Class: Rails::Auth::ACL
- Inherits:
-
Object
- Object
- Rails::Auth::ACL
- Defined in:
- lib/rails/auth/acl.rb,
lib/rails/auth/acl/resource.rb,
lib/rails/auth/acl/middleware.rb,
lib/rails/auth/acl/matchers/allow_all.rb
Overview
Route-based access control lists
Defined Under Namespace
Modules: Matchers Classes: Middleware, Resource
Constant Summary collapse
- DEFAULT_MATCHERS =
Predicate matchers available by default in ACLs
{ allow_all: Matchers::AllowAll }.freeze
Class Method Summary collapse
-
.from_yaml(yaml, **args) ⇒ Object
Create a Rails::Auth::ACL from a YAML representation of an ACL.
Instance Method Summary collapse
-
#initialize(acl, matchers: {}) ⇒ ACL
constructor
A new instance of ACL.
-
#match(env) ⇒ Boolean
Match the Rack environment against the ACL, checking all predicates.
-
#matching_resources(env) ⇒ Array<Rails::Auth::ACL::Resource>
Find all resources that match the ACL.
Constructor Details
#initialize(acl, matchers: {}) ⇒ ACL
Returns a new instance of ACL.
24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 |
# File 'lib/rails/auth/acl.rb', line 24 def initialize(acl, matchers: {}) raise TypeError, "expected Array for acl, got #{acl.class}" unless acl.is_a?(Array) @resources = [] acl.each do |entry| raise TypeError, "expected Hash for acl entry, got #{entry.class}" unless entry.is_a?(Hash) resources = entry["resources"] raise ParseError, "no 'resources' key present in entry: #{entry.inspect}" unless resources predicates = parse_predicates(entry, matchers.merge(DEFAULT_MATCHERS)) resources.each do |resource| @resources << Resource.new(resource, predicates).freeze end end @resources.freeze end |
Class Method Details
.from_yaml(yaml, **args) ⇒ Object
Create a Rails::Auth::ACL from a YAML representation of an ACL
16 17 18 19 |
# File 'lib/rails/auth/acl.rb', line 16 def self.from_yaml(yaml, **args) require "yaml" new(YAML.load(yaml), **args) end |
Instance Method Details
#match(env) ⇒ Boolean
Match the Rack environment against the ACL, checking all predicates
51 52 53 |
# File 'lib/rails/auth/acl.rb', line 51 def match(env) @resources.any? { |resource| resource.match(env) } end |
#matching_resources(env) ⇒ Array<Rails::Auth::ACL::Resource>
Find all resources that match the ACL. Predicates are NOT checked, instead only the initial checks for the “resources” section of the ACL are performed. Use the ‘#match` method to validate predicates.
This method is intended for debugging AuthZ failures. It can find all resources that match the given request so the corresponding predicates can be introspected.
67 68 69 |
# File 'lib/rails/auth/acl.rb', line 67 def matching_resources(env) @resources.find_all { |resource| resource.match!(env) } end |