal] ), params ) if auto_bind == true
  object = res.save_existing( params[:body], params[:principal] )
  render_model( params, object )
end