Class: Trust::Authorization

Inherits:

Object

• Object
• Trust::Authorization

Defined in:

lib/trust/authorization.rb

Overview

Trust Authorization

Class Method Summary

• .access_denied!(message = nil, action = nil, subject = nil, parent = nil) ⇒ Object

  :nodoc:.

• .authorize!(action, object_or_class, *args) ⇒ Object

  Tests if user is authorized to perform action on object or class, with the optional parent and raises Trust::AccessDenied exception if not permitted.

• .authorized?(action, object_or_class, *args) ⇒ Boolean

  Returns true if user is authorized to perform action on object or class.

• .user ⇒ Object

  Returns the current user being used in the authorization process.

• .user=(user) ⇒ Object

  Sets the current user to be used in the authorization process.

Class Method Details

.access_denied!(message = nil, action = nil, subject = nil, parent = nil) ⇒ Object

:nodoc:

Raises:

• (AccessDenied)

# File 'lib/trust/authorization.rb', line 80

def access_denied!(message = nil, action = nil, subject = nil, parent = nil) #:nodoc:
  raise AccessDenied.new(message, action, subject)
end

.authorize!(action, object_or_class, *args) ⇒ Object

Tests if user is authorized to perform action on object or class, with the optional parent and raises Trust::AccessDenied exception if not permitted.

Options:

• :parent - the parent class to associate the subject with, can also be specified after the object or class. If parent is given, parent may be tested in the implemented Permissions class. :parent is also aliased to :for.

• :by - Spoecify an actor instead of the user currently logged in

• :message - The message to be passed onto the AccessDenied exception class

This method is used by the access_control method in Trust::Controller

# File 'lib/trust/authorization.rb', line 73

def authorize!(action, object_or_class, *args)
  options = args.extract_options!
  parent = options[:parent] || options[:for] || args.first
  message = options[:message]
  access_denied!(message, action, object_or_class, parent) unless authorized?(action, object_or_class, parent, options)
end

.authorized?(action, object_or_class, *args) ⇒ Boolean

Returns true if user is authorized to perform action on object or class.

Options:

• :parent - the parent class to associate the subject with, can also be specified after the object or class. If parent is given, parent may be tested in the implemented Permissions class. :parent is also aliased to :for.

• :by - Spoecify an actor instead of the user currently logged in

This method is called by the can? method in Trust::Controller, and is normally not necessary to call directly.

Returns:

• (Boolean)

# File 'lib/trust/authorization.rb', line 42

def authorized?(action, object_or_class, *args)
  options = args.extract_options!
  parent = options[:parent] || options[:for] || args.first
  actor = options[:by] || user
  if object_or_class.is_a? Class
    klass = object_or_class
    object = nil
  else
    klass = object_or_class.class
    object = object_or_class
  end
  # Identify which class to instanciate and then check authorization
  auth = authorizing_class(klass)
  # Rails.logger.debug "Trust: Authorizing class for #{klass.name} is #{auth.name}"
  auth.new(actor, action.to_sym, klass, object, parent).authorized?
end

.user ⇒ Object

Returns the current user being used in the authorization process

# File 'lib/trust/authorization.rb', line 85

def user
  Thread.current["current_user"] 
end

.user=(user) ⇒ Object

Sets the current user to be used in the authorization process. The user is thread safe.

# File 'lib/trust/authorization.rb', line 91

def user=(user)
  Thread.current["current_user"] = user
end