Class: HaveAPI::Authorization

Inherits:

Object

• Object
• HaveAPI::Authorization

Defined in:

lib/haveapi/authorization.rb

Instance Method Summary

• #allow ⇒ Object
• #authorized?(user) ⇒ Boolean

  Returns true if user is authorized.

• #deny ⇒ Object
• #filter_input(input, params) ⇒ Object
• #filter_output(output, params, format = false) ⇒ Object
• #initialize(&block) ⇒ Authorization constructor

  A new instance of Authorization.

• #input(whitelist: nil, blacklist: nil) ⇒ Object

  Restrict parameters client can set/change.

• #output(whitelist: nil, blacklist: nil) ⇒ Object

  Restrict parameters client can retrieve.

• #restrict(*args) ⇒ Object

  Apply restrictions on query which selects objects from database.

• #restrictions ⇒ Object

Constructor Details

#initialize(&block) ⇒ Authorization

Returns a new instance of Authorization.

# File 'lib/haveapi/authorization.rb', line 3

def initialize(&block)
  @block = block
end

Instance Method Details

#allow ⇒ Object

# File 'lib/haveapi/authorization.rb', line 44

def allow
  throw(:rule, true)
end

#authorized?(user) ⇒ Boolean

Returns true if user is authorized. Block must call allow to authorize user, default rule is deny.

Returns:

• (Boolean)

# File 'lib/haveapi/authorization.rb', line 9

def authorized?(user)
  @restrict = []

  catch(:rule) do
    instance_exec(user, &@block) if @block
    deny # will not be called if block throws allow
  end
end

#deny ⇒ Object

# File 'lib/haveapi/authorization.rb', line 48

def deny
  throw(:rule, false)
end

#filter_input(input, params) ⇒ Object

# File 'lib/haveapi/authorization.rb', line 62

def filter_input(input, params)
  filter_inner(input, @input, params, false)
end

#filter_output(output, params, format = false) ⇒ Object

# File 'lib/haveapi/authorization.rb', line 66

def filter_output(output, params, format = false)
  filter_inner(output, @output, params, format)
end

#input(whitelist: nil, blacklist: nil) ⇒ Object

Restrict parameters client can set/change.

whitelist

allow only listed parameters

blacklist

allow all parameters except listed ones

# File 'lib/haveapi/authorization.rb', line 27

def input(whitelist: nil, blacklist: nil)
  @input = {
      whitelist: whitelist,
      blacklist: blacklist,
  }
end

#output(whitelist: nil, blacklist: nil) ⇒ Object

Restrict parameters client can retrieve.

whitelist

allow only listed parameters

blacklist

allow all parameters except listed ones

# File 'lib/haveapi/authorization.rb', line 37

def output(whitelist: nil, blacklist: nil)
  @output = {
      whitelist: whitelist,
      blacklist: blacklist,
  }
end

#restrict(*args) ⇒ Object

Apply restrictions on query which selects objects from database. Most common usage is restrict user to access only objects he owns.

# File 'lib/haveapi/authorization.rb', line 20

def restrict(*args)
  @restrict << args.first
end

#restrictions ⇒ Object

# File 'lib/haveapi/authorization.rb', line 52

def restrictions
  ret = {}

  @restrict.each do |r|
    ret.update(r)
  end

  ret
end