Module: SimonSays::Authorizer::ClassMethods

Defined in:
lib/simon_says/authorizer.rb

Instance Method Summary collapse

Instance Method Details

#action_options(options) ⇒ Object

Extract before_action options from Hash

Parameters:

  • options (Hash)

    input options hash

  • options (Symbol)

    :expect before_action expect option

  • options (Symbol)

    :only before_action only option

  • options (Symbol)

    :prepend before_action prepend option



113
114
115
# File 'lib/simon_says/authorizer.rb', line 113

def action_options(options)
  { except: options.delete(:except), only: options.delete(:only), prepend: options.delete(:prepend) }
end

#authenticate(scope, opts = {}) ⇒ Object

Authentication convenience method (to keep things declarative). This method just setups a before_action

Examples:

Authentication user scope

authenticate :user, expect: :index

Parameters:

  • scope (Symbol, String)

    corresponds to some sort of authentication scope (ie: authenticate_user!)

  • opts (Hash) (defaults to: {})

    before_action options



27
28
29
# File 'lib/simon_says/authorizer.rb', line 27

def authenticate(scope, opts = {})
  before_action :"authenticate_#{scope}!", action_options(opts)
end

#authorize_resource(resource, *roles) ⇒ Object

Authorize against a given resource

Examples:

Authorize resource

authorize_resource :admin, :support

Parameters:

  • resource (Symbol, String)

    name of resource to find

  • roles (Array<Symbol, String>)

    one or more role symbols or strings

  • opts (Hash)

    before_action options



98
99
100
101
102
103
104
# File 'lib/simon_says/authorizer.rb', line 98

def authorize_resource(resource, *roles)
  opts = roles.extract_options!

  before_action action_options(opts) do
    authorize roles, { resource: resource }
  end
end

#find_and_authorize(resource, *roles) ⇒ Object

Find and authorize a resource.

Parameters:

  • resource (Symbol, String)

    name of resource to find

  • roles (Array<Symbol, String>)

    one or more role symbols or strings

  • opts (Hash)

    before_action and finder options

  • opts (Symbol)

    :from corresponds to an instance variable or method that returns an ActiveRecord scope or model instance. If the object respond_to? to the pluralized resource name it is called and used as the finder scope. This makes it easy to handle finding resource through associations.

  • opts (Symbol)

    :find_attribute attribute resource is found by; by default, :id is used

  • opts (Symbol)

    :param_key params key for resource query; by default, :id is used

  • opts (Symbol)

    :through through model to use when finding resource

  • opts (Symbol)

    :namespace resource namespace

See Also:



48
49
50
51
52
53
54
55
56
# File 'lib/simon_says/authorizer.rb', line 48

def find_and_authorize(resource, *roles)
  opts = roles.extract_options!

  before_action(action_options(opts)) do
    find_resource resource, opts

    authorize roles, opts unless roles.empty?
  end
end

#find_resource(resource, opts = {}) ⇒ Object

Find a resource

Examples:

Find with a :through option

find_and_authorize :document, :create, :update :publish, through: :memberships

Find and authorize with a :from option

# +@site.pages+ would be finder scope and is treated like an association
find_and_authorize :page, from: :site

Find resource with a :find_attribute option

# the where clause is now +where(token: params[:id])+
find_resource :image, find_attribute: :token

Find a resource using a namespace

# Admin::Report is the class and query scope used
find_resource :report, namespace: :admin

Parameters:

  • resource (Symbol, String)

    name of resource to find

  • opts (Hash) (defaults to: {})

    before_action and finder options

  • opts (Symbol) (defaults to: {})

    :from corresponds to an instance variable or method that returns an ActiveRecord scope or model instance. If the object respond_to? to the pluralized resource name it is called and used as the finder scope. This makes it easy to handle finding resource through associations.

  • opts (Symbol) (defaults to: {})

    :find_attribute attribute resource is found by; by default, :id is used

  • opts (Symbol) (defaults to: {})

    :param_key params key for resource query; by default, :id is used

  • opts (Symbol) (defaults to: {})

    :through through model to use when finding resource

  • opts (Symbol) (defaults to: {})

    :namespace resource namespace



84
85
86
87
88
# File 'lib/simon_says/authorizer.rb', line 84

def find_resource(resource, opts = {})
  before_action action_options(opts) do
    find_resource resource, opts
  end
end