Module: RequestRefinery::ControllerMethods
- Included in:
- ApplicationController
- Defined in:
- lib/request_refinery.rb
Instance Method Summary collapse
-
#authorized_to?(omniParam, user: current_user, permissions: nil) ⇒ Boolean
returns a boolean indicating whether the user has the permission/permissions in omniParam the intended use is to pass it a symbol or an array of symbols, but there are various other options below: omniParam can be a string representing Permission.name, a symbol representing the same, or the actual Permission object omniParam can also be an array containg any combination of the aforementioned single parameters.
- #enforce_request_permissions(user: current_user) ⇒ Object
-
#unauthorized_request(user: current_user, filter: nil) ⇒ Object
can render any page, but a redirect will result in a redirect loop.
Instance Method Details
#authorized_to?(omniParam, user: current_user, permissions: nil) ⇒ Boolean
returns a boolean indicating whether the user has the permission/permissions in omniParam the intended use is to pass it a symbol or an array of symbols, but there are various other options below: omniParam can be a string representing Permission.name, a symbol representing the same, or the actual Permission object omniParam can also be an array containg any combination of the aforementioned single parameters
11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
# File 'lib/request_refinery.rb', line 11 def omniParam, user:current_user, permissions:nil perms = perms = user. if perms === nil or (!perms.is_a? Array or !perms[0].is_a? Symbol) return true if perms.include? :all if omniParam.is_a? Symbol return perms.include? omniParam elsif omniParam.is_a? String return perms.include? omniParam.to_sym elsif omniParam.is_a? RequestRefinery::Permission return perms.include? omniParam.name.to_sym elsif omniParam.is_a? Array return omniParam.all?{|x| x,user:user, permissions:perms} elsif omniParam.is_a? RequestRefinery::Permission::ActiveRecord_Associations_CollectionProxy return omniParam.to_a, user:user, permissions:perms elsif omniParam.is_a? Role # not going to handle Role because that would weaken the connection between access to a resource and a specific permission elsif omniParam.is_a? Hash # does not make sense elsif omniParam.is_a? User # does not make sense else return false end return false end |
#enforce_request_permissions(user: current_user) ⇒ Object
36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 |
# File 'lib/request_refinery.rb', line 36 def user:current_user # Allow all DeviseController methods return if self.class.superclass.to_s == DeviseController.to_s # collect the method, controller, and action # look for a matching controller filter filter = RequestRefinery::ControllerFilter.where(http_method:request.method.downcase,controller:self.class.to_s,action_name:@_action_name).first # look for a http_method specific controller-wide filter (ie - the action_name will be blank) if there is not one for the method, and use that filter for the request instead filter = RequestRefinery::ControllerFilter.where(http_method:request.method.downcase,controller:self.class.to_s,action_name:nil).first if filter.blank? # look for a controller-wide filter (ie - the action_name and http_method will be blank) if there is not one for the method, and use that filter for the request instead filter = RequestRefinery::ControllerFilter.where(http_method:nil,controller:self.class.to_s,action_name:nil).first if filter.blank? # look for an http_method-wide filter (only the http_method will be filled in) if there is not one for the controller (not recommended since this loosens the security) filter = RequestRefinery::ControllerFilter.where(http_method:request.method.downcase,controller:nil,action_name:nil).first if filter.blank? # handle unauthorized request with unauthorized_request method if filter.blank? return if filter.blank? # get the required permissions and user permissions # handle unauthorized request with unauthorized_request method unless authorized_to? filter.permissions (filter:filter) unless filter. puts "\n\nConfirmed that #{user.email} is authorized to #{filter.http_method.upcase}::>#{filter.controller}.#{filter.action_name}\n\n" if filter. end |
#unauthorized_request(user: current_user, filter: nil) ⇒ Object
can render any page, but a redirect will result in a redirect loop
64 65 66 67 68 |
# File 'lib/request_refinery.rb', line 64 def user:current_user,filter:nil puts "\n\nNo filter matches the given http method, controller, or controller method, rerouting..." if filter.blank? puts "\n\nUser #{user.email} is not authorized to #{filter.http_method.upcase}::>#{filter.controller || 'all'}.#{filter.action_name || 'all'}, rerouting...\n\n" unless filter.blank? render json: "Unauthorized Request" end |