Class: Kibali::AccessControl
- Inherits:
-
Struct
- Object
- Struct
- Kibali::AccessControl
- Defined in:
- lib/kibali/access_control.rb
Instance Attribute Summary collapse
-
#role_control_hash ⇒ Object
Returns the value of attribute role_control_hash.
Instance Method Summary collapse
-
#before(controller) ⇒ Object
——————————————————————————.
Instance Attribute Details
#role_control_hash ⇒ Object
Returns the value of attribute role_control_hash
2 3 4 |
# File 'lib/kibali/access_control.rb', line 2 def role_control_hash @role_control_hash end |
Instance Method Details
#before(controller) ⇒ Object
29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 |
# File 'lib/kibali/access_control.rb', line 29 def before( controller ) if controller.current_user.nil? # no user defined; anonymous permitted? if self.role_control_hash.member?( :anonymous ) # if anonymous is referenced, continue... my_role = :anonymous # ...then handle anonymously else # unauthorized access of controller raise Kibali::AccessDenied end # if..then..else anonymous check elsif !self.role_control_hash.member?( my_role = controller.current_user.get_role.name.to_sym ) if self.role_control_hash.member?( :all ) # if all is referenced, continue... my_role = :all # ...then handle as all else # unauthorized access of controller raise Kibali::AccessDenied end # if..then..else anonymous check end # if..elsif check for anonymous or role not allowed expected_action = controller.action_name.to_sym # action being attempted permitted = true # presume authorized # now check the action_hash for action access # shown as a loop, but only the first entry is meaningful self.role_control_hash[my_role].each do |limit_type, action_list| unless action_list.kind_of?( Array ) raise Kibali::SyntaxError, "all action lists should be arrays of symbols" end permitted = ( action_list.empty? || action_list.include?( expected_action ) ) case limit_type when :allow, :to, :only then permitted when :deny, :except then permitted = !permitted else raise Kibali::SyntaxError, "Unrecognized access_control limit_type: #{limit_type}" end # case unless permitted # ... figure out the type of exception if action_list.any?{ |actn| actn.class.name != "Symbol" } raise Kibali::SyntaxError, "all actions should be symbols" else raise Kibali::AccessDenied end # syntax checking end # unless break # always break the loop at success end # do check if role return permitted end |