Module: Ruil::Authorizer
- Includes:
- Controller
- Defined in:
- lib/ruil/authorizer.rb
Overview
Authorizer allow us to define an ACL.
Access rules
Each access rule is composed by a pattern and a condition to check.
The next example shows a rule authorizing all requests mathing the path pattern ‘/foo/:bar’.
Ruil::Authorizer << '/foo/:bar'
The next example shows a rule authorizing only requests associated to logged users.
Ruil::Authorizer << '/foo/:bar', lambda { |r| not r.session[:user].nil? }
Reject action
By default rejected requests are redirected to ‘/login’. You can change that behavior:
Ruil::Authorizer.rejector lambda { |r| ok :text, 'Forbidden resource!' }
Constant Summary collapse
- @@rules =
Access rules.
{}
- @@rejector =
The action to respond when access is denegated.
lambda { |request| redirect(request, '/login') }
Class Method Summary collapse
-
.<<(patterns, condition = nil) ⇒ Object
Creates a new access rule.
-
.call(request, responder) ⇒ Object
Authorize access for an user.
-
.rejector(responder) ⇒ Object
Set the action to perform when access is denied.
Methods included from Controller
Class Method Details
.<<(patterns, condition = nil) ⇒ Object
Creates a new access rule.
36 37 38 39 40 41 42 43 44 45 46 |
# File 'lib/ruil/authorizer.rb', line 36 def self.<<(patterns, condition = nil) # Set the condition. condition = condition || lambda { |request| true } # Add this rule to the list case patterns when Array patterns.each { |p| @@rules[p] = condition } when String @@rules[patterns] = condition end end |
.call(request, responder) ⇒ Object
Authorize access for an user.
49 50 51 52 53 54 55 56 57 |
# File 'lib/ruil/authorizer.rb', line 49 def self.call(request, responder) unless ( rule = @@rules[request[:path_info_pattern]] ).nil? or rule.call(request) # Deny access. @rejector.call request else # Allow access responder.call request end end |
.rejector(responder) ⇒ Object
Set the action to perform when access is denied.
60 61 62 |
# File 'lib/ruil/authorizer.rb', line 60 def self.rejector(responder) @@rejector = responder end |