Class: Lanes::API::AuthenticationProvider
- Inherits:
-
Object
- Object
- Lanes::API::AuthenticationProvider
- Defined in:
- lib/lanes/access/authentication_provider.rb
Instance Attribute Summary collapse
-
#request ⇒ Object
readonly
Returns the value of attribute request.
Class Method Summary collapse
Instance Method Summary collapse
- #allowed_access_to?(klass, options = {}) ⇒ Boolean
- #current_user ⇒ Object
- #error_message ⇒ Object
- #error_message_for_access ⇒ Object
- #fail_request(req) ⇒ Object
-
#initialize(request) ⇒ AuthenticationProvider
constructor
A new instance of AuthenticationProvider.
- #wrap_model_access(model, req, options = {}) ⇒ Object
- #wrap_request(req) ⇒ Object
Constructor Details
#initialize(request) ⇒ AuthenticationProvider
Returns a new instance of AuthenticationProvider.
15 16 17 |
# File 'lib/lanes/access/authentication_provider.rb', line 15 def initialize(request) @request=request end |
Instance Attribute Details
#request ⇒ Object (readonly)
Returns the value of attribute request.
13 14 15 |
# File 'lib/lanes/access/authentication_provider.rb', line 13 def request @request end |
Class Method Details
.user_for_request(request) ⇒ Object
5 6 7 8 9 10 11 |
# File 'lib/lanes/access/authentication_provider.rb', line 5 def self.user_for_request(request) token = request.params['jwt'] uid = token ? JWT.decode(token, Lanes.config.session_secret_key_base, true, { :algorithm => 'HS256' }) .first['uid'] : nil uid ? Lanes::User.where(id: uid).first : nil end |
Instance Method Details
#allowed_access_to?(klass, options = {}) ⇒ Boolean
37 38 39 40 41 42 43 44 45 46 47 48 49 50 |
# File 'lib/lanes/access/authentication_provider.rb', line 37 def allowed_access_to?(klass, = {}) return true if [:public] == true and current_user.nil? return false if current_user.nil? case request.request_method when 'GET' klass.can_read_attributes?(request.params, current_user) when 'POST', 'PATCH', 'PUT' klass.can_write_attributes?(request.params, current_user) when 'DELETE' klass.can_delete_attributes?(request.params, current_user) else false end end |
#current_user ⇒ Object
19 20 21 |
# File 'lib/lanes/access/authentication_provider.rb', line 19 def current_user @current_user ||= AuthenticationProvider.user_for_request(request) end |
#error_message ⇒ Object
23 24 25 |
# File 'lib/lanes/access/authentication_provider.rb', line 23 def current_user ? "User not found" : end |
#error_message_for_access ⇒ Object
27 28 29 30 31 32 33 34 35 |
# File 'lib/lanes/access/authentication_provider.rb', line 27 def return "Unable to " + case request.request_method when 'GET' then "read" when 'POST','PATCH','PUT' then "write" when 'DELETE' then "delete" else "perform action" end end |
#fail_request(req) ⇒ Object
72 73 74 75 76 77 78 |
# File 'lib/lanes/access/authentication_provider.rb', line 72 def fail_request(req) Lanes.logger.warn request.env['HTTP_X_TESTING_USER'] Lanes.logger.warn "Unauthorized access attempted to #{req.url}" req.halt( 401, Oj.dump({ success:false, errors: {user: "Access Denied"}, message: "Access Denied" })) end |
#wrap_model_access(model, req, options = {}) ⇒ Object
62 63 64 65 66 67 68 69 70 |
# File 'lib/lanes/access/authentication_provider.rb', line 62 def wrap_model_access(model, req, = {}) if allowed_access_to?(model, ) ::Lanes::User.scoped_to(current_user) do | user | yield end else fail_request(req) end end |