role_based_authorization 0.1.5 → 0.1.6

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. data/VERSION +1 -1
  2. data/lib/role_based_authorization/role_based_authorization.rb +47 -39
  3. data/role_based_authorization.gemspec +1 -1
  4. metadata +1 -1
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.1.5
1
+ 0.1.6
data/lib/role_based_authorization/role_based_authorization.rb CHANGED
@@ -107,65 +107,73 @@ module RoleBasedAuthorization
107
107
  str
108
108
  end
109
109
  end
110
+
111
+
112
+ # Returns true if one of the rules defined for this controller matches
113
+ # the given options
114
+ def exist_rule_matching_options? user, controllers, actions, ids
115
+ rules = self.class.role_auth_rules
116
+ AUTHORIZATION_LOGGER.debug("current set of rules: %s" % [rules.inspect])
117
+
118
+
119
+ controllers.each do |controller|
120
+ if( !controller.blank? && rules[controller].nil? )
121
+ # tries to load the controller. Rails automagically loads classes if their name
122
+ # is used anywhere. By trying to constantize the name of the controller, we
123
+ # force rails to load it.
124
+ controller_klass = (controller.to_s+'_controller').camelize.constantize
125
+ end
126
+
127
+ AUTHORIZATION_LOGGER.debug("current controller: %s" % [controller])
128
+
129
+ actions.each do |action|
130
+ AUTHORIZATION_LOGGER.debug('current action: %s' % [action])
131
+
132
+ action = action.to_sym
133
+ action_class = action.class
134
+ raise "Action should be a symbol -- not a #{action_class.name}!" if action_class != Symbol
135
+
136
+ rules_for_this_action = rules[controller] && rules[controller][action]
137
+ next if rules_for_this_action.nil?
138
+
139
+ return true if rules_for_this_action.find { |rule| rule.match(user, ids) }
140
+ end
141
+ end
142
+
143
+ return false
144
+ end
110
145
 
111
146
  # Main authorization logic. opts is an hash with the following keys
112
147
  # :user, :controller, :action:: self explanatory
113
148
  # :ids:: id to be used to retrieve relevant objects
114
149
  def authorize_action? opts = {}
150
+ # Option handling
151
+ user, ids, controller, action = *opts.values_at(:user, :ids, :controller, :action)
152
+
115
153
  if respond_to?(:logged_in?) && !logged_in?
116
154
  AUTHORIZATION_LOGGER.info("returning false (not logged in)")
117
155
  return false
118
156
  end
119
-
120
- user, ids, controller, action = *opts.values_at(:user, :ids, :controller, :action)
121
-
157
+
122
158
  ids ||= {}
123
159
  ids.reverse_merge!( opts.reject { |key,value| key.to_s !~ /(_id\Z)|(\Aid\Z)/ } )
124
160
 
125
- if user.nil? && respond_to?(:current_user)
126
- user = current_user
127
- end
161
+ user = current_user if user.nil? && respond_to?(:current_user)
162
+ controller = controller_name if controller.nil? && respond_to?(:controller_name)
128
163
 
129
- if controller.nil? && respond_to?(:controller_name)
130
- controller = controller_name
131
- end
132
-
133
164
  AUTHORIZATION_LOGGER.info("user %s requested access to method %s:%s using ids:%s" %
134
165
  [ user && user.description + "(id:#{user.id} role:#{user.role})" || 'none',
135
166
  controller,
136
167
  action,
137
168
  ids.inspect])
138
169
 
139
- rules = self.class.role_auth_rules
140
- AUTHORIZATION_LOGGER.debug("current set of rules: %s" % [rules.inspect])
141
-
142
- ([controller] | ['application']).each do |current_controller|
143
- if( !current_controller.blank? && rules[current_controller].nil? )
144
- # tries to load the controller. Rails automagically loads classes if their name
145
- # is used anywhere. By trying to constantize the name of the controller, we
146
- # force rails to load it.
147
- controller_klass = (current_controller.to_s+'_controller').camelize.constantize
148
- end
149
-
150
- AUTHORIZATION_LOGGER.debug("current controller: %s" % [controller])
151
-
152
- [:all, opts[:action]].each do |action|
153
- AUTHORIZATION_LOGGER.debug('current action: %s' % [action])
154
- action = action.to_sym
155
- action_class = action.class
156
-
157
- raise "Action should be a symbol -- not a #{action_class.name}!" if action_class != Symbol
158
-
159
- rules_for_this_action = rules[controller] && rules[controller][action]
160
- if rules_for_this_action != nil && rules_for_this_action.find { |rule| rule.match(user, ids) }
161
- AUTHORIZATION_LOGGER.info('returning true (access granted)')
162
- return true
163
- end
164
- end
170
+ if exist_rule_matching_options?( user, [controller,'application'], [:all,action] , ids )
171
+ AUTHORIZATION_LOGGER.info('returning true (access granted)')
172
+ return true
173
+ else
174
+ AUTHORIZATION_LOGGER.info('returning false (access denied)')
175
+ return false
165
176
  end
166
-
167
- AUTHORIZATION_LOGGER.info('returning false (access denied)')
168
- return false
169
177
  end
170
178
 
171
179
 
data/role_based_authorization.gemspec CHANGED
@@ -5,7 +5,7 @@
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = %q{role_based_authorization}
8
- s.version = "0.1.5"
8
+ s.version = "0.1.6"
9
9
 
10
10
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
11
  s.authors = ["Roberto Esposito"]
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: role_based_authorization
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.5
4
+ version: 0.1.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Roberto Esposito