Module: Tight::Access::InstanceMethods

Defined in:

lib/tight-auth/access.rb

Instance Method Summary

• #access_action?(action = nil, object = nil, &block) ⇒ Boolean

  Checks if current visitor is allowed to to the action with object.

• #access_object?(object = nil, action = nil, &block) ⇒ Boolean

  Check if current visitor is allowed to interact with object by action.

• #access_objects(subject = access_subject, action = nil) ⇒ Object

  Populates the list of objects the current visitor is allowed to interact with.

• #access_role?(*roles, &block) ⇒ Boolean

  Checks if current visitor is one of the specified roles.

• #access_subject ⇒ Object

  Returns current visitor.

• #authorized? ⇒ Boolean

  Checks if current visitor has access to current action with current controller.

Instance Method Details

#access_action?(action = nil, object = nil, &block) ⇒ Boolean

Checks if current visitor is allowed to to the action with object. Can accept a block.

Returns:

• (Boolean)

# File 'lib/tight-auth/access.rb', line 117

def access_action?(action = nil, object = nil, &block)
  return true if response.status/100 == 4 && settings.access_errors
  if respond_to?(:request) && action.nil? && object.nil?
    object = request.controller
    action = request.action
    if object.nil? && action.present? && action.to_s.index('/')
      object, action = request.env['PATH_INFO'].to_s.scan(/\/([^\/]*)/).map(&:first)
    end
    object ||= :''
    action ||= :index
    object = object.to_sym
    action = action.to_sym
  end
  settings.permissions.check(access_subject, :allow => action, :with => object, &block)
end

#access_object?(object = nil, action = nil, &block) ⇒ Boolean

Check if current visitor is allowed to interact with object by action. Can accept a block.

Returns:

• (Boolean)

# File 'lib/tight-auth/access.rb', line 136

def access_object?(object = nil, action = nil, &block)
  allow_action action, object, &block
end

#access_objects(subject = access_subject, action = nil) ⇒ Object

Populates the list of objects the current visitor is allowed to interact with.

# File 'lib/tight-auth/access.rb', line 143

def access_objects(subject = access_subject, action = nil)
  settings.permissions.find_objects(subject, action)
end

#access_role?(*roles, &block) ⇒ Boolean

Checks if current visitor is one of the specified roles. Can accept a block.

Returns:

• (Boolean)

# File 'lib/tight-auth/access.rb', line 110

def access_role?(*roles, &block)
  settings.permissions.check(access_subject, :have => roles, &block)
end

#access_subject ⇒ Object

Returns current visitor.

# File 'lib/tight-auth/access.rb', line 103

def access_subject
  send settings.credentials_reader
end

#authorized? ⇒ Boolean

Checks if current visitor has access to current action with current controller.

Returns:

• (Boolean)

# File 'lib/tight-auth/access.rb', line 96

def authorized?
  access_action?
end