Module: Turnstile::Authorization

Defined in:
lib/turnstile/authorization.rb

Constant Summary collapse

@@permissions =

Keep track of all permissions defined A permission is defined in the setup with such as:

privilege :manage do
 allows_to :create, :new
end

{}

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.find_permission(permission_name) ⇒ Object

Finds a permission Turnstile::Authorization.find_permission(:manage)



32
33
34
 
# File 'lib/turnstile/authorization.rb', line 32

def self.find_permission(permission_name)
  @@permissions[permission_name]
end

.read_config_fileObject

used in tests so far, to perform the setup



15
16
17
 
# File 'lib/turnstile/authorization.rb', line 15

def self.read_config_file
  require File.expand_path(File.dirname(__FILE__) + '/../../config/initializers/turnstile')
end

.resetObject

Used by tests to reset all configurations done



25
26
27
28
 
# File 'lib/turnstile/authorization.rb', line 25

def self.reset
  @@permissions = {}
  Role.clear
end

.setup(&block) ⇒ Object

Run the config file with all definitions



20
21
22
 
# File 'lib/turnstile/authorization.rb', line 20

def self.setup(&block)
  yield if block_given?    
end

Instance Method Details

#allows_to(*actions) ⇒ Object 



105
106
107
108
109
110
 
# File 'lib/turnstile/authorization.rb', line 105

def allows_to(*actions)
  @@permissions[@current_permission][:allow] ||= []
  actions.each do |action|
    @@permissions[@current_permission][:allow] << action
  end
end

#can(rules_set) ⇒ Object 



135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
 
# File 'lib/turnstile/authorization.rb', line 135

def can(rules_set)
  rules = []
  rules_set.keys.each do |permission|
    actions = Authorization.find_permission(permission)
    controller = rules_set[permission]
    if actions[:allow]
      actions[:allow].each do |action|
        rules << Rule.new(:action => action.to_s, :controller => controller.to_s, :allow => true, :active => true)
      end
    end
    if actions[:deny]
      actions[:deny].each do |action|
        rules << Rule.new(:action => action.to_s, :controller => controller.to_s, :allow => false, :active => true)
      end
    end
  end
  @current_role.merge_rules(rules)
end

#current_roleObject

Helper to get current_role TODO: Find a way to get the current_user role in a dynamic way This way like current_user.user_role is too hardcoded



84
85
86
87
 
# File 'lib/turnstile/authorization.rb', line 84

def current_role
  current_role = current_user ? Role.find(current_user.user_role.to_sym) : nil
  current_role ||= Role.default_role
end

#current_role=(role) ⇒ Object

Set the current_role



90
91
92
 
# File 'lib/turnstile/authorization.rb', line 90

def current_role=(role)
  current_role = role
end

#default_is(role_str) ⇒ Object

From setup defines the default role If the role is not found tries to define common names for guests The default role is used when there is no current role



40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
# File 'lib/turnstile/authorization.rb', line 40

def default_is(role_str)
  role = Role.find(role_str.to_sym)
  if !role
    role ||= Role.find(:guest)
    role ||= Role.find(:visitor)
    if !role
      Role.set_default_role(role)
    else
      Role.set_default_role(Role.first)
    end
  else
    Role.set_default_role(role)
  end
end

#default_roleObject

Returns the default role in this scope



77
78
79
 
# File 'lib/turnstile/authorization.rb', line 77

def default_role
  Role.default_role
end

#denies_to(*actions) ⇒ Object 



112
113
114
115
116
117
 
# File 'lib/turnstile/authorization.rb', line 112

def denies_to(*actions)
  @@permissions[@current_permission][:deny] ||= []
  actions.each do |action|
    @@permissions[@current_permission][:deny] << action
  end
end

#inherits(role) ⇒ Object 



130
131
132
133
 
# File 'lib/turnstile/authorization.rb', line 130

def inherits(role)
 parent = Role.find(role)
 parent ? @current_role.merge_rules(parent.rules) : @current_role.rules
end

#privilege(name, &block) ⇒ Object

Methods to define a permission

privilege :manage do
 allows_to :create, :new
 denies_to :destroy
end



99
100
101
102
103
 
# File 'lib/turnstile/authorization.rb', line 99

def privilege(name, &block)
  @current_permission = name
  @@permissions[@current_permission] = {}
  yield if block_given?
end

#role(role, &block) ⇒ Object

Methods to set a privilege(permission) to a role

role :admin do
 can :manage => :posts
 inherits :reader
end



124
125
126
127
128
 
# File 'lib/turnstile/authorization.rb', line 124

def role(role, &block)
  @current_role = Role.find(role)
  @current_role ||= Role.new(:name => role, :rules => [])
  yield if block_given?
end

#verify_role_permissions!Object

Method used in each controller that requires authorization Actually it handles the requests performed by the controller and then check if the current_role id allowed to perfom the action



59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
 
# File 'lib/turnstile/authorization.rb', line 59

def verify_role_permissions!
  if request || request.params
    action = request.params[:action] ? request.params[:action] : nil
    controller = request.params[:controller] ? request.params[:controller] : nil
    if action and controller
      if !current_role.is_allowed_to? action, controller
        flash[:alert] = "Unauthorized action"
        redirect_to root_path
      end
    else
      redirect_to root_path  
    end
  else
    redirect_to root_path
  end
end