Module: AuthorizeIf

Defined in:

lib/authorize_if.rb,
lib/authorize_if/errors.rb,
lib/authorize_if/version.rb

Overview

Provides a set of methods to handle authorization scenarios. It is included to ActionController::Base on load.

Defined Under Namespace

Classes: MissingAuthorizationRuleError, NotAuthorizedError

Constant Summary

VERSION =

"0.0.2"

Instance Method Summary

• #authorize(*args, &block) ⇒ Object

  Accepts any arguments and configuration block.

• #authorize_if(rule, &block) {|exception| ... } ⇒ Boolean

  Evaluates given object as boolean.

Instance Method Details

#authorize(*args, &block) ⇒ Object

Accepts any arguments and configuration block. Calls corresponding authorization rule method with given arguments, except block.

Then calls ‘#authorize_if` with the returning value of corresponding authorization rule as first argument, and with given configuration block.

Examples:

class ArticlesController
  def index
    authorize
    # => true

    ...
  end

  def edit
    @article = Article.find(params[:id])

    authorize(@article) do |exception|
      exception.message = "You are not authorized!"
      exception.context[:request_ip] = "192.168.1.1"
      exception.context[:user_agent] = "Gecko"
    end
    # => AuthorizeIf::NotAuthorizedError: You are not authorized!

  rescue AuthorizeIf::NotAuthorizedError => e
    e.message
    # => "You are not authorized!"

    e.context[:request_ip]
    # => "192.168.1.1"

    e.context[:user_agent]
    # => "Gecko"
  end

  def destroy
    authorize
    # => AuthorizeIf::MissingAuthorizationRuleError: No authorization
      rule defined for action articles#destroy. Please define
      method #authorize_destroy? for ArticlesController

    ...
  end

  private

  def authorize_index?
    current_user.present?
  end

  def authorize_edit?(article)
    article.author == current_user
  end
end

Parameters:

• *args —

  Any arguments, which will be given to corresponding authorization rule.

• block (Proc) —

  The exception customization block. See ‘#authorize_if` for complete list of customization methods.

# File 'lib/authorize_if.rb', line 137

def authorize(*args, &block)
  rule_method_name = "authorize_#{action_name}?"

  unless self.respond_to?(rule_method_name, true)
    msg = [
      "No authorization rule defined for action",
      "#{controller_name}##{action_name}.",
      "Please define method ##{rule_method_name} for",
      self.class.name
    ].join(' ')

    raise(MissingAuthorizationRuleError, msg)
  end

  authorize_if(self.send(rule_method_name, *args), &block)
end

#authorize_if(rule, &block) {|exception| ... } ⇒ Boolean

Evaluates given object as boolean. Returns ‘true’ if object evaluates to ‘true’. Raises ‘AuthorizeIf::NotAuthorizedError` if object evaluates to ’false’.

Also accepts block and yields it with ‘AuthorizeIf::NotAuthorizedError` exception object. Behavior can be customized by calling methods on exception object.

Examples:

class ArticlesController
  def index
    authorize_if current_user
    # => true

    ...
  end

  def edit
    @article = Article.find(params[:id])

    authorize_if @article.authors.include?(current_user) do |exception|
      exception.message = "You are not authorized!"
      exception.context[:request_ip] = "192.168.1.1"
      exception.context[:user_agent] = "Gecko"
    end
    # => AuthorizeIf::NotAuthorizedError: You are not authorized!

  rescue AuthorizeIf::NotAuthorizedError => e
    e.message
    # => "You are not authorized!"

    e.context[:request_ip]
    # => "192.168.1.1"

    e.context[:user_agent]
    # => "Gecko"
  end
end

Parameters:

• rule (Object) —

  The authorization rule. Any “truthy” or “falsey” Ruby object.

• block (Proc) —

  The customization block. Supported customization methods:

  `message=` - error message, which will be raisedalong
               with `AuthorizeIf::NotAuthorizedError` exception.
  
  `context` - a key-value store(plain Ruby hash), which will be
               passed along with `AuthorizeIf::NotAuthorizedError`
               exception object, as an object attribute.
  

Yields:

• (exception)

Returns:

• (Boolean) —

  Returns ‘true’ if given object evaluates to ‘true’.

Raises:

• (AuthorizeIf::NotAuthorizedError) —

  Raised if given object evaluates to ‘false’.

# File 'lib/authorize_if.rb', line 65

def authorize_if(rule, &block)
  return true if !!rule

  exception = NotAuthorizedError.exception
  yield(exception) if block
  raise(exception, exception.instance_variable_get(:@message))
end