Class: Flipper::AdminUserConstraint
- Inherits:
-
Object
- Object
- Flipper::AdminUserConstraint
- Defined in:
- lib/flipper/admin_user_constraint.rb
Class Method Summary collapse
Class Method Details
.authenticate(request) ⇒ Object
31 32 33 34 35 |
# File 'lib/flipper/admin_user_constraint.rb', line 31 def self.authenticate(request) RequestStore.store[:flipper_user_email_for_log] = nil warden = request.env['warden'] warden.authenticate!(scope: :flipper) end |
.authorized?(user) ⇒ Boolean
37 38 39 40 41 42 43 44 |
# File 'lib/flipper/admin_user_constraint.rb', line 37 def self.(user) return true if Rails.env.development? org_name = Settings.flipper.github_organization team_id = Settings.flipper.github_team user&.organization_member?(org_name) && user&.team_member?(team_id) end |
.matches?(request) ⇒ Boolean
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
# File 'lib/flipper/admin_user_constraint.rb', line 5 def self.matches?(request) # Confirm that requests to toggle (POST to /boolean) are authorized url_pattern = %r{\A/flipper/features/[^/]+/boolean\z} if request.method == 'POST' && request.path.match?(url_pattern) return true if (request.session[:flipper_user]) raise Common::Exceptions::Forbidden end # If Authenticated through GitHub, check authorization to determine what can be shown in views if request.session[:flipper_user].present? user = request.session[:flipper_user] RequestStore.store[:flipper_user_email_for_log] = user&.email || "Email not found for: #{user&.name || '<no name>'}, #{user&.company || '<no company>'}" RequestStore.store[:flipper_authorized] = (user) return true end # allow GET requests (minus the callback, which needs to pass through to finish auth flow) return true if (request.method == 'GET' && request.path.exclude?('/callback')) || Rails.env.development? authenticate(request) true end |