Class: Zuul::ActionController::DSL::Roles
Instance Attribute Summary
Attributes inherited from Base
#actions, #context, #default, #default_block_allow_rules, #default_block_deny_rules, #force_context, #mode, #permissions, #results, #roles, #scope, #subject_method
Instance Method Summary
collapse
Methods inherited from Actionable
#all, #allow?, #deny?
Methods inherited from Base
#all_actions, #all_permissions, #all_roles, #allow_permissions, #allow_roles, #anyone, #authorized?, #collect_results, #contextual_permission, #contextual_role, #deny_permissions, #deny_roles, #execute, #logged_in, #logged_out, #options, #parse_context, #set_options, #subject
Instance Method Details
#allow(*actions) ⇒ Object
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
# File 'lib/zuul/action_controller/dsl/roles.rb', line 9
def allow(*actions)
log_timer_start = Time.now.to_f
actions = actions[0] if actions.length == 1 && actions[0].is_a?(Array)
actions.concat(@actions)
return if @roles.empty? || actions.empty?
if actions.map(&:to_sym).include?(@controller.params[:action].to_sym)
@roles.each do |role|
if (role == logged_out && subject.nil?) ||
(role == logged_in && !subject.nil?)
@results << true
return
end
next if subject.nil?
if allow?(role)
logger.debug " \e[1;33mACL (#{((Time.now.to_f - log_timer_start) * 1000.0).round(1)}ms)\e[0m \e[1mMATCH\e[0m for \e[32mallow\e[0m role \e[1m#{role.is_a?(subject.auth_scope(@scope).role_class) ? "#{role.slug}[#{role.context.to_s}]" : role}\e[0m"
@results << true
return
end
logger.debug " \e[1;33mACL (#{((Time.now.to_f - log_timer_start) * 1000.0).round(1)}ms)\e[0m \e[1mNO MATCH\e[0m for \e[32mallow\e[0m role \e[1m#{role.is_a?(subject.auth_scope(@scope).role_class) ? "#{role.slug}[#{role.context.to_s}]" : role}\e[0m"
end
end
end
|
#deny(*actions) ⇒ Object
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
# File 'lib/zuul/action_controller/dsl/roles.rb', line 34
def deny(*actions)
log_timer_start = Time.now.to_f
actions = actions[0] if actions.length == 1 && actions[0].is_a?(Array)
actions.concat(@actions)
return if @roles.empty? || actions.empty?
if actions.map(&:to_sym).include?(@controller.params[:action].to_sym)
@roles.each do |role|
if (role == logged_out && subject.nil?) ||
(role == logged_in && !subject.nil?)
@results << false
return
end
next if subject.nil?
if deny?(role)
logger.debug " \e[1;33mACL (#{((Time.now.to_f - log_timer_start) * 1000.0).round(1)}ms)\e[0m \e[1mMATCH\e[0m for \e[31mdeny\e[0m role \e[1m#{role.is_a?(subject.auth_scope(@scope).role_class) ? "#{role.slug}[#{role.context.to_s}]" : role}\e[0m"
@results << false
return
end
logger.debug " \e[1;33mACL (#{((Time.now.to_f - log_timer_start) * 1000.0).round(1)}ms)\e[0m \e[1mNO MATCH\e[0m for \e[31mdeny\e[0m role \e[1m#{role.is_a?(subject.auth_scope(@scope).role_class) ? "#{role.slug}[#{role.context.to_s}]" : role}\e[0m"
end
end
end
|
#match?(role) ⇒ Boolean
5
6
7
|
# File 'lib/zuul/action_controller/dsl/roles.rb', line 5
def match?(role)
(@or_higher && subject.auth_scope(@scope, @context, @force_context) { |context, force_context| has_role_or_higher?(role, context.to_context, force_context) }) || (!@or_higher && subject.auth_scope(@scope, @context, @force_context) { |context, force_context| has_role?(role, context.to_context, force_context) })
end
|
#or_higher(&block) ⇒ Object
59
60
61
62
63
64
65
|
# File 'lib/zuul/action_controller/dsl/roles.rb', line 59
def or_higher(&block)
opts = options.merge(:or_higher => true)
dsl = self.class.new(@controller, opts)
dsl.instance_eval(&block) if block_given?
@results.concat dsl.results
end
|