Module: Operations::Enforcer

Defined in:

lib/operations/enforcer.rb

Class Method Summary

• .application_actions ⇒ Object
• .check_for_pattern(rule, value) ⇒ Object
• .default_operation ⇒ Object
• .enforce(controller, action, user) ⇒ Object
• .get_operation(controller, action) ⇒ Object

Class Method Details

.application_actions ⇒ Object

# File 'lib/operations/enforcer.rb', line 11

def application_actions

end

.check_for_pattern(rule, value) ⇒ Object

# File 'lib/operations/enforcer.rb', line 15

def check_for_pattern(rule, value)
  rule = rule.to_s; value = value.to_s
  value_ok = rule.nil? \
        || rule == '*' \
        || rule.to_s == value.to_s
  unless value_ok
    rule = rule.to_s
    if rule.include?('*')
      regex = Operations::Utils.parse_to_regex(rule)
      value_ok = regex === value
    end
  end
  value_ok
end

.default_operation ⇒ Object

# File 'lib/operations/enforcer.rb', line 4

def default_operation
  Operations::Operation.new do |operation|
    operation.name = :default_enforced_operation
    operation.scope = :admin
  end
end

.enforce(controller, action, user) ⇒ Object

# File 'lib/operations/enforcer.rb', line 39

def enforce(controller, action, user)
  operation = get_operation(controller, action)

  if operation == :nobody
    raise Operations::Errors::NotAuthorizedError.new(operation, 'no one is allowed to execute this action!')
  end

  return if operation == :all

  if user.nil?
    # Check if we are not already on the sign in page
    sign_in_path = Operations::Config.get_sign_in_path
    if sign_in_path && sign_in_path[:controller] && sign_in_path[:action]
      return if sign_in_path[:controller].to_s == controller.to_s \
          && sign_in_path[:action].to_s == action.to_s
    end

    # Case 1: There is no user and the operation was found
    raise Operations::Errors::NotLoggedInError.new(operation)
  end

  # Case 2: The operation was found
  if operation
    unless operation.accepts_scope? user.named_scope
      raise Operations::Errors::NotAuthorizedError.new(operation, 'insufficient privileges')
    else
      warn "Access granted for User##{user.id} (#{controller}:#{action})"; return
    end
  end
end

.get_operation(controller, action) ⇒ Object

# File 'lib/operations/enforcer.rb', line 30

def get_operation(controller, action)
  result = Operations::Config.enforcements.select do |rule|
    check_for_pattern(rule[:controller], controller) && check_for_pattern(rule[:action], action)
  end
  rule = result[0]
  return default_operation if rule.nil?
  Operations.from_string(rule[:operation])
end