Module: RailsAuthorize

Defined in:

lib/rails_authorize.rb,
lib/rails_authorize/version.rb

Defined Under Namespace

Classes: NotAuthorizedError

Constant Summary

VERSION =

"0.1.1"

Instance Method Summary

• #authorization(target, options = {}) ⇒ Object

  Finds authorization class for given target and returns new instance.

• #authorization_scope(target, options = {}) ⇒ Scope

  Retrieves the authorization scope for the given target.

• #authorize(target, options = {}) ⇒ Object

  Throwing an error if the user is not authorized to perform the given action.

• #authorized_scope(target, options = {}) ⇒ Scope

  Throwing an error if the user is not authorized to perform the given action.

Instance Method Details

#authorization(target, options = {}) ⇒ Object

Finds authorization class for given target and returns new instance

Parameters:

• target (any) —

  the target to load authorization

• options (Hash) (defaults to: {}) —

  key/value options (user, authorization, context)

• options (:user) (defaults to: {}) —

  Object

  the user that initiated the action

• options (:authorization) (defaults to: {}) —

  Class

  Authorization class to use for authenticate

• options (:context) (defaults to: {}) —

  Hash

  other key/value options to use in the authorization methods

Returns:

• (Object) —

  new authorization instance

# File 'lib/rails_authorize.rb', line 18

def authorization(target, options={})
  user = options[:user] || current_user
  klass = options[:authorization] || "#{target.model_name.name}Authorization".constantize

  klass.new(user, target, options[:context])
end

#authorization_scope(target, options = {}) ⇒ Scope

Retrieves the authorization scope for the given target

Parameters:

• target (Object) —

  the target we’re retrieving the policy scope for

• options (Hash) (defaults to: {}) —

  key/value options (user, authorization, context)

Returns:

• (Scope) —

  authorized scope

# File 'lib/rails_authorize.rb', line 52

def authorization_scope(target, options={})
  authorization(target, options).scope
end

#authorize(target, options = {}) ⇒ Object

Throwing an error if the user is not authorized to perform the given action

Parameters:

• target (Object) —

  the target we’re checking permissions of

• options (Hash) (defaults to: {}) —

  key/value options (action, user, authorization, context)

• options (:action) (defaults to: {}) —

  String

  the method to check on the authorization (e.g. ‘:show?`)

Returns:

• (Object) —

  the passed target

Raises:

• (NotAuthorizedError) —

  if the given action method returned false

# File 'lib/rails_authorize.rb', line 35

def authorize(target, options={})
  action = options.delete(:action) || "#{action_name}?"
  authorization = authorization(target, options)

  raise(NotAuthorizedError) unless authorization.public_send(action)

  target
end

#authorized_scope(target, options = {}) ⇒ Scope

Throwing an error if the user is not authorized to perform the given action

Parameters:

• target (Object) —

  the target we’re retrieving the policy scope for

• options (Hash) (defaults to: {}) —

  key/value options (action, user, authorization, context)

• options (:action) (defaults to: {}) —

  String

  the method to check on the authorization (e.g. ‘:show?`)

Returns:

• (Scope) —

  authorization scope

Raises:

• (NotAuthorizedError) —

  if the given action method returned false

# File 'lib/rails_authorize.rb', line 66

def authorized_scope(target, options={})
  action = options.delete(:action) || "#{action_name}?"
  authorization = authorization(target, options)

  raise(NotAuthorizedError) unless authorization.public_send(action)

  authorization.scope
end