Module: Strelka::App::Auth::ClassMethods

Defined in:

lib/strelka/app/auth.rb

Overview

Class methods to add to app classes that enable Auth

Instance Attribute Summary

• #auth_provider ⇒ Object

  The Strelka::AuthProvider subclass that will be used to provide authentication and authorization to instances of the app.

• #negative_auth_criteria ⇒ Object readonly

  Hashes of criteria for applying and skipping auth for a request, keyed by request pattern.

• #negative_perms_criteria ⇒ Object readonly

  Hashes of criteria for applying and skipping authorization for a request, keyed by request pattern.

• #positive_auth_criteria ⇒ Object readonly

  Hashes of criteria for applying and skipping auth for a request, keyed by request pattern.

• #positive_perms_criteria ⇒ Object readonly

  Hashes of criteria for applying and skipping authorization for a request, keyed by request pattern.

Class Method Summary

• .extended(obj) ⇒ Object

  Extension callback – register objects that are extended so when the auth plugin is configured, it can set the configured auto provider.

Instance Method Summary

• #has_auth_criteria? ⇒ Boolean

  Returns true if there are any criteria for determining whether or not a request needs auth.

• #has_negative_auth_criteria? ⇒ Boolean

  Returns true if the app has been set up so that all methods but ones that match declared criteria require auth.

• #has_positive_auth_criteria? ⇒ Boolean

  Returns true if the app has been set up so that only some methods require auth.

• #inherited(subclass) ⇒ Object

  Extension callback – add instance variables to extending objects.

• #no_auth_for(*criteria, &block) ⇒ Object

  :call-seq: no_auth_for( string ) no_auth_for( regexp ) no_auth_for { |request| … } no_auth_for( string ) { |request| … } no_auth_for( regexp ) { |request, matchdata| … }.

• #no_perms_for(pattern = nil, &block) ⇒ Object

  Register one or more exceptions to the permissions policy in effect for requests whose #app_path matches the specified pattern.

• #require_auth_for(*criteria, &block) ⇒ Object

  :call-seq: require_auth_for( string ) require_auth_for( regexp ) require_auth_for { |request| … } require_auth_for( string ) { |request| … } require_auth_for( regexp ) { |request, matchdata| … }.

• #require_perms_for(pattern = nil, *perms, &block) ⇒ Object

  Constrain authorization to apply only to requests which match the given pattern.

Instance Attribute Details

#auth_provider ⇒ Object

The Strelka::AuthProvider subclass that will be used to provide authentication and authorization to instances of the app.

# File 'lib/strelka/app/auth.rb', line 296

def auth_provider
  @auth_provider
end

#negative_auth_criteria ⇒ Object (readonly)

Hashes of criteria for applying and skipping auth for a request, keyed by request pattern

# File 'lib/strelka/app/auth.rb', line 300

def negative_auth_criteria
  @negative_auth_criteria
end

#negative_perms_criteria ⇒ Object (readonly)

Hashes of criteria for applying and skipping authorization for a request, keyed by request pattern

# File 'lib/strelka/app/auth.rb', line 304

def negative_perms_criteria
  @negative_perms_criteria
end

#positive_auth_criteria ⇒ Object (readonly)

Hashes of criteria for applying and skipping auth for a request, keyed by request pattern

# File 'lib/strelka/app/auth.rb', line 300

def positive_auth_criteria
  @positive_auth_criteria
end

#positive_perms_criteria ⇒ Object (readonly)

Hashes of criteria for applying and skipping authorization for a request, keyed by request pattern

# File 'lib/strelka/app/auth.rb', line 304

def positive_perms_criteria
  @positive_perms_criteria
end

Class Method Details

.extended(obj) ⇒ Object

Extension callback – register objects that are extended so when the auth plugin is configured, it can set the configured auto provider.

# File 'lib/strelka/app/auth.rb', line 277

def self::extended( obj )
	super
	Strelka::App::Auth.extended_apps << obj
	obj.auth_provider = Strelka::App::Auth::DEFAULT_AUTH_PROVIDER
end

Instance Method Details

#has_auth_criteria? ⇒ Boolean

Returns true if there are any criteria for determining whether or not a request needs auth.

Returns:

• (Boolean)

# File 'lib/strelka/app/auth.rb', line 330

def has_auth_criteria?
	return self.has_positive_auth_criteria? || self.has_negative_auth_criteria?
end

#has_negative_auth_criteria? ⇒ Boolean

Returns true if the app has been set up so that all methods but ones that match declared criteria require auth.

Returns:

• (Boolean)

# File 'lib/strelka/app/auth.rb', line 344

def has_negative_auth_criteria?
	return !self.negative_auth_criteria.empty?
end

#has_positive_auth_criteria? ⇒ Boolean

Returns true if the app has been set up so that only some methods require auth.

Returns:

• (Boolean)

# File 'lib/strelka/app/auth.rb', line 337

def has_positive_auth_criteria?
	return !self.positive_auth_criteria.empty?
end

#inherited(subclass) ⇒ Object

Extension callback – add instance variables to extending objects.

# File 'lib/strelka/app/auth.rb', line 308

def inherited( subclass )
	super
	Strelka::App::Auth.extended_apps << subclass
	subclass.instance_variable_set( :@auth_provider, @auth_provider )
	subclass.instance_variable_set( :@positive_auth_criteria, @positive_auth_criteria.dup )
	subclass.instance_variable_set( :@negative_auth_criteria, @negative_auth_criteria.dup )
	subclass.instance_variable_set( :@positive_perms_criteria, @positive_perms_criteria.dup )
	subclass.instance_variable_set( :@negative_perms_criteria, @negative_perms_criteria.dup )
end

#no_auth_for(*criteria, &block) ⇒ Object

:call-seq:

no_auth_for( string )
no_auth_for( regexp )
no_auth_for { |request| ... }
no_auth_for( string ) { |request| ... }
no_auth_for( regexp ) { |request, matchdata| ... }

Constrain authentication to apply to requests except those whose #app_path matches the given string or regexp, and/or for which the given block returns a true value.

# File 'lib/strelka/app/auth.rb', line 391

def no_auth_for( *criteria, &block )
	if self.has_positive_auth_criteria?
		raise ScriptError,
			"defining both positive and negative auth criteria is unsupported."
	end

	criteria << nil if criteria.empty?
	block ||= Proc.new { true }

	criteria.each do |pattern|
		pattern = pattern.gsub( %r{^/+|/+$}, '' ) if pattern.respond_to?( :gsub )
		self.log.debug "  adding no_auth for %p" % [ pattern ]
		self.negative_auth_criteria[ pattern ] = block
	end
end

#no_perms_for(pattern = nil, &block) ⇒ Object

Register one or more exceptions to the permissions policy in effect for requests whose #app_path matches the specified pattern. The block form should return true if the request it’s called with should be allowed without authorization checks.

Raises:

• (LocalJumpError)

# File 'lib/strelka/app/auth.rb', line 432

def no_perms_for( pattern=nil, &block )
	raise LocalJumpError, "no block or pattern given" unless pattern || block

	block   ||= Proc.new { true }
	pattern ||= /(?##{block.object_id})/

	pattern = pattern.gsub( %r{^/+|/+$}, '' ) if pattern.respond_to?( :gsub )
	self.log.debug "  adding no_auth for %p" % [ pattern ]
	self.negative_perms_criteria << [ pattern, block ]
end

#require_auth_for(*criteria, &block) ⇒ Object

:call-seq:

require_auth_for( string )
require_auth_for( regexp )
require_auth_for { |request| ... }
require_auth_for( string ) { |request| ... }
require_auth_for( regexp ) { |request, matchdata| ... }

Constrain authentication to apply only to requests whose #app_path matches the given string or regexp, and/or for which the given block returns a true value. regexp patterns are matched as-is, and string patterns are matched exactly via == after stripping leading and trailing ‘/’ characters from both it and the #app_path. NOTE: using this declaration inverts the default security policy of restricting access to all requests.

# File 'lib/strelka/app/auth.rb', line 363

def require_auth_for( *criteria, &block )
	if self.has_negative_auth_criteria?
		raise ScriptError,
			"defining both positive and negative auth criteria is unsupported."
	end

	criteria << nil if criteria.empty?
	block ||= Proc.new { true }

	criteria.each do |pattern|
		pattern = pattern.gsub( %r{^/+|/+$}, '' ) if pattern.respond_to?( :gsub )
		self.log.debug "  adding require_auth for %p" % [ pattern ]
		self.positive_auth_criteria[ pattern ] = block
	end
end

#require_perms_for(pattern = nil, *perms, &block) ⇒ Object

Constrain authorization to apply only to requests which match the given pattern. The pattern is either a String or a Regexp which is tested against the request’s #app_path. The perms should be Symbols which indicate a set of permission types that must have been granted in order to carry out the request. The block, if given, should evaluate to true if the request should undergo authorization, or false if it should not. NOTE: using this declaration inverts the default security policy of restricting access to all requests.

# File 'lib/strelka/app/auth.rb', line 416

def require_perms_for( pattern=nil, *perms, &block )
	block ||= Proc.new {
		self.log.debug "  using default perms: %p" % [ perms ]
		true
	}

	pattern = pattern.gsub( %r{^/+|/+$}, '' ) if pattern.respond_to?( :gsub )
	self.log.debug "  adding require_perms (%p) for %p" % [ perms, pattern ]
	self.positive_perms_criteria << [ pattern, block, perms.freeze ]
end