Class: Tasker::Authorization::BaseCoordinator

Inherits:

Object

Object
Tasker::Authorization::BaseCoordinator

show all

Defined in:: lib/tasker/authorization/base_coordinator.rb

Overview

Base authorization coordinator providing the foundation for authorization logic.

This class implements the core authorization interface that can be extended by host applications to provide custom authorization logic. It follows the same dependency injection pattern as the authentication system.

Host applications should inherit from this class and implement the ‘authorized?` method to provide their authorization logic.

Examples:

Basic usage

coordinator = BaseCoordinator.new(current_user)
coordinator.authorize!('tasker.task', :show, { task_id: 123 })

Custom implementation

class MyAuthorizationCoordinator < BaseCoordinator
  protected

  def authorized?(resource, action, context = {})
    case resource
    when 'tasker.task'
      user.can_access_tasks?
    else
      false
    end
  end
end

Instance Method Summary collapse

#authorize!(resource, action, context = {}) ⇒ true

Authorize an action and raise an exception if not permitted.
#can?(resource, action, context = {}) ⇒ Boolean

Check if an action is authorized.
#initialize(user = nil) ⇒ BaseCoordinator constructor

Initialize the authorization coordinator.

Constructor Details

#initialize(user = nil) ⇒ `BaseCoordinator`

Initialize the authorization coordinator



35
36
37

# File 'lib/tasker/authorization/base_coordinator.rb', line 35

def initialize(user = nil)
  @user = user
end

Instance Method Details

#authorize!(resource, action, context = {}) ⇒ `true`

Authorize an action and raise an exception if not permitted

This method checks authorization and raises an UnauthorizedError if the action is not permitted.

Raises:

(UnauthorizedError) —

When the action is not authorized

# File 'lib/tasker/authorization/base_coordinator.rb', line 49

def authorize!(resource, action, context = {})
  unless can?(resource, action, context)
    raise UnauthorizedError,
          "Not authorized to #{action} on #{resource}"
  end

  true
end

#can?(resource, action, context = {}) ⇒ `Boolean`

Check if an action is authorized

This method performs the authorization check without raising an exception. It validates the resource and action exist, then delegates to the ‘authorized?` method for the actual authorization logic.

# File 'lib/tasker/authorization/base_coordinator.rb', line 68

def can?(resource, action, context = {})
  # Allow all actions if authorization is disabled
  return true unless authorization_enabled?

  # Validate resource and action exist in the registry
  unless ResourceRegistry.action_exists?(resource, action)
    raise ArgumentError, "Unknown resource:action '#{resource}:#{action}'"
  end

  # Delegate to subclass implementation
  authorized?(resource, action, context)
end