Class: Kibali::AccessControl

Inherits:
Struct
  • Object
show all
Defined in:
lib/kibali/access_control.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#role_control_hashObject

Returns the value of attribute role_control_hash

Returns:

  • (Object)

    the current value of role_control_hash



2
3
4
 
# File 'lib/kibali/access_control.rb', line 2

def role_control_hash
  @role_control_hash
end

Instance Method Details

#before(controller) ⇒ Object 



29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
 
# File 'lib/kibali/access_control.rb', line 29

def before( controller )

   if controller.current_user.nil?   # no user defined; anonymous permitted?
       
      if self.role_control_hash.member?( :anonymous )  # if anonymous is referenced, continue...
         my_role = :anonymous    # ...then handle anonymously
      else   # unauthorized access of controller
         raise Kibali::AccessDenied 
      end   # if..then..else anonymous check

   elsif !self.role_control_hash.member?( my_role = controller.current_user.get_role.name.to_sym )
       
      if self.role_control_hash.member?( :all )  # if all is referenced, continue...
         my_role = :all    # ...then handle as all
      else   # unauthorized access of controller
         raise Kibali::AccessDenied 
      end   # if..then..else anonymous check

   end   # if..elsif check for anonymous or role not allowed

   expected_action = controller.action_name.to_sym  # action being attempted

   permitted = true   # presume authorized

       # now check the action_hash for action access
       # shown as a loop, but only the first entry is meaningful
   self.role_control_hash[my_role].each do |limit_type, action_list|

      unless action_list.kind_of?( Array )
         raise Kibali::SyntaxError, "all action lists should be arrays of symbols"
      end

      permitted = ( action_list.empty? || action_list.include?( expected_action ) )
      
      case limit_type
         when :allow, :to, :only then  permitted
         when :deny, :except then permitted = !permitted
      else
         raise Kibali::SyntaxError, "Unrecognized access_control limit_type: #{limit_type}"
      end  # case

      
      unless permitted      # ... figure out the type of exception
         if action_list.any?{ |actn|  actn.class.name != "Symbol" }
            raise Kibali::SyntaxError, "all actions should be symbols"
         else
            raise Kibali::AccessDenied 
         end  # syntax checking
      end  # unless

      break   # always break the loop at success

   end  # do check if role

   return permitted
end