Class: Trust::Authorization
- Inherits:
-
Object
- Object
- Trust::Authorization
- Defined in:
- lib/trust/authorization.rb
Overview
Trust Authorization
Class Method Summary collapse
-
.access_denied!(message = nil, action = nil, subject = nil, parent = nil) ⇒ Object
:nodoc:.
-
.authorize!(action, object_or_class, *args) ⇒ Object
Tests if user is authorized to perform
action
onobject
orclass
, with the optional parent and raises Trust::AccessDenied exception if not permitted. -
.authorized?(action, object_or_class, *args) ⇒ Boolean
Returns true if user is authorized to perform
action
onobject
orclass
. -
.user ⇒ Object
Returns the current
user
being used in the authorization process. -
.user=(user) ⇒ Object
Sets the current
user
to be used in the authorization process.
Class Method Details
.access_denied!(message = nil, action = nil, subject = nil, parent = nil) ⇒ Object
:nodoc:
80 81 82 |
# File 'lib/trust/authorization.rb', line 80 def access_denied!( = nil, action = nil, subject = nil, parent = nil) #:nodoc: raise AccessDenied.new(, action, subject) end |
.authorize!(action, object_or_class, *args) ⇒ Object
Tests if user is authorized to perform action
on object
or class
, with the optional parent and raises Trust::AccessDenied exception if not permitted.
Options:
-
:parent
- the parent class to associate the subject with, can also be specified after the object or class. Ifparent
is given,parent
may be tested in the implemented Permissions class.:parent
is also aliased to:for
. -
:by
- Spoecify an actor instead of the user currently logged in -
:message
- The message to be passed onto the AccessDenied exception class
This method is used by the access_control
method in Trust::Controller
73 74 75 76 77 78 |
# File 'lib/trust/authorization.rb', line 73 def (action, object_or_class, *args) = args. parent = [:parent] || [:for] || args.first = [:message] access_denied!(, action, object_or_class, parent) unless (action, object_or_class, parent, ) end |
.authorized?(action, object_or_class, *args) ⇒ Boolean
Returns true if user is authorized to perform action
on object
or class
.
Options:
-
:parent
- the parent class to associate the subject with, can also be specified after the object or class. Ifparent
is given,parent
may be tested in the implemented Permissions class.:parent
is also aliased to:for
. -
:by
- Spoecify an actor instead of the user currently logged in
This method is called by the can?
method in Trust::Controller, and is normally not necessary to call directly.
42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 |
# File 'lib/trust/authorization.rb', line 42 def (action, object_or_class, *args) = args. parent = [:parent] || [:for] || args.first actor = [:by] || user if object_or_class.is_a? Class klass = object_or_class object = nil else klass = object_or_class.class object = object_or_class end # Identify which class to instanciate and then check authorization auth = (klass) # Rails.logger.debug "Trust: Authorizing class for #{klass.name} is #{auth.name}" auth.new(actor, action.to_sym, klass, object, parent). end |
.user ⇒ Object
Returns the current user
being used in the authorization process
85 86 87 |
# File 'lib/trust/authorization.rb', line 85 def user Thread.current["current_user"] end |
.user=(user) ⇒ Object
Sets the current user
to be used in the authorization process. The user
is thread safe.
91 92 93 |
# File 'lib/trust/authorization.rb', line 91 def user=(user) Thread.current["current_user"] = user end |