Module: JunglePath::Authorization::Paths

Defined in:

lib/jungle_path/authorization/paths.rb

Class Method Summary

• .exact_match?(paths, request_path) ⇒ Boolean
• .is_authenticated_path?(request, route_access) ⇒ Boolean
• .is_open_path?(request, route_access) ⇒ Boolean
• .is_query_only_path?(request, current_auth) ⇒ Boolean
• .leading_segment_match?(paths, request_path) ⇒ Boolean

Class Method Details

.exact_match?(paths, request_path) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/jungle_path/authorization/paths.rb', line 52

def self.exact_match? paths, request_path
  return paths.include?(request_path) if paths
end

.is_authenticated_path?(request, route_access) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/jungle_path/authorization/paths.rb', line 23

def self.is_authenticated_path? request, route_access
  # Allowed paths for any authenticated user regardless of permissions or restrictions.
  if route_access
    if request.get? and route_access[:authenticated] and route_access[:authenticated][:get]
      return true if exact_match?(route_access[:authenticated][:get][:routes], request.path_info)
      return true if leading_segment_match?(route_access[:authenticated][:get][:routes_start_with], request.path_info)

    elsif request.put? and route_access[:authenticated] and route_access[:authenticated][:put]
      return true if exact_match?(route_access[:authenticated][:put][:routes], request.path_info)
      return true if leading_segment_match?(route_access[:authenticated][:put][:routes_start_with], request.path_info)

    elsif request.post? and route_access[:authenticated] and route_access[:authenticated][:post]
      return true if exact_match?(route_access[:authenticated][:post][:routes], request.path_info)
      return true if leading_segment_match?(route_access[:authenticated][:post][:routes_start_with], request.path_info)
    end
  end
  false
end

.is_open_path?(request, route_access) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/jungle_path/authorization/paths.rb', line 4

def self.is_open_path? request, route_access
  # Allowed paths for any user even if not authenticated. (But to get to this point they will have already been authenticated...)
  if route_access
    if request.get? and route_access[:public] and route_access[:public][:get]
      return true if exact_match?(route_access[:public][:get][:routes], request.path_info)
      return true if leading_segment_match?(route_access[:public][:get][:routes_start_with], request.path_info)

    elsif request.put? and route_access[:public] and route_access[:public][:put]
      return true if exact_match?(route_access[:public][:put][:routes], request.path_info)
      return true if leading_segment_match?(route_access[:public][:put][:routes_start_with], request.path_info)

    elsif request.post? and route_access[:public] and route_access[:public][:post]
      return true if exact_match?(ra[:public][:post][:routes], request.path_info)
      return true if leading_segment_match?(ra[:public][:post][:routes_start_with], request.path_info)
    end
  end
  false
end

.is_query_only_path?(request, current_auth) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/jungle_path/authorization/paths.rb', line 42

def self.is_query_only_path? request, current_auth
  is_it = false
  allowed_paths = {}
  allowed_paths["/query"] = true
  allowed_paths["/current/user"] = true
  allowed_paths["/current/user/auth"] = true
  is_it = allowed_paths[request.path_info]
  is_it
end

.leading_segment_match?(paths, request_path) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/jungle_path/authorization/paths.rb', line 56

def self.leading_segment_match? paths, request_path
  result = false
  if paths
    paths.each do |path|
      path = path + "/" unless path[-1] == "/"
      if request_path[0, path.length] == path
        result = true
        break
      end
    end
  end
  result
end