role_based_authorization 0.1.5 → 0.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. data/VERSION +1 -1
  2. data/lib/role_based_authorization/role_based_authorization.rb +47 -39
  3. data/role_based_authorization.gemspec +1 -1
  4. metadata +1 -1
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.1.5
1
+ 0.1.6
data/lib/role_based_authorization/role_based_authorization.rb CHANGED
@@ -107,65 +107,73 @@ module RoleBasedAuthorization
107
107
  str
108
108
  end
109
109
  end
110
+
111
+
112
+ # Returns true if one of the rules defined for this controller matches
113
+ # the given options
114
+ def exist_rule_matching_options? user, controllers, actions, ids
115
+ rules = self.class.role_auth_rules
116
+ AUTHORIZATION_LOGGER.debug("current set of rules: %s" % [rules.inspect])
117
+
118
+
119
+ controllers.each do |controller|
120
+ if( !controller.blank? && rules[controller].nil? )
121
+ # tries to load the controller. Rails automagically loads classes if their name
122
+ # is used anywhere. By trying to constantize the name of the controller, we
123
+ # force rails to load it.
124
+ controller_klass = (controller.to_s+'_controller').camelize.constantize
125
+ end
126
+
127
+ AUTHORIZATION_LOGGER.debug("current controller: %s" % [controller])
128
+
129
+ actions.each do |action|
130
+ AUTHORIZATION_LOGGER.debug('current action: %s' % [action])
131
+
132
+ action = action.to_sym
133
+ action_class = action.class
134
+ raise "Action should be a symbol -- not a #{action_class.name}!" if action_class != Symbol
135
+
136
+ rules_for_this_action = rules[controller] && rules[controller][action]
137
+ next if rules_for_this_action.nil?
138
+
139
+ return true if rules_for_this_action.find { |rule| rule.match(user, ids) }
140
+ end
141
+ end
142
+
143
+ return false
144
+ end
110
145
 
111
146
  # Main authorization logic. opts is an hash with the following keys
112
147
  # :user, :controller, :action:: self explanatory
113
148
  # :ids:: id to be used to retrieve relevant objects
114
149
  def authorize_action? opts = {}
150
+ # Option handling
151
+ user, ids, controller, action = *opts.values_at(:user, :ids, :controller, :action)
152
+
115
153
  if respond_to?(:logged_in?) && !logged_in?
116
154
  AUTHORIZATION_LOGGER.info("returning false (not logged in)")
117
155
  return false
118
156
  end
119
-
120
- user, ids, controller, action = *opts.values_at(:user, :ids, :controller, :action)
121
-
157
+
122
158
  ids ||= {}
123
159
  ids.reverse_merge!( opts.reject { |key,value| key.to_s !~ /(_id\Z)|(\Aid\Z)/ } )
124
160
 
125
- if user.nil? && respond_to?(:current_user)
126
- user = current_user
127
- end
161
+ user = current_user if user.nil? && respond_to?(:current_user)
162
+ controller = controller_name if controller.nil? && respond_to?(:controller_name)
128
163
 
129
- if controller.nil? && respond_to?(:controller_name)
130
- controller = controller_name
131
- end
132
-
133
164
  AUTHORIZATION_LOGGER.info("user %s requested access to method %s:%s using ids:%s" %
134
165
  [ user && user.description + "(id:#{user.id} role:#{user.role})" || 'none',
135
166
  controller,
136
167
  action,
137
168
  ids.inspect])
138
169
 
139
- rules = self.class.role_auth_rules
140
- AUTHORIZATION_LOGGER.debug("current set of rules: %s" % [rules.inspect])
141
-
142
- ([controller] | ['application']).each do |current_controller|
143
- if( !current_controller.blank? && rules[current_controller].nil? )
144
- # tries to load the controller. Rails automagically loads classes if their name
145
- # is used anywhere. By trying to constantize the name of the controller, we
146
- # force rails to load it.
147
- controller_klass = (current_controller.to_s+'_controller').camelize.constantize
148
- end
149
-
150
- AUTHORIZATION_LOGGER.debug("current controller: %s" % [controller])
151
-
152
- [:all, opts[:action]].each do |action|
153
- AUTHORIZATION_LOGGER.debug('current action: %s' % [action])
154
- action = action.to_sym
155
- action_class = action.class
156
-
157
- raise "Action should be a symbol -- not a #{action_class.name}!" if action_class != Symbol
158
-
159
- rules_for_this_action = rules[controller] && rules[controller][action]
160
- if rules_for_this_action != nil && rules_for_this_action.find { |rule| rule.match(user, ids) }
161
- AUTHORIZATION_LOGGER.info('returning true (access granted)')
162
- return true
163
- end
164
- end
170
+ if exist_rule_matching_options?( user, [controller,'application'], [:all,action] , ids )
171
+ AUTHORIZATION_LOGGER.info('returning true (access granted)')
172
+ return true
173
+ else
174
+ AUTHORIZATION_LOGGER.info('returning false (access denied)')
175
+ return false
165
176
  end
166
-
167
- AUTHORIZATION_LOGGER.info('returning false (access denied)')
168
- return false
169
177
  end
170
178
 
171
179
 
data/role_based_authorization.gemspec CHANGED
@@ -5,7 +5,7 @@
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = %q{role_based_authorization}
8
- s.version = "0.1.5"
8
+ s.version = "0.1.6"
9
9
 
10
10
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
11
  s.authors = ["Roberto Esposito"]
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: role_based_authorization
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.5
4
+ version: 0.1.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Roberto Esposito