role_based_authorization 0.1.3 → 0.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.1.
|
|
1
|
+
0.1.4
|
|
@@ -112,37 +112,39 @@ module RoleBasedAuthorization
|
|
|
112
112
|
# :user, :controller, :action:: self explanatory
|
|
113
113
|
# :ids:: id to be used to retrieve relevant objects
|
|
114
114
|
def authorize_action? opts = {}
|
|
115
|
-
if
|
|
115
|
+
if respond_to?(:logged_in?) && !logged_in?
|
|
116
116
|
AUTHORIZATION_LOGGER.info("returning false (not logged in)")
|
|
117
117
|
return false
|
|
118
118
|
end
|
|
119
119
|
|
|
120
|
-
opts
|
|
121
|
-
opts[:ids].reverse_merge!( opts.reject { |k,v| k.to_s !~ /(_id\Z)|(\Aid\Z)/ } )
|
|
120
|
+
user, ids, controller, action = *opts.values_at(:user, :ids, :controller, :action)
|
|
122
121
|
|
|
123
|
-
|
|
124
|
-
|
|
122
|
+
ids ||= {}
|
|
123
|
+
ids.reverse_merge!( opts.reject { |key,value| key.to_s !~ /(_id\Z)|(\Aid\Z)/ } )
|
|
124
|
+
|
|
125
|
+
if user.nil? && respond_to?(:current_user)
|
|
126
|
+
user = current_user
|
|
125
127
|
end
|
|
126
128
|
|
|
127
|
-
if
|
|
128
|
-
|
|
129
|
+
if controller.nil? && respond_to?(:controller_name)
|
|
130
|
+
controller = controller_name
|
|
129
131
|
end
|
|
130
132
|
|
|
131
133
|
AUTHORIZATION_LOGGER.info("user %s requested access to method %s:%s using ids:%s" %
|
|
132
|
-
[
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
134
|
+
[ user && user.description + "(id:#{user.id} role:#{user.role})" || 'none',
|
|
135
|
+
controller,
|
|
136
|
+
action,
|
|
137
|
+
ids.inspect])
|
|
136
138
|
|
|
137
139
|
rules = self.class.role_auth_rules
|
|
138
140
|
AUTHORIZATION_LOGGER.debug("current set of rules: %s" % [rules.inspect])
|
|
139
141
|
|
|
140
|
-
([
|
|
141
|
-
if( !
|
|
142
|
+
([controller] | ['application']).each do |current_controller|
|
|
143
|
+
if( !current_controller.blank? && rules[current_controller].nil? )
|
|
142
144
|
# tries to load the controller. Rails automagically loads classes if their name
|
|
143
145
|
# is used anywhere. By trying to constantize the name of the controller, we
|
|
144
146
|
# force rails to load it.
|
|
145
|
-
controller_klass = (
|
|
147
|
+
controller_klass = (current_controller.to_s+'_controller').camelize.constantize
|
|
146
148
|
end
|
|
147
149
|
|
|
148
150
|
AUTHORIZATION_LOGGER.debug("current controller: %s" % [controller])
|
|
@@ -150,10 +152,12 @@ module RoleBasedAuthorization
|
|
|
150
152
|
[:all, opts[:action]].each do |action|
|
|
151
153
|
AUTHORIZATION_LOGGER.debug('current action: %s' % [action])
|
|
152
154
|
action = action.to_sym
|
|
153
|
-
|
|
155
|
+
action_class = action.class
|
|
156
|
+
|
|
157
|
+
raise "Action should be a symbol -- not a #{action_class.name}!" if action_class != Symbol
|
|
154
158
|
|
|
155
|
-
|
|
156
|
-
if
|
|
159
|
+
rules_for_this_action = rules[controller] && rules[controller][action]
|
|
160
|
+
if rules_for_this_action != nil && rules_for_this_action.find { |rule| rule.match(user, ids) }
|
|
157
161
|
AUTHORIZATION_LOGGER.info('returning true (access granted)')
|
|
158
162
|
return true
|
|
159
163
|
end
|
|
@@ -205,7 +209,7 @@ module RoleBasedAuthorization
|
|
|
205
209
|
def authorized?
|
|
206
210
|
authorize_action? :controller => controller_name,
|
|
207
211
|
:action => action_name,
|
|
208
|
-
:ids => params.reject { |
|
|
212
|
+
:ids => params.reject { |key,value| key.to_s !~ /(_id\Z)|(\Aid\Z)/ },
|
|
209
213
|
:user => current_user
|
|
210
214
|
end
|
|
211
215
|
end
|