Module: Authorization::InstanceMethods

Defined in:

lib/base_auth.rb

Instance Method Summary

• #allow(conditions) ⇒ Object
• #allow!(conditions) ⇒ Object
• #allow?(conditions) ⇒ Boolean
• #deny(conditions) ⇒ Object
• #deny!(conditions) ⇒ Object
• #deny?(conditions) ⇒ Boolean
• #eval_authorization_conditions(conditions, user_for_auth) ⇒ Object
• #invoke_permission_denied_action(config) ⇒ Object

Instance Method Details

#allow(conditions) ⇒ Object

# File 'lib/base_auth.rb', line 75

def allow( conditions )
  if allow?( conditions )
    yield
  end
end

#allow!(conditions) ⇒ Object

# File 'lib/base_auth.rb', line 67

def allow!( conditions )
  invoke_permission_denied_action( conditions ) unless allow?( conditions )
end

#allow?(conditions) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/base_auth.rb', line 59

def allow?( conditions )
  eval_authorization_conditions( conditions )
end

#deny(conditions) ⇒ Object

# File 'lib/base_auth.rb', line 81

def deny( conditions )
  if deny?( conditions )
    yield
  end
end

#deny!(conditions) ⇒ Object

# File 'lib/base_auth.rb', line 71

def deny!( conditions )
  invoke_permission_denied_action( conditions ) unless deny?( conditions )
end

#deny?(conditions) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/base_auth.rb', line 63

def deny?( conditions )
  !eval_authorization_conditions( conditions )
end

#eval_authorization_conditions(conditions, user_for_auth) ⇒ Object

# File 'lib/base_auth.rb', line 27

def eval_authorization_conditions( conditions, user_for_auth )
  exec = conditions[:exec]
  if exec
    case exec.class.name
      when 'Symbol' then send(exec)
      when 'String' then eval(exec)
      when 'Proc'   then exec.call
      else
        raise ArgumentError( ":exec doesn't accept values of class #{exec.class.name}" )
    end
  elsif conditions[:user]
    if conditions[:user].is_a?( String )
      return user_for_auth.instance_eval conditions[:user]
    end
    o = conditions[:object] || controller_name.singularize.to_sym
    object = o.is_a?( Symbol ) ? eval("@#{o}") : o
    
    methods = conditions[:user]
    methods = [ methods ] if not methods.is_a?( Array )
    
    for method in methods
      if user_for_auth.respond_to?( method ) and
         user_for_auth.method( method ).arity == 0
        return true if user_for_auth.send( method )
      else
        return true if user_for_auth.send( method, object )
      end
    end
    return false
  end
end

#invoke_permission_denied_action(config) ⇒ Object

# File 'lib/base_auth.rb', line 87

def invoke_permission_denied_action( config )
  if config[:redirect_to]
    redirect_to config[:redirect_to]
  elsif config[:method]
    send( config[:method] )
  else
    raise Authorization::PermissionDenied.new( config[:message] )
  end
  false
end