Class: OpenStax::Utilities::AccessPolicy
- Inherits:
-
Object
- Object
- OpenStax::Utilities::AccessPolicy
- Includes:
- Singleton
- Defined in:
- lib/openstax/utilities/access_policy.rb
Instance Attribute Summary collapse
-
#resource_policy_map ⇒ Object
readonly
Returns the value of attribute resource_policy_map.
Class Method Summary collapse
- .action_allowed?(action, requestor, resource) ⇒ Boolean
- .method_missing(method_name, *arguments, &block) ⇒ Object
- .register(resource_class, policy_class) ⇒ Object
- .require_action_allowed!(action, requestor, resource) ⇒ Object
- .respond_to_missing?(method_name, include_private = false) ⇒ Boolean
Instance Method Summary collapse
-
#initialize ⇒ AccessPolicy
constructor
A new instance of AccessPolicy.
Constructor Details
#initialize ⇒ AccessPolicy
Returns a new instance of AccessPolicy.
10 11 12 |
# File 'lib/openstax/utilities/access_policy.rb', line 10 def initialize() @resource_policy_map = {} end |
Instance Attribute Details
#resource_policy_map ⇒ Object (readonly)
Returns the value of attribute resource_policy_map.
8 9 10 |
# File 'lib/openstax/utilities/access_policy.rb', line 8 def resource_policy_map @resource_policy_map end |
Class Method Details
.action_allowed?(action, requestor, resource) ⇒ Boolean
31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 |
# File 'lib/openstax/utilities/access_policy.rb', line 31 def self.action_allowed?(action, requestor, resource) # If the incoming requestor is an ApiUser, choose to use either its # human_user or its application. If there is a human user involved, it # should always take precedence when testing for access. if defined?(OpenStax::Api::ApiUser) && requestor.is_a?(OpenStax::Api::ApiUser) requestor = requestor.human_user ? requestor.human_user : requestor.application end resource_class = resource.is_a?(Class) ? resource : resource.class policy_class = instance.resource_policy_map[resource_class.to_s].try(:constantize) # If there is no policy registered, we by default deny access return false if policy_class.nil? policy_class.action_allowed?(action, requestor, resource) end |
.method_missing(method_name, *arguments, &block) ⇒ Object
14 15 16 17 18 19 20 |
# File 'lib/openstax/utilities/access_policy.rb', line 14 def self.method_missing(method_name, *arguments, &block) if method_name.to_s =~ /(.*)_allowed?/ action_allowed?(*arguments.unshift($1.to_sym), &block) else super end end |
.register(resource_class, policy_class) ⇒ Object
50 51 52 |
# File 'lib/openstax/utilities/access_policy.rb', line 50 def self.register(resource_class, policy_class) self.instance.resource_policy_map[resource_class.to_s] = policy_class.to_s end |
.require_action_allowed!(action, requestor, resource) ⇒ Object
26 27 28 29 |
# File 'lib/openstax/utilities/access_policy.rb', line 26 def self.require_action_allowed!(action, requestor, resource) msg = "\"#{requestor.inspect}\" is not allowed to perform \"#{action}\" on \"#{resource.inspect}\"" raise(SecurityTransgression, msg) unless action_allowed?(action, requestor, resource) end |
.respond_to_missing?(method_name, include_private = false) ⇒ Boolean
22 23 24 |
# File 'lib/openstax/utilities/access_policy.rb', line 22 def self.respond_to_missing?(method_name, include_private = false) method_name.to_s.end_with?('_allowed?') || super end |