Class: AnnotationSecurity::Utils

Inherits:
Object
  • Object
show all
Defined in:
lib/annotation_security/utils.rb

Overview

lib/annotation_security/utils.rb

Provides some methods that are needed at several locations in the plug-in.

Constant Summary collapse

PREFIXES =

:nodoc:

/\A(may|is|can|has)_/
SUFFIXES = 
/(_(for|in|of|to)|\?)\Z/

Class Method Summary collapse

Class Method Details

.method_body(method) ⇒ Object

Removes pre- and suffixes from method, returns nil if no change was made.



15
16
17
18
 
# File 'lib/annotation_security/utils.rb', line 15

def self.method_body(method)
  body = method.to_s.gsub(PREFIXES,'').gsub(SUFFIXES,'')
  method.to_s == body ? nil : body
end

.parse_action_args(args) ⇒ Object

Returns controller, action, objects and parameters



82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
 
# File 'lib/annotation_security/utils.rb', line 82

def self.parse_action_args(args)
  controller = parse_controller(args.first)
  action = args.second.to_sym

  objects = args.third || []
  objects = [objects] unless objects.is_a? Array
  prepare_objects_resources(controller, objects)

  params = args.fourth || {}
  prepare_params_resources(controller, params)

  objects += params.values

  objects = objects.select { |o| o and o.__is_resource? }
  return [controller, action, objects, params]
end

.parse_controller(controller) ⇒ Object

Try to find the controller class from a name. Looks for [name](s)Controller.

parse_controller :welcome #=> WelcomeController
parse_controller :user # => UsersController



105
106
107
108
109
110
111
112
113
 
# File 'lib/annotation_security/utils.rb', line 105

def self.parse_controller(controller) # :nodoc:
  begin
    "#{controller.to_s.camelize}Controller".constantize
  rescue NameError
    "#{controller.to_s.pluralize.camelize}Controller".constantize
  end
rescue NameError
  raise NameError, "Controller '#{controller}' was not found"
end

.parse_description(description, allow_binding = false) ⇒ Object

Parses a description string

  • description description of a controller action

  • allow_binding if false, an exception is raised if the description

    contains a variable

Returns right, resource and binding



26
27
28
 
# File 'lib/annotation_security/utils.rb', line 26

def self.parse_description(description,allow_binding=false)
  ActionAnnotation::Utils.parse_description(description,allow_binding)
end

.parse_policy_arguments(args) ⇒ Object

Parses arguments provided to #apply_policy or #allowed? and returns

[:action, :resource_type, resource || nil], …

See SecurityContext#allowed? for details.

Each element of the result can be send to a policy using

policy_of_res_type.allowed?(rule, resource)

or

policy_of_res_type.static_policy.allowed?(rule, nil)

Raises ArgumentError if args could not be parsed.



42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
 
# File 'lib/annotation_security/utils.rb', line 42

def self.parse_policy_arguments(args)
  if args.first.is_a? String
    hash = AnnotationSecurity::Utils.parse_description(args.first)
  elsif args.first.is_a? Hash
    hash = args.first
  end
  if hash
    action = hash.delete(:action) || hash.delete('action')
    resource = hash.delete(:resource) || hash.delete('resource') || args.delete_at(1)
    unless resource.__is_resource?
      resource_type = resource
      resource = nil
    end
    resource_type ||= hash.delete(:resource_type) 
    resource_type ||= resource ? resource.resource_type : nil
    a = [action, resource_type]
    a << resource if resource
    args = a + args[1..-1]
  end

  args << :all_resources unless args.size > 1

  action, resource = args

  if resource.__is_resource?
    args = [action, resource.resource_type] + args[1..-1]
  end
#      if args.size > 2 && args.third == nil
#        raise ArgumentError, "Did not expect nil as resource"
#      end
  args
end

.parse_resource_arguments(args) ⇒ Object

returns resource type and resource object without action expects [resource object], [resource type], or both



77
78
79
 
# File 'lib/annotation_security/utils.rb', line 77

def self.parse_resource_arguments(args)
  parse_policy_arguments([:r]+args)[1..2]
end

.prepare_objects_resources(controller, objects) ⇒ Object

if there are non-resources in objects, use the values to get resources from the controllers default resource type



118
119
120
121
122
123
124
125
126
127
 
# File 'lib/annotation_security/utils.rb', line 118

def self.prepare_objects_resources(controller, objects)
  res_type = controller.default_resource
  objects.collect! do |o|
    if o.__is_resource?
      o
    else
      AnnotationSecurity::ResourceManager.get_resource(res_type, o)
    end
  end
end

.prepare_params_resources(controller, params) ⇒ Object

if there are non-resources in objects, use the values to get resources assuming the keys are the resource types (:id is defalut resource)



132
133
134
135
136
137
138
139
140
 
# File 'lib/annotation_security/utils.rb', line 132

def self.prepare_params_resources(controller, params)
  params.each do |k, v|
    unless v.__is_resource?
      res_type = k == :id ? controller.default_resource : k
      v = AnnotationSecurity::ResourceManager.get_resource(res_type, v)
      params[k] = v
    end
  end
end