Class: Decidim::ActionAuthorizer

Inherits:

Object

• Object
• Decidim::ActionAuthorizer

Includes:

Wisper::Publisher

Defined in:

app/services/decidim/action_authorizer.rb

Overview

This class is used to authorize a user against an action in the context of a feature.

Defined Under Namespace

Classes: AuthorizationError, AuthorizationStatus

Instance Method Summary

• #authorize ⇒ Object

  Public: Broadcasts different events given the status of the authentication.

• #initialize(user, feature, action) ⇒ ActionAuthorizer constructor

  Initializes the ActionAuthorizer.

Constructor Details

#initialize(user, feature, action) ⇒ ActionAuthorizer

Initializes the ActionAuthorizer.

user - The user to authorize against. feature - The feature to authenticate against. action - The action to authenticate.

# File 'app/services/decidim/action_authorizer.rb', line 14

def initialize(user, feature, action)
  @user = user
  @feature = feature
  @action = action.to_s if action
end

Instance Method Details

#authorize ⇒ Object

Public: Broadcasts different events given the status of the authentication.

Broadcasts:

failed       - When no valid authorization can be found.
unauthorized - When an authorization was found, but didn't match the credentials.
incomplete   - An authorization was found, but lacks some required fields. User
               should re-authenticate.

Returns nil.

Raises:

• (AuthorizationError)

# File 'app/services/decidim/action_authorizer.rb', line 29

def authorize
  raise AuthorizationError, "Missing data" unless feature && action

  return status(:ok) unless authorization_handler_name

  return status(:missing, handler: authorization_handler_name) unless authorization
  return status(:invalid, handler: authorization_handler_name, fields: unmatched_fields) if unmatched_fields.any?
  return status(:incomplete, handler: authorization_handler_name, fields: missing_fields) if missing_fields.any?

  status(:ok)
end