Module: CubaApi::Guard

Defined in:
lib/cuba_api/guard.rb

Defined Under Namespace

Modules: ClassMethods

Instance Method Summary collapse

Instance Method Details

#allowed_associationsObject 



51
52
53
 
# File 'lib/cuba_api/guard.rb', line 51

def allowed_associations
  guard.associations( @_context, @_method )
end

#current_groupsObject 



47
48
49
 
# File 'lib/cuba_api/guard.rb', line 47

def current_groups
  current_user.groups
end

#on_associationObject 



69
70
71
72
73
74
75
76
77
78
79
 
# File 'lib/cuba_api/guard.rb', line 69

def on_association
  on :association do |association|
    # TODO one method in guard
    asso = guard.permissions( @_context ).associations
    if asso.empty? or asso.include?( association )
      yield( association )
    else
      no_body :forbidden 
    end
  end
end

#on_context(name, &block) ⇒ Object 



55
56
57
58
59
60
61
62
63
64
65
66
67
 
# File 'lib/cuba_api/guard.rb', line 55

def on_context( name, &block )
  perm = guard.permissions( name )
  if perm && perm.parent &&
      perm.parent.resource !=  @_context
    raise 'parent resource is not guarded'
  end
  on name do
    old = @_context
    @_context = name
    yield( *captures )
    @_context = old
  end
end

#on_guard(method, *args) ⇒ Object 



81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
 
# File 'lib/cuba_api/guard.rb', line 81

def on_guard( method, *args)
  args.insert( 0, send( method ) )
  on *args do
    
    @_method = method
    
    warn "[CubaApi::Guard] check #{method.to_s.upcase} #{@_context}: #{guard.allow?( @_context, method )}"
    # TODO guard needs no association here
    if guard.allow?( @_context, method, (allowed_associations || []).first )
      
      yield( *captures )
    else
      no_body :forbidden # 403
    end
  end
end