Module: Authorization

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.included(base) ⇒ Object


2
3
4
5
6
7
8
# File 'app/models/authorization.rb', line 2

def self.included(base)
  base.class_eval do
    before_save    :enforce_edit_permissions
    before_destroy :enforce_destroy_permissions
    before_create  :enforce_create_permissions
  end
end

Instance Method Details

#enforce_create_permissionsObject


19
20
21
# File 'app/models/authorization.rb', line 19

def enforce_create_permissions
  enforce_permissions("create") if enforce?
end

#enforce_destroy_permissionsObject


15
16
17
# File 'app/models/authorization.rb', line 15

def enforce_destroy_permissions
  enforce_permissions("destroy") if enforce?
end

#enforce_edit_permissionsObject

We must enforce the security model


11
12
13
# File 'app/models/authorization.rb', line 11

def enforce_edit_permissions
  enforce_permissions("edit") if enforce?
end

#enforce_permissions(operation) ⇒ Object


23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# File 'app/models/authorization.rb', line 23

def enforce_permissions operation
  # We get called again with the operation being set to create
  return true if operation == "edit" and new_record?

  klass   = self.class.name.downcase
  klasses   = self.class.name.tableize
  klasses.gsub!(/auth_source.*/, "authenticators")
  klasses.gsub!(/common_parameters.*/, "global_variables")
  klasses.gsub!(/lookup_key.*/, "external_variables")
  klasses.gsub!(/lookup_value.*/, "external_variables")
  return true if User.current and User.current.allowed_to?("#{operation}_#{klasses}".to_sym)

  errors.add :base, _("You do not have permission to %{operation} this %{klass}") % { :operation => operation, :klass => klass }
  @permission_failed = operation
  false
end

#permission_failed?Boolean


41
42
43
44
# File 'app/models/authorization.rb', line 41

def permission_failed?
  return false unless @permission_failed
  @permission_failed
end