Module: RailsIdentity::ApplicationHelper

Includes:
Repia::BaseHelper
Included in:
ApplicationController
Defined in:
app/helpers/rails_identity/application_helper.rb

Instance Method Summary collapse

Instance Method Details

#authorized?(obj) ⇒ Boolean

Determines if the user is authorized for the object.

Returns:

  • (Boolean) 


113
114
115
116
117
118
119
120
121
122
123
124
125
126
 
# File 'app/helpers/rails_identity/application_helper.rb', line 113

def authorized?(obj)
  logger.debug("Checking to see if authorized to access object")
  if @auth_user.nil?
    # :nocov:
    return false
    # :nocov:
  elsif @auth_user.role >= Roles::ADMIN
    return true
  elsif obj.is_a? User
    return obj == @auth_user
  else
    return obj.try(:user) == @auth_user
  end
end

#get_user(fallback: true) ⇒ Object

Helper method to get the user object in the request, which is specified by :user_id parameter. There are two ways to specify the user id–one in the routing or the auth context.

An Repia::Errors::Unauthorized is raised if the authenticated user is not authorized for the specified user information.

An Repia::Errors::NotFound is raised if the specified user cannot be found.



16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
 
# File 'app/helpers/rails_identity/application_helper.rb', line 16

def get_user(fallback: true)
  user_id = params[:user_id]
  logger.debug("Attempting to get user #{user_id}")
  if !user_id.nil? && user_id != "current"
    @user = find_object(User, params[:user_id])  # will throw error if nil
    unless authorized?(@user)
      raise Repia::Errors::Unauthorized,
            "Not authorized to access user #{user_id}"
    end
  elsif fallback || user_id == "current"
    @user = @auth_user
  else
    # :nocov:
    raise Repia::Errors::NotFound, "User #{user_id} does not exist"
    # :nocov:
  end
end