Class: Rails::Auth::ACL

Inherits:

Object

• Object
• Rails::Auth::ACL

Defined in:

lib/rails/auth/acl.rb,
lib/rails/auth/acl/resource.rb,
lib/rails/auth/acl/middleware.rb,
lib/rails/auth/acl/matchers/allow_all.rb

Overview

Route-based access control lists

Defined Under Namespace

Modules: Matchers Classes: Middleware, Resource

Constant Summary

DEFAULT_MATCHERS =

Predicate matchers available by default in ACLs

{
  allow_all: Matchers::AllowAll
}.freeze

Instance Attribute Summary

• #resources ⇒ Object readonly

  Returns the value of attribute resources.

Class Method Summary

• .from_yaml(yaml, **args) ⇒ Object

  Create a Rails::Auth::ACL from a YAML representation of an ACL.

Instance Method Summary

• #initialize(acl, matchers: {}) ⇒ ACL constructor

  A new instance of ACL.

• #match(env) ⇒ Boolean

  Match the Rack environment against the ACL, checking all predicates.

• #matching_resources(env) ⇒ Array<Rails::Auth::ACL::Resource>

  Find all resources that match the ACL.

Constructor Details

#initialize(acl, matchers: {}) ⇒ ACL

Returns a new instance of ACL.

Parameters:

• :acl (Array<Hash>) —

  Access Control List configuration

• :matchers (Hash) —

  predicate matchers for use with this ACL

Raises:

• (TypeError)

# File 'lib/rails/auth/acl.rb', line 26

def initialize(acl, matchers: {})
  raise TypeError, "expected Array for acl, got #{acl.class}" unless acl.is_a?(Array)

  @resources = []

  acl.each do |entry|
    raise TypeError, "expected Hash for acl entry, got #{entry.class}" unless entry.is_a?(Hash)

    resources = entry["resources"]
    raise ParseError, "no 'resources' key present in entry: #{entry.inspect}" unless resources

    predicates = parse_predicates(entry, matchers.merge(DEFAULT_MATCHERS))

    resources.each do |resource|
      @resources << Resource.new(resource, predicates).freeze
    end
  end

  @resources.freeze
end

Instance Attribute Details

#resources ⇒ Object (readonly)

Returns the value of attribute resources.

# File 'lib/rails/auth/acl.rb', line 8

def resources
  @resources
end

Class Method Details

.from_yaml(yaml, **args) ⇒ Object

Create a Rails::Auth::ACL from a YAML representation of an ACL

Parameters:

• :yaml (String) —

  serialized YAML to load an ACL from

# File 'lib/rails/auth/acl.rb', line 18

def self.from_yaml(yaml, **args)
  require "yaml"
  new(YAML.load(yaml), **args)
end

Instance Method Details

#match(env) ⇒ Boolean

Match the Rack environment against the ACL, checking all predicates

Parameters:

• :env (Hash) —

  Rack environment

Returns:

• (Boolean) —

  is the request authorized?

# File 'lib/rails/auth/acl.rb', line 53

def match(env)
  @resources.any? { |resource| resource.match(env) }
end

#matching_resources(env) ⇒ Array<Rails::Auth::ACL::Resource>

Find all resources that match the ACL. Predicates are NOT checked, instead only the initial checks for the “resources” section of the ACL are performed. Use the ‘#match` method to validate predicates.

This method is intended for debugging AuthZ failures. It can find all resources that match the given request so the corresponding predicates can be introspected.

Parameters:

• :env (Hash) —

  Rack environment

Returns:

• (Array<Rails::Auth::ACL::Resource>) —

  matching resources

# File 'lib/rails/auth/acl.rb', line 69

def matching_resources(env)
  @resources.find_all { |resource| resource.match!(env) }
end