role_based_authorization 0.1.3 → 0.1.4
Sign up to get free protection for your applications and to get access to all the features.
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.1.
|
|
1
|
+
0.1.4
|
|
@@ -112,37 +112,39 @@ module RoleBasedAuthorization
|
|
|
112
112
|
# :user, :controller, :action:: self explanatory
|
|
113
113
|
# :ids:: id to be used to retrieve relevant objects
|
|
114
114
|
def authorize_action? opts = {}
|
|
115
|
-
if
|
|
115
|
+
if respond_to?(:logged_in?) && !logged_in?
|
|
116
116
|
AUTHORIZATION_LOGGER.info("returning false (not logged in)")
|
|
117
117
|
return false
|
|
118
118
|
end
|
|
119
119
|
|
|
120
|
-
opts
|
|
121
|
-
opts[:ids].reverse_merge!( opts.reject { |k,v| k.to_s !~ /(_id\Z)|(\Aid\Z)/ } )
|
|
120
|
+
user, ids, controller, action = *opts.values_at(:user, :ids, :controller, :action)
|
|
122
121
|
|
|
123
|
-
|
|
124
|
-
|
|
122
|
+
ids ||= {}
|
|
123
|
+
ids.reverse_merge!( opts.reject { |key,value| key.to_s !~ /(_id\Z)|(\Aid\Z)/ } )
|
|
124
|
+
|
|
125
|
+
if user.nil? && respond_to?(:current_user)
|
|
126
|
+
user = current_user
|
|
125
127
|
end
|
|
126
128
|
|
|
127
|
-
if
|
|
128
|
-
|
|
129
|
+
if controller.nil? && respond_to?(:controller_name)
|
|
130
|
+
controller = controller_name
|
|
129
131
|
end
|
|
130
132
|
|
|
131
133
|
AUTHORIZATION_LOGGER.info("user %s requested access to method %s:%s using ids:%s" %
|
|
132
|
-
[
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
134
|
+
[ user && user.description + "(id:#{user.id} role:#{user.role})" || 'none',
|
|
135
|
+
controller,
|
|
136
|
+
action,
|
|
137
|
+
ids.inspect])
|
|
136
138
|
|
|
137
139
|
rules = self.class.role_auth_rules
|
|
138
140
|
AUTHORIZATION_LOGGER.debug("current set of rules: %s" % [rules.inspect])
|
|
139
141
|
|
|
140
|
-
([
|
|
141
|
-
if( !
|
|
142
|
+
([controller] | ['application']).each do |current_controller|
|
|
143
|
+
if( !current_controller.blank? && rules[current_controller].nil? )
|
|
142
144
|
# tries to load the controller. Rails automagically loads classes if their name
|
|
143
145
|
# is used anywhere. By trying to constantize the name of the controller, we
|
|
144
146
|
# force rails to load it.
|
|
145
|
-
controller_klass = (
|
|
147
|
+
controller_klass = (current_controller.to_s+'_controller').camelize.constantize
|
|
146
148
|
end
|
|
147
149
|
|
|
148
150
|
AUTHORIZATION_LOGGER.debug("current controller: %s" % [controller])
|
|
@@ -150,10 +152,12 @@ module RoleBasedAuthorization
|
|
|
150
152
|
[:all, opts[:action]].each do |action|
|
|
151
153
|
AUTHORIZATION_LOGGER.debug('current action: %s' % [action])
|
|
152
154
|
action = action.to_sym
|
|
153
|
-
|
|
155
|
+
action_class = action.class
|
|
156
|
+
|
|
157
|
+
raise "Action should be a symbol -- not a #{action_class.name}!" if action_class != Symbol
|
|
154
158
|
|
|
155
|
-
|
|
156
|
-
if
|
|
159
|
+
rules_for_this_action = rules[controller] && rules[controller][action]
|
|
160
|
+
if rules_for_this_action != nil && rules_for_this_action.find { |rule| rule.match(user, ids) }
|
|
157
161
|
AUTHORIZATION_LOGGER.info('returning true (access granted)')
|
|
158
162
|
return true
|
|
159
163
|
end
|
|
@@ -205,7 +209,7 @@ module RoleBasedAuthorization
|
|
|
205
209
|
def authorized?
|
|
206
210
|
authorize_action? :controller => controller_name,
|
|
207
211
|
:action => action_name,
|
|
208
|
-
:ids => params.reject { |
|
|
212
|
+
:ids => params.reject { |key,value| key.to_s !~ /(_id\Z)|(\Aid\Z)/ },
|
|
209
213
|
:user => current_user
|
|
210
214
|
end
|
|
211
215
|
end
|