Module: RequestRefinery::ControllerMethods

Included in:

ApplicationController

Defined in:

lib/request_refinery.rb

Instance Method Summary

• #authorized_to?(omniParam, user: current_user, permissions: nil) ⇒ Boolean

  returns a boolean indicating whether the user has the permission/permissions in omniParam the intended use is to pass it a symbol or an array of symbols, but there are various other options below: omniParam can be a string representing Permission.name, a symbol representing the same, or the actual Permission object omniParam can also be an array containg any combination of the aforementioned single parameters.

• #enforce_request_permissions(user: current_user) ⇒ Object
• #unauthorized_request(user: current_user, filter: nil) ⇒ Object

  can render any page, but a redirect will result in a redirect loop.

Instance Method Details

#authorized_to?(omniParam, user: current_user, permissions: nil) ⇒ Boolean

returns a boolean indicating whether the user has the permission/permissions in omniParam the intended use is to pass it a symbol or an array of symbols, but there are various other options below: omniParam can be a string representing Permission.name, a symbol representing the same, or the actual Permission object omniParam can also be an array containg any combination of the aforementioned single parameters

Returns:

• (Boolean)

# File 'lib/request_refinery.rb', line 11

def authorized_to? omniParam, user:current_user, permissions:nil
	perms = permissions
	perms = user.permission_syms if perms === nil or (!perms.is_a? Array or !perms[0].is_a? Symbol)

	return true if perms.include? :all

	if omniParam.is_a? Symbol
		return perms.include? omniParam
	elsif omniParam.is_a? String
		return perms.include? omniParam.to_sym
	elsif omniParam.is_a? RequestRefinery::Permission
		return perms.include? omniParam.name.to_sym
	elsif omniParam.is_a? Array
		return omniParam.all?{|x| authorized_to? x,user:user, permissions:perms}
	elsif omniParam.is_a? RequestRefinery::Permission::ActiveRecord_Associations_CollectionProxy
		return authorized_to? omniParam.to_a, user:user, permissions:perms
	elsif omniParam.is_a? Role	# not going to handle Role because that would weaken the connection between access to a resource and a specific permission
	elsif omniParam.is_a? Hash 	# does not make sense
	elsif omniParam.is_a? User 	# does not make sense
	else
		return false
	end
	return false
end

#enforce_request_permissions(user: current_user) ⇒ Object

# File 'lib/request_refinery.rb', line 36

def enforce_request_permissions user:current_user
	# Allow all DeviseController methods
	return if self.class.superclass.to_s == DeviseController.to_s

	# collect the method, controller, and action
	# look for a matching controller filter
	filter = RequestRefinery::ControllerFilter.where(http_method:request.method.downcase,controller:self.class.to_s,action_name:@_action_name).first

	# look for a http_method specific controller-wide filter (ie - the action_name will be blank) if there is not one for the method, and use that filter for the request instead
	filter = RequestRefinery::ControllerFilter.where(http_method:request.method.downcase,controller:self.class.to_s,action_name:nil).first if filter.blank?

	# look for a controller-wide filter (ie - the action_name and http_method will be blank) if there is not one for the method, and use that filter for the request instead
	filter = RequestRefinery::ControllerFilter.where(http_method:nil,controller:self.class.to_s,action_name:nil).first if filter.blank?

	# look for an http_method-wide filter (only the http_method will be filled in) if there is not one for the controller (not recommended since this loosens the security)
	filter = RequestRefinery::ControllerFilter.where(http_method:request.method.downcase,controller:nil,action_name:nil).first if filter.blank?

	# handle unauthorized request with unauthorized_request method if filter.blank?
	return unauthorized_request if filter.blank?

	# get the required permissions and user permissions
	# handle unauthorized request with unauthorized_request method unless authorized_to? filter.permissions
	unauthorized_request(filter:filter) unless authorized_to? filter.permissions

	puts "\n\nConfirmed that #{user.email} is authorized to #{filter.http_method.upcase}::>#{filter.controller}.#{filter.action_name}\n\n" if authorized_to? filter.permissions
end

#unauthorized_request(user: current_user, filter: nil) ⇒ Object

can render any page, but a redirect will result in a redirect loop

# File 'lib/request_refinery.rb', line 64

def unauthorized_request user:current_user,filter:nil
	puts "\n\nNo filter matches the given http method, controller, or controller method, rerouting..." if filter.blank?
	puts "\n\nUser #{user.email} is not authorized to #{filter.http_method.upcase}::>#{filter.controller || 'all'}.#{filter.action_name || 'all'}, rerouting...\n\n" unless filter.blank?
	render json: "Unauthorized Request"
end