Class: Rails::Auth::ACL
- Inherits:
-
Object
- Object
- Rails::Auth::ACL
- Defined in:
- lib/rails/auth/acl.rb,
lib/rails/auth/acl/resource.rb,
lib/rails/auth/acl/middleware.rb,
lib/rails/auth/acl/matchers/allow_all.rb
Overview
Route-based access control lists
Defined Under Namespace
Modules: Matchers Classes: Middleware, Resource
Constant Summary collapse
- DEFAULT_MATCHERS =
Predicate matchers available by default in ACLs
{ allow_all: Matchers::AllowAll }.freeze
Instance Attribute Summary collapse
-
#resources ⇒ Object
readonly
Returns the value of attribute resources.
Class Method Summary collapse
-
.from_yaml(yaml, **args) ⇒ Object
Create a Rails::Auth::ACL from a YAML representation of an ACL.
Instance Method Summary collapse
-
#initialize(acl, matchers: {}) ⇒ ACL
constructor
A new instance of ACL.
-
#match(env) ⇒ Boolean
Match the Rack environment against the ACL, checking all predicates.
-
#matching_resources(env) ⇒ Array<Rails::Auth::ACL::Resource>
Find all resources that match the ACL.
Constructor Details
#initialize(acl, matchers: {}) ⇒ ACL
Returns a new instance of ACL.
26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 |
# File 'lib/rails/auth/acl.rb', line 26 def initialize(acl, matchers: {}) raise TypeError, "expected Array for acl, got #{acl.class}" unless acl.is_a?(Array) @resources = [] acl.each do |entry| raise TypeError, "expected Hash for acl entry, got #{entry.class}" unless entry.is_a?(Hash) resources = entry["resources"] raise ParseError, "no 'resources' key present in entry: #{entry.inspect}" unless resources predicates = parse_predicates(entry, matchers.merge(DEFAULT_MATCHERS)) resources.each do |resource| @resources << Resource.new(resource, predicates).freeze end end @resources.freeze end |
Instance Attribute Details
#resources ⇒ Object (readonly)
Returns the value of attribute resources.
8 9 10 |
# File 'lib/rails/auth/acl.rb', line 8 def resources @resources end |
Class Method Details
.from_yaml(yaml, **args) ⇒ Object
Create a Rails::Auth::ACL from a YAML representation of an ACL
18 19 20 21 |
# File 'lib/rails/auth/acl.rb', line 18 def self.from_yaml(yaml, **args) require "yaml" new(YAML.load(yaml), **args) end |
Instance Method Details
#match(env) ⇒ Boolean
Match the Rack environment against the ACL, checking all predicates
53 54 55 |
# File 'lib/rails/auth/acl.rb', line 53 def match(env) @resources.any? { |resource| resource.match(env) } end |
#matching_resources(env) ⇒ Array<Rails::Auth::ACL::Resource>
Find all resources that match the ACL. Predicates are NOT checked, instead only the initial checks for the “resources” section of the ACL are performed. Use the ‘#match` method to validate predicates.
This method is intended for debugging AuthZ failures. It can find all resources that match the given request so the corresponding predicates can be introspected.
69 70 71 |
# File 'lib/rails/auth/acl.rb', line 69 def matching_resources(env) @resources.find_all { |resource| resource.match!(env) } end |