Module: SimonSays::Authorizer::ClassMethods

Defined in:
lib/simon_says/authorizer.rb

Instance Method Summary collapse

Instance Method Details

#action_options(options) ⇒ Object

Extract before_action options from Hash



113
114
115
# File 'lib/simon_says/authorizer.rb', line 113

def action_options(options)
  { except: options.delete(:except), only: options.delete(:only), prepend: options.delete(:prepend) }
end

#authenticate(scope, opts = {}) ⇒ Object

Authentication convenience method (to keep things declarative). This method just setups a before_action

Examples:

Authentication user scope

authenticate :user, expect: :index


27
28
29
# File 'lib/simon_says/authorizer.rb', line 27

def authenticate(scope, opts = {})
  before_action :authenticate_#{scope}!", action_options(opts)
end

#authorize_resource(resource, *roles) ⇒ Object

Authorize against a given resource

Examples:

Authorize resource

authorize_resource :admin, :support


98
99
100
101
102
103
104
# File 'lib/simon_says/authorizer.rb', line 98

def authorize_resource(resource, *roles)
  opts = roles.extract_options!

  before_action action_options(opts) do
    authorize roles, { resource: resource }
  end
end

#find_and_authorize(resource, *roles) ⇒ Object

Find and authorize a resource.



48
49
50
51
52
53
54
55
56
# File 'lib/simon_says/authorizer.rb', line 48

def find_and_authorize(resource, *roles)
  opts = roles.extract_options!

  before_action(action_options(opts)) do
    find_resource resource, opts

    authorize roles, opts unless roles.empty?
  end
end

#find_resource(resource, opts = {}) ⇒ Object

Find a resource

Examples:

Find with a :through option

find_and_authorize :document, :create, :update :publish, through: :memberships

Find and authorize with a :from option

# +@site.pages+ would be finder scope and is treated like an association
find_and_authorize :page, from: :site

Find resource with a :find_attribute option

# the where clause is now +where(token: params[:id])+
find_resource :image, find_attribute: :token

Find a resource using a namespace

# Admin::Report is the class and query scope used
find_resource :report, namespace: :admin


84
85
86
87
88
# File 'lib/simon_says/authorizer.rb', line 84

def find_resource(resource, opts = {})
  before_action action_options(opts) do
    find_resource resource, opts
  end
end