Class: ActiveRecord::Base

Inherits:

Object

• Object
• ActiveRecord::Base

Defined in:

lib/authorizer/active_record_patch.rb

Overview

This class contains all the patches to ActiveRecord::Base that make this library function on the model side. You should only have to interact with these methods on concrete models and not by interacting with ActiveRecord::Base directly.

Class Method Summary

• .define_rule(*names, &block) ⇒ Object

  Defines an authorization rule for the specified action names.

• .get_perms ⇒ Object

  returns the hash mapping permission rules to executable actions.

• .init_fallback_rule ⇒ Object

  Ensures that the fallback_rule class variable is defined.

• .set_fallback_rule(&rule) ⇒ Object

  Defines a fallback rule.

Instance Method Summary

• #is_authorized(action, authorizee) ⇒ Object

  Checks whether the given actor (authorizee) is permitted to perform the given action on this instance of a model.

Class Method Details

.define_rule(*names, &block) ⇒ Object

Defines an authorization rule for the specified action names. If multiple names are passed, then the same rule will be used for all of them.

Action names should take the following format “controller_name#action_name”. E.G. To specify a rule for the update action on the posts controller, you would write ‘posts#update’.

names can also be symbols.

# File 'lib/authorizer/active_record_patch.rb', line 42

def self.define_rule(*names, &block)
  perms = self.get_perms
  names.each {|name| perms[name.to_sym] = block}
end

.get_perms ⇒ Object

returns the hash mapping permission rules to executable actions. This is used internally and should not need to be called directly by the user.

# File 'lib/authorizer/active_record_patch.rb', line 13

def self.get_perms
  unless (self.class_variables.include?(:'@@perms'))
    @@perms = {}
  end
  init_fallback_rule
  return @@perms
end

.init_fallback_rule ⇒ Object

Ensures that the fallback_rule class variable is defined. Used internally. There should be no need for users to call this method directly.

# File 'lib/authorizer/active_record_patch.rb', line 24

def self.init_fallback_rule
  @@fallback_rule = nil unless (self.class_variable_defined?(:@@fallback_rule))
end

.set_fallback_rule(&rule) ⇒ Object

Defines a fallback rule. The fallback rule defined by this class method will be used in every case where a permission rule is not specified. This is intended to be used in situations where users wish to define some generic authorization check that will be run for every action that doesn’t have its own rule specified.

# File 'lib/authorizer/active_record_patch.rb', line 55

def self.set_fallback_rule(&rule)
  @@fallback_rule = rule
end

Instance Method Details

#is_authorized(action, authorizee) ⇒ Object

Checks whether the given actor (authorizee) is permitted to perform the given action on this instance of a model. Generally, this method is called by other parts of rails-action-authorization and need not be invoked directly. It can be invoked directly if users need more precise control over a permission than is available using the default authorization flow.

Returns the model instance it is invoked on unless the actor (authorizee) is forbidden from performing the action, in which case it will raise a ForbiddenError.

Raises:

• (ForbiddenError)

# File 'lib/authorizer/active_record_patch.rb', line 68

def is_authorized(action, authorizee)
  symbol = action.to_sym
  perms = self.class.get_perms

  authorized = false
  authorized = perms[symbol].(self, authorizee, symbol) if perms[symbol]
  authorized = @@fallback_rule.(self, authorizee) if @@fallback_rule && !perms[symbol]

  raise ForbiddenError.new(
    "Actor #{authorizee} is not authorized to perform action #{action} on resource #{self}."
  ) unless authorized

  self
end