Class: Tasker::Authorization::BaseCoordinator

Inherits:

Object

• Object
• Tasker::Authorization::BaseCoordinator

Defined in:

lib/tasker/authorization/base_coordinator.rb

Overview

Base authorization coordinator providing the foundation for authorization logic.

This class implements the core authorization interface that can be extended by host applications to provide custom authorization logic. It follows the same dependency injection pattern as the authentication system.

Host applications should inherit from this class and implement the ‘authorized?` method to provide their authorization logic.

Examples:

Basic usage

coordinator = BaseCoordinator.new(current_user)
coordinator.authorize!('tasker.task', :show, { task_id: 123 })

Custom implementation

class MyAuthorizationCoordinator < BaseCoordinator
  protected

  def authorized?(resource, action, context = {})
    case resource
    when 'tasker.task'
      user.can_access_tasks?
    else
      false
    end
  end
end

Instance Method Summary

• #authorize!(resource, action, context = {}) ⇒ true

  Authorize an action and raise an exception if not permitted.

• #can?(resource, action, context = {}) ⇒ Boolean

  Check if an action is authorized.

• #initialize(user = nil) ⇒ BaseCoordinator constructor

  Initialize the authorization coordinator.

Constructor Details

#initialize(user = nil) ⇒ BaseCoordinator

Initialize the authorization coordinator

Parameters:

• user (Object, nil) (defaults to: nil) —

  The user object to authorize against

# File 'lib/tasker/authorization/base_coordinator.rb', line 35

def initialize(user = nil)
  @user = user
end

Instance Method Details

#authorize!(resource, action, context = {}) ⇒ true

Authorize an action and raise an exception if not permitted

This method checks authorization and raises an UnauthorizedError if the action is not permitted.

Parameters:

• resource (String) —

  The resource being accessed (e.g., ‘tasker.task’)

• action (Symbol, String) —

  The action being performed (e.g., :show)

• context (Hash) (defaults to: {}) —

  Additional context for authorization decisions

Returns:

• (true) —

  When the action is authorized

Raises:

• (UnauthorizedError) —

  When the action is not authorized

# File 'lib/tasker/authorization/base_coordinator.rb', line 49

def authorize!(resource, action, context = {})
  unless can?(resource, action, context)
    raise UnauthorizedError,
          "Not authorized to #{action} on #{resource}"
  end

  true
end

#can?(resource, action, context = {}) ⇒ Boolean

Check if an action is authorized

This method performs the authorization check without raising an exception. It validates the resource and action exist, then delegates to the ‘authorized?` method for the actual authorization logic.

Parameters:

• resource (String) —

  The resource being accessed

• action (Symbol, String) —

  The action being performed

• context (Hash) (defaults to: {}) —

  Additional context for authorization decisions

Returns:

• (Boolean) —

  True if the action is authorized

# File 'lib/tasker/authorization/base_coordinator.rb', line 68

def can?(resource, action, context = {})
  # Allow all actions if authorization is disabled
  return true unless authorization_enabled?

  # Validate resource and action exist in the registry
  unless ResourceRegistry.action_exists?(resource, action)
    raise ArgumentError, "Unknown resource:action '#{resource}:#{action}'"
  end

  # Delegate to subclass implementation
  authorized?(resource, action, context)
end