Module: RequestRefinery::ControllerMethods

Included in:

ApplicationController

Defined in:

lib/request_refinery.rb

Instance Method Summary

• #authorized_to?(omniParam, user: current_user, permissions: nil) ⇒ Boolean

  returns a boolean indicating whether the user has the permission/permissions in omniParam the intended use is to pass it a symbol or an array of symbols, but there are various other options below: omniParam can be a string representing Permission.name, a symbol representing the same, or the actual Permission object omniParam can also be an array containg any combination of the aforementioned single parameters.

• #enforce_request_permissions(user: current_user) ⇒ Object
• #unauthorized_request(user: current_user, filter: nil) ⇒ Object

  can render any page, but a redirect will result in a redirect loop.

Instance Method Details

#authorized_to?(omniParam, user: current_user, permissions: nil) ⇒ Boolean

returns a boolean indicating whether the user has the permission/permissions in omniParam the intended use is to pass it a symbol or an array of symbols, but there are various other options below: omniParam can be a string representing Permission.name, a symbol representing the same, or the actual Permission object omniParam can also be an array containg any combination of the aforementioned single parameters

Returns:

• (Boolean)

# File 'lib/request_refinery.rb', line 11

def authorized_to? omniParam, user:current_user, permissions:nil
  perms = permissions
  perms = user.permission_syms if perms === nil or (!perms.is_a? Array or !perms[0].is_a? Symbol)

  return true if perms.include? :all

  if omniParam.is_a? Symbol
    return perms.include? omniParam
  elsif omniParam.is_a? String
    return perms.include? omniParam.to_sym
  elsif omniParam.is_a? RequestRefinery::Permission
    return perms.include? omniParam.name.to_sym
  elsif omniParam.is_a? Array
    return omniParam.all?{|x| authorized_to? x,user:user, permissions:perms}
  elsif omniParam.is_a? RequestRefinery::Permission::ActiveRecord_Associations_CollectionProxy
    return authorized_to? omniParam.to_a, user:user, permissions:perms
  elsif omniParam.is_a? Role # not going to handle Role because that would weaken the connection between access to a resource and a specific permission
  elsif omniParam.is_a? Hash   # does not make sense
  elsif omniParam.is_a? User   # does not make sense
  else
    return false
  end
  return false
end

#enforce_request_permissions(user: current_user) ⇒ Object

# File 'lib/request_refinery.rb', line 36

def enforce_request_permissions user:current_user
  # Allow all DeviseController methods
  return if self.class.superclass.to_s == DeviseController.to_s

  # collect the method, controller, and action
  # look for a matching controller filter
  filter = RequestRefinery::ControllerFilter.where(http_method:request.method.downcase,controller:self.class.to_s,action_name:@_action_name).first

  # look for a http_method specific controller-wide filter (ie - the action_name will be blank) if there is not one for the method, and use that filter for the request instead
  filter = RequestRefinery::ControllerFilter.where(http_method:request.method.downcase,controller:self.class.to_s,action_name:nil).first if filter.blank?

  # look for a controller-wide filter (ie - the action_name and http_method will be blank) if there is not one for the method, and use that filter for the request instead
  filter = RequestRefinery::ControllerFilter.where(http_method:nil,controller:self.class.to_s,action_name:nil).first if filter.blank?

  # look for an http_method-wide filter (only the http_method will be filled in) if there is not one for the controller (not recommended since this loosens the security)
  filter = RequestRefinery::ControllerFilter.where(http_method:request.method.downcase,controller:nil,action_name:nil).first if filter.blank?

  # handle unauthorized request with unauthorized_request method if filter.blank?
  return unauthorized_request if filter.blank?

  # get the required permissions and user permissions
  # handle unauthorized request with unauthorized_request method unless authorized_to? filter.permissions
  unauthorized_request(filter:filter) unless authorized_to? filter.permissions

  puts "\n\nConfirmed that #{user.email} is authorized to #{filter.http_method.upcase}::>#{filter.controller}.#{filter.action_name}\n\n" if authorized_to? filter.permissions
end

#unauthorized_request(user: current_user, filter: nil) ⇒ Object

can render any page, but a redirect will result in a redirect loop

# File 'lib/request_refinery.rb', line 64

def unauthorized_request user:current_user,filter:nil
  puts "\n\nNo filter matches the given http method, controller, or controller method, rerouting..." if filter.blank?
  puts "\n\nUser #{user.email} is not authorized to #{filter.http_method.upcase}::>#{filter.controller || 'all'}.#{filter.action_name || 'all'}, rerouting...\n\n" unless filter.blank?
  render json: "Unauthorized Request"
end