Class: Rails::Auth::ACL

Inherits:

Object

• Object
• Rails::Auth::ACL

Defined in:

lib/rails/auth/acl.rb,
lib/rails/auth/acl/resource.rb,
lib/rails/auth/acl/middleware.rb,
lib/rails/auth/acl/matchers/allow_all.rb

Overview

Route-based access control lists

Defined Under Namespace

Modules: Matchers Classes: Middleware, Resource

Constant Summary

DEFAULT_MATCHERS =

Matchers available by default in ACLs

{
  allow_all: Matchers::AllowAll
}.freeze

Instance Attribute Summary

• #resources ⇒ Object readonly

  Returns the value of attribute resources.

Class Method Summary

• .from_yaml(yaml, **args) ⇒ Object

  Create a Rails::Auth::ACL from a YAML representation of an ACL.

Instance Method Summary

• #initialize(acl, matchers: {}) ⇒ ACL constructor

  A new instance of ACL.

• #match(env) ⇒ String^?

  Match the Rack environment against the ACL, checking all matchers.

• #matching_resources(env) ⇒ Array<Rails::Auth::ACL::Resource>

  Find all resources that match the ACL.

Constructor Details

#initialize(acl, matchers: {}) ⇒ ACL

Returns a new instance of ACL.

Parameters:

• :acl (Array<Hash>) —

  Access Control List configuration

• :matchers (Hash) —

  authorizers use with this ACL

Raises:

• (TypeError)

# File 'lib/rails/auth/acl.rb', line 30

def initialize(acl, matchers: {})
  raise TypeError, "expected Array for acl, got #{acl.class}" unless acl.is_a?(Array)

  @resources = []

  acl.each do |entry|
    raise TypeError, "expected Hash for acl entry, got #{entry.class}" unless entry.is_a?(Hash)

    resources = entry["resources"]
    raise ParseError, "no 'resources' key present in entry: #{entry.inspect}" unless resources

    matcher_instances = parse_matchers(entry, matchers.merge(DEFAULT_MATCHERS))

    resources.each do |resource|
      @resources << Resource.new(resource, matcher_instances).freeze
    end
  end

  @resources.freeze
end

Instance Attribute Details

#resources ⇒ Object (readonly)

Returns the value of attribute resources.

# File 'lib/rails/auth/acl.rb', line 10

def resources
  @resources
end

Class Method Details

.from_yaml(yaml, **args) ⇒ Object

Create a Rails::Auth::ACL from a YAML representation of an ACL

Parameters:

• :yaml (String) —

  serialized YAML to load an ACL from

# File 'lib/rails/auth/acl.rb', line 20

def self.from_yaml(yaml, **args)
  require "yaml"
  # rubocop:todo Security/YAMLLoad
  new(YAML.load(yaml), **args)
  # rubocop:enable Security/YAMLLoad
end

Instance Method Details

#match(env) ⇒ String^?

Match the Rack environment against the ACL, checking all matchers

Parameters:

• :env (Hash) —

  Rack environment

Returns:

• (String, nil) —

  name of the first matching matcher, or nil if unauthorized

# File 'lib/rails/auth/acl.rb', line 57

def match(env)
  @resources.each do |resource|
    matcher_name = resource.match(env)
    return matcher_name if matcher_name
  end

  nil
end

#matching_resources(env) ⇒ Array<Rails::Auth::ACL::Resource>

Find all resources that match the ACL. Matchers are NOT checked, instead only the initial checks for the “resources” section of the ACL are performed. Use the ‘#match` method to validate matchers.

This method is intended for debugging AuthZ failures. It can find all resources that match the given request so the corresponding matchers can be introspected.

Parameters:

• :env (Hash) —

  Rack environment

Returns:

• (Array<Rails::Auth::ACL::Resource>) —

  matching resources

# File 'lib/rails/auth/acl.rb', line 78

def matching_resources(env)
  @resources.find_all { |resource| resource.match!(env) }
end