Class: Zuul::ActionController::DSL::Base

Inherits:

Object

• Object
• Zuul::ActionController::DSL::Base

Defined in:

lib/zuul/action_controller/dsl/base.rb

Direct Known Subclasses

Actionable, Actions

Instance Attribute Summary

• #actions(*actions, &block) ⇒ Object readonly

  Returns the value of attribute actions.

• #context(ctxt, &block) ⇒ Object readonly

  Returns the value of attribute context.

• #default ⇒ Object readonly

  Returns the value of attribute default.

• #default_block_allow_rules ⇒ Object readonly

  Returns the value of attribute default_block_allow_rules.

• #default_block_deny_rules ⇒ Object readonly

  Returns the value of attribute default_block_deny_rules.

• #force_context(flag = true, &block) ⇒ Object readonly

  Returns the value of attribute force_context.

• #mode ⇒ Object readonly

  Returns the value of attribute mode.

• #permissions(*allowed, &block) ⇒ Object readonly

  Returns the value of attribute permissions.

• #results ⇒ Object readonly

  Returns the value of attribute results.

• #roles(*allowed, &block) ⇒ Object readonly

  Returns the value of attribute roles.

• #scope(scope, &block) ⇒ Object readonly

  Returns the value of attribute scope.

• #subject_method ⇒ Object readonly

  Returns the value of attribute subject_method.

Instance Method Summary

• #all_actions ⇒ Object
• #all_permissions(context = false) ⇒ Object
• #all_roles(context = false) ⇒ Object
• #allow_permissions(*allowed) ⇒ Object (also: #allow_permission)
• #allow_roles(*allowed) ⇒ Object (also: #allow_role, #allow)
• #anyone ⇒ Object
• #authorized? ⇒ Boolean
• #collect_results ⇒ Object
• #contextual_permission(slug, context = false) ⇒ Object (also: #permission)
• #contextual_role(slug, context = false) ⇒ Object (also: #role)
• #deny_permissions(*denied) ⇒ Object (also: #deny_permission)
• #deny_roles(*denied) ⇒ Object (also: #deny_role, #deny)
• #execute(&block) ⇒ Object
• #logged_in ⇒ Object
• #logged_out ⇒ Object (also: #anonymous)
• #options ⇒ Object
• #parse_context(context = nil) ⇒ Object
• #set_options(opts) ⇒ Object (also: #configure)
• #subject ⇒ Object

Instance Attribute Details

#actions(*actions, &block) ⇒ Object (readonly)

Returns the value of attribute actions.

# File 'lib/zuul/action_controller/dsl/base.rb', line 5

def actions
  @actions
end

#context(ctxt, &block) ⇒ Object (readonly)

Returns the value of attribute context.

# File 'lib/zuul/action_controller/dsl/base.rb', line 5

def context
  @context
end

#default ⇒ Object (readonly)

Returns the value of attribute default.

# File 'lib/zuul/action_controller/dsl/base.rb', line 5

def default
  @default
end

#default_block_allow_rules ⇒ Object (readonly)

Returns the value of attribute default_block_allow_rules.

# File 'lib/zuul/action_controller/dsl/base.rb', line 5

def default_block_allow_rules
  @default_block_allow_rules
end

#default_block_deny_rules ⇒ Object (readonly)

Returns the value of attribute default_block_deny_rules.

# File 'lib/zuul/action_controller/dsl/base.rb', line 5

def default_block_deny_rules
  @default_block_deny_rules
end

#force_context(flag = true, &block) ⇒ Object (readonly)

Returns the value of attribute force_context.

# File 'lib/zuul/action_controller/dsl/base.rb', line 5

def force_context
  @force_context
end

#mode ⇒ Object (readonly)

Returns the value of attribute mode.

# File 'lib/zuul/action_controller/dsl/base.rb', line 5

def mode
  @mode
end

#permissions(*allowed, &block) ⇒ Object (readonly)

Returns the value of attribute permissions.

# File 'lib/zuul/action_controller/dsl/base.rb', line 5

def permissions
  @permissions
end

#results ⇒ Object (readonly)

Returns the value of attribute results.

# File 'lib/zuul/action_controller/dsl/base.rb', line 5

def results
  @results
end

#roles(*allowed, &block) ⇒ Object (readonly)

Returns the value of attribute roles.

# File 'lib/zuul/action_controller/dsl/base.rb', line 5

def roles
  @roles
end

#scope(scope, &block) ⇒ Object (readonly)

Returns the value of attribute scope.

# File 'lib/zuul/action_controller/dsl/base.rb', line 5

def scope
  @scope
end

#subject_method ⇒ Object (readonly)

Returns the value of attribute subject_method.

# File 'lib/zuul/action_controller/dsl/base.rb', line 5

def subject_method
  @subject_method
end

Instance Method Details

#all_actions ⇒ Object

# File 'lib/zuul/action_controller/dsl/base.rb', line 96

def all_actions
  @controller.class.action_methods.select { |act| !act.match(/^_callback_before_[\d]*$/) }.map(&:to_sym)
end

#all_permissions(context = false) ⇒ Object

# File 'lib/zuul/action_controller/dsl/base.rb', line 126

def all_permissions(context=false)
  return [] if subject.nil?
  context = (context == false) ? @context : parse_context(context)
  found_permissions = subject.auth_scope(@scope).permission_class.where(:context_type => context.type, :context_id => context.id).to_a
  found_permissions.concat(subject.auth_scope(@scope).permission_class.where(:context_type => context.type, :context_id => nil).to_a) unless context.id.nil?
  found_permissions.concat(subject.auth_scope(@scope).permission_class.where(:context_type => nil, :context_id => nil).to_a) unless context.type.nil?
  found_permissions
end

#all_roles(context = false) ⇒ Object

# File 'lib/zuul/action_controller/dsl/base.rb', line 117

def all_roles(context=false)
  return [] if subject.nil?
  context = (context == false) ? @context : parse_context(context)
  found_roles = subject.auth_scope(@scope).role_class.where(:context_type => context.type, :context_id => context.id).to_a
  found_roles.concat(subject.auth_scope(@scope).role_class.where(:context_type => context.type, :context_id => nil).to_a) unless context.id.nil?
  found_roles.concat(subject.auth_scope(@scope).role_class.where(:context_type => nil, :context_id => nil).to_a) unless context.type.nil?
  found_roles
end

#allow_permissions(*allowed) ⇒ Object Also known as: allow_permission

# File 'lib/zuul/action_controller/dsl/base.rb', line 71

def allow_permissions(*allowed)
  allowed = allowed[0] if allowed.length == 1 && allowed[0].is_a?(Array)
  permissions *allowed do
    allow *@actions
  end
end

#allow_roles(*allowed) ⇒ Object Also known as: allow_role, allow

# File 'lib/zuul/action_controller/dsl/base.rb', line 62

def allow_roles(*allowed)
  allowed = allowed[0] if allowed.length == 1 && allowed[0].is_a?(Array)
  roles *allowed do
    allow *@actions
  end
end

#anyone ⇒ Object

# File 'lib/zuul/action_controller/dsl/base.rb', line 113

def anyone
  [logged_in, logged_out]
end

#authorized? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/zuul/action_controller/dsl/base.rb', line 223

def authorized?
  if @default == :deny
    !(@results.empty? || @results.any? { |result| result == false })
  else
    (@results.empty? || !@results.all? { |result| result == false })
  end
end

#collect_results ⇒ Object

# File 'lib/zuul/action_controller/dsl/base.rb', line 231

def collect_results
  @results = [authorized?]
end

#contextual_permission(slug, context = false) ⇒ Object Also known as: permission

# File 'lib/zuul/action_controller/dsl/base.rb', line 142

def contextual_permission(slug, context=false)
  return nil if subject.nil?
  context = (context == false) ? @context : parse_context(context)
  return subject.auth_scope(@scope) { target_permission(slug, context.to_context) }
end

#contextual_role(slug, context = false) ⇒ Object Also known as: role

# File 'lib/zuul/action_controller/dsl/base.rb', line 135

def contextual_role(slug, context=false)
  return nil if subject.nil?
  context = (context == false) ? @context : parse_context(context)
  return subject.auth_scope(@scope) { target_role(slug, context.to_context) }
end

#deny_permissions(*denied) ⇒ Object Also known as: deny_permission

# File 'lib/zuul/action_controller/dsl/base.rb', line 88

def deny_permissions(*denied)
  denied = denied[0] if denied.length == 1 && denied[0].is_a?(Array)
  permissions *denied do
    deny *@actions
  end
end

#deny_roles(*denied) ⇒ Object Also known as: deny_role, deny

# File 'lib/zuul/action_controller/dsl/base.rb', line 79

def deny_roles(*denied)
  denied = denied[0] if denied.length == 1 && denied[0].is_a?(Array)
  roles *denied do
    deny *@actions
  end
end

#execute(&block) ⇒ Object

# File 'lib/zuul/action_controller/dsl/base.rb', line 190

def execute(&block)
  log_timer_start = Time.now.to_f
  if block_given?
    instance_eval(&block)
  else
    instance_eval do
      [:allow, :deny].each do |auth_type|
        auth_opts = instance_variable_get("@default_block_#{auth_type.to_s}_rules")
        next if auth_opts.nil?
        
        auth_actions = @actions
        auth_opts[:actions] = [auth_opts[:actions]] if auth_opts.has_key?(:actions) && !auth_opts[:actions].is_a?(Array)
        if !auth_opts.has_key?(:actions) || auth_opts[:actions].empty?
          auth_actions << @controller.params[:action].to_sym if auth_actions.empty?
        else
          auth_actions.concat(auth_opts[:actions])
        end
        
        actions auth_actions do
          [:roles, :permissions].each do |allowable_type|
            if auth_opts.has_key?(allowable_type)
              send "#{auth_type.to_s}_#{allowable_type.to_s}", auth_opts[allowable_type]
            end
          end
        end
      end
    end
  end
  # only collect results if configured & there are more filters in the chain
  logger.debug "  \e[1;34mACL (#{((Time.now.to_f - log_timer_start) * 1000.0).round(1)}ms)\e[0m  #{(authorized? ? "\e[1;32mALLOWED\e[0m" : "\e[1;31mDENIED\e[0m")} using \e[1m#{@default.to_s.upcase}\e[0m [#{results.map { |r| "\e[#{(r ? "32mallow" : "31mdeny")}\e[0m" }.join(",")}]"
  collect_results if @collect_results && @controller.class.acl_filters.length > 0
end

#logged_in ⇒ Object

# File 'lib/zuul/action_controller/dsl/base.rb', line 109

def logged_in
  :_zuul_logged_in
end

#logged_out ⇒ Object Also known as: anonymous

# File 'lib/zuul/action_controller/dsl/base.rb', line 104

def logged_out
  :_zuul_logged_out
end

#options ⇒ Object

# File 'lib/zuul/action_controller/dsl/base.rb', line 149

def options
  {
    :default => @default,
    :actions => @actions.clone,
    :roles => @roles.clone,
    :permissions => @permissions.clone,
    :context => @context.clone,
    :force_context => @force_context,
    :subject_method => @subject_method,
    :scope => @scope,
    :mode => @mode,
    :collect_results => @collect_results,
    :allow => (@default_block_allow_rules.nil? ? @default_block_allow_rules : @default_block_allow_rules.clone),
    :deny => (@default_block_deny_rules.nil? ? @default_block_deny_rules : @default_block_deny_rules.clone),
  }
end

#parse_context(context = nil) ⇒ Object

# File 'lib/zuul/action_controller/dsl/base.rb', line 178

def parse_context(context=nil)
  if context.is_a?(String) || context.is_a?(Symbol)
    if context.to_s.match(/^@.*$/)
      context = @controller.send(:instance_variable_get, context)
    elsif @controller.respond_to?(context.to_sym)
      context = @controller.send(context)
    end
  end

  Zuul::Context.parse(context)
end

#set_options(opts) ⇒ Object Also known as: configure

# File 'lib/zuul/action_controller/dsl/base.rb', line 166

def set_options(opts)
  [:default, :actions, :roles, :permissions, :force_context, :mode, :collect_results, :subject_method, :scope].each do |key|
    instance_variable_set "@#{key.to_s}", opts[key] if opts.has_key?(key)
  end
  [:allow, :deny].each do |key|
    instance_variable_set "@default_block_#{key.to_s}_rules", opts[key] if opts.has_key?(key)
  end
  @context = parse_context(opts[:context]) if opts.has_key?(:context)
  self
end

#subject ⇒ Object

# File 'lib/zuul/action_controller/dsl/base.rb', line 100

def subject
  @controller.send(@subject_method)
end