Module: Trainmaster::ApplicationHelper

Includes:

Repia::Helper::Base

Included in:

ApplicationController

Defined in:

app/helpers/trainmaster/application_helper.rb

Constant Summary

UNAUTHORIZED_ERROR =

Respect the config first. If not specified, use 401 Unauthorized.

Rails.application.config.try(:unauthorized_error) ||
Repia::Errors::Unauthorized

Instance Method Summary

• #authorize_for!(obj) ⇒ Object

  Authorize the user for a specified object.

• #authorized?(obj) ⇒ Boolean

  Deprecated: use authorized_for? instead.

• #authorized_for?(obj) ⇒ Boolean (also: #authorize_for?)

  Determines if the user is authorized for the object.

• #get_user(fallback: true) ⇒ Object

  Helper method to get the user object in the request, which is specified by :user_id parameter.

• #has_admin_auth? ⇒ Boolean

  Determines if the authenticated user is admin or not.

Instance Method Details

#authorize_for!(obj) ⇒ Object

Authorize the user for a specified object. If the user does not have permission, it will throw an exception. Note that it is sometimes not desirable to provide detailed information about authorization failure. Note that this will not include this detail in the exception.

A UNAUTHORIZED_ERROR is raised.

# File 'app/helpers/trainmaster/application_helper.rb', line 153

def authorize_for!(obj)
  if !authorized_for?(obj)
    logger.error("User #{@auth_user.uuid} does not have permission " +
                 "to access #{obj}")
    raise UNAUTHORIZED_ERROR, "User is not authorized"
  end
end

#authorized?(obj) ⇒ Boolean

Deprecated: use authorized_for? instead.

Returns:

• (Boolean)

# File 'app/helpers/trainmaster/application_helper.rb', line 143

def authorized?(obj); authorized_for?(obj) end

#authorized_for?(obj) ⇒ Boolean Also known as: authorize_for?

Determines if the user is authorized for the object. The user must be either the creator of the object or must be an admin or above.

Returns:

• (Boolean)

# File 'app/helpers/trainmaster/application_helper.rb', line 124

def authorized_for?(obj)
  logger.debug("Checking to see if authorized to access object")
  if @auth_user.nil?
    # :nocov:
    return false
    # :nocov:
  elsif @auth_user.role >= Roles::ADMIN
    return true
  elsif obj.is_a? User
    return obj == @auth_user
  else
    return obj.try(:user) == @auth_user
  end
end

#get_user(fallback: true) ⇒ Object

Helper method to get the user object in the request, which is specified by :user_id parameter. There are two ways to specify the user id–one in the routing or the auth context.

A UNAUTHORIZED_ERROR is raised if the authenticated user is not authorized for the specified user information.

A Repia::Errors::NotFound is raised if the specified user cannot be found.

# File 'app/helpers/trainmaster/application_helper.rb', line 28

def get_user(fallback: true)
  user_id = params[:user_id]
  logger.debug("Attempting to get user #{user_id}")
  if !user_id.nil? && user_id != "current"
    @user = find_object(User, params[:user_id])  # will throw error if nil
    authorize_for!(@user)
  elsif fallback || user_id == "current"
    @user = @auth_user
  else
    # :nocov:
    raise Repia::Errors::NotFound, "User #{user_id} does not exist"
    # :nocov:
  end
end

#has_admin_auth? ⇒ Boolean

Determines if the authenticated user is admin or not.

Returns:

• (Boolean)

# File 'app/helpers/trainmaster/application_helper.rb', line 12

def has_admin_auth?
  return instance_variable_defined?(:@auth_user) &&
      @auth_user.try(:role).try(:>=, Roles::ADMIN)
end