Class: Trust::Authorization
- Inherits:
-
Object
- Object
- Trust::Authorization
- Defined in:
- lib/trust/authorization.rb
Overview
Trust Authorization
Defined Under Namespace
Classes: ResourceNotLoaded
Instance Attribute Summary collapse
-
#action ⇒ Object
readonly
Returns the value of attribute action.
-
#actor ⇒ Object
readonly
Returns the value of attribute actor.
-
#authorization ⇒ Object
readonly
Returns the value of attribute authorization.
-
#klass ⇒ Object
readonly
Returns the value of attribute klass.
-
#object ⇒ Object
readonly
Returns the value of attribute object.
-
#parent ⇒ Object
readonly
Returns the value of attribute parent.
-
#resource ⇒ Object
readonly
Returns the value of attribute resource.
Class Method Summary collapse
-
.authorize!(action, object_or_class_or_resource, *args) ⇒ Object
Tests if user is authorized to perform
action
onobject
orclass
, with the optional parent and raises Trust::AccessDenied exception if not permitted. -
.authorized?(action, object_or_class_or_resource, *args) ⇒ Boolean
Returns true if user is authorized to perform
action
onobject
orclass
. -
.user ⇒ Object
Returns the current
user
being used in the authorization process. -
.user=(user) ⇒ Object
Sets the current
user
to be used in the authorization process.
Instance Method Summary collapse
-
#access_denied!(message = nil, action = nil, subject = nil, parent = nil) ⇒ Object
:nodoc:.
- #authorize! ⇒ Object
- #authorized? ⇒ Boolean
-
#initialize(action, resource_object_or_class, *args) ⇒ Authorization
constructor
A new instance of Authorization.
- #instance_loaded(instance) ⇒ Object
- #permissions ⇒ Object
-
#preload ⇒ Object
Preloads resource require and permit attributes, so that new objects can be initialized properly raises ResourceNotLoaded if Authorization object was not initialized with a resource object.
Constructor Details
#initialize(action, resource_object_or_class, *args) ⇒ Authorization
Returns a new instance of Authorization.
85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 |
# File 'lib/trust/authorization.rb', line 85 def initialize(action, resource_object_or_class, *args) = args. @action = action.to_sym if resource_object_or_class.is_a? Trust::Controller::Resource @resource = resource_object_or_class @klass = resource.klass @object = resource.instance @actor = [:by] || user @parent = resource.parent else @parent = [:parent] || [:for] || args.first @actor = [:by] || user if resource_object_or_class.is_a? Class @klass = resource_object_or_class @object = nil else @klass = resource_object_or_class.class @object = resource_object_or_class end end auth = # Rails.logger.debug "Trust: Authorizing class for #{klass.name} is #{auth.name}" @authorization = auth.new(@actor, @action, @klass, @object, @parent) end |
Instance Attribute Details
#action ⇒ Object (readonly)
Returns the value of attribute action.
81 82 83 |
# File 'lib/trust/authorization.rb', line 81 def action @action end |
#actor ⇒ Object (readonly)
Returns the value of attribute actor.
81 82 83 |
# File 'lib/trust/authorization.rb', line 81 def actor @actor end |
#authorization ⇒ Object (readonly)
Returns the value of attribute authorization.
81 82 83 |
# File 'lib/trust/authorization.rb', line 81 def @authorization end |
#klass ⇒ Object (readonly)
Returns the value of attribute klass.
81 82 83 |
# File 'lib/trust/authorization.rb', line 81 def klass @klass end |
#object ⇒ Object (readonly)
Returns the value of attribute object.
81 82 83 |
# File 'lib/trust/authorization.rb', line 81 def object @object end |
#parent ⇒ Object (readonly)
Returns the value of attribute parent.
81 82 83 |
# File 'lib/trust/authorization.rb', line 81 def parent @parent end |
#resource ⇒ Object (readonly)
Returns the value of attribute resource.
81 82 83 |
# File 'lib/trust/authorization.rb', line 81 def resource @resource end |
Class Method Details
.authorize!(action, object_or_class_or_resource, *args) ⇒ Object
Tests if user is authorized to perform action
on object
or class
, with the optional parent and raises Trust::AccessDenied exception if not permitted. If user is authorized, sets the params_handler for the resource.
Options:
-
:parent
- the parent class to associate the subject with, can also be specified after the object or class. Ifparent
is given,parent
may be tested in the implemented Permissions class.:parent
is also aliased to:for
. -
:by
- Spoecify an actor instead of the user currently logged in -
:message
- The message to be passed onto the AccessDenied exception class
This method is used by the access_control
method in Trust::Controller
65 66 67 |
# File 'lib/trust/authorization.rb', line 65 def (action, object_or_class_or_resource, *args) new(action, object_or_class_or_resource, *args). end |
.authorized?(action, object_or_class_or_resource, *args) ⇒ Boolean
Returns true if user is authorized to perform action
on object
or class
.
Options:
-
:parent
- the parent class to associate the subject with, can also be specified after the object or class. Ifparent
is given,parent
may be tested in the implemented Permissions class.:parent
is also aliased to:for
. -
:by
- Spoecify an actor instead of the user currently logged in
This method is called by the can?
method in Trust::Controller, and is normally not necessary to call directly.
46 47 48 |
# File 'lib/trust/authorization.rb', line 46 def (action, object_or_class_or_resource, *args) new(action, object_or_class_or_resource, *args). end |
.user ⇒ Object
Returns the current user
being used in the authorization process
70 71 72 |
# File 'lib/trust/authorization.rb', line 70 def user Thread.current["current_user"] end |
.user=(user) ⇒ Object
Sets the current user
to be used in the authorization process. The user
is thread safe.
76 77 78 |
# File 'lib/trust/authorization.rb', line 76 def user=(user) Thread.current["current_user"] = user end |
Instance Method Details
#access_denied!(message = nil, action = nil, subject = nil, parent = nil) ⇒ Object
:nodoc:
110 111 112 |
# File 'lib/trust/authorization.rb', line 110 def access_denied!( = nil, action = nil, subject = nil, parent = nil) #:nodoc: raise AccessDenied.new(, action, subject) end |
#authorize! ⇒ Object
114 115 116 117 118 119 120 |
# File 'lib/trust/authorization.rb', line 114 def if perm = resource.params_handler = perm else access_denied!(nil, action, object || klass) end end |
#authorized? ⇒ Boolean
122 123 124 |
# File 'lib/trust/authorization.rb', line 122 def !! end |
#instance_loaded(instance) ⇒ Object
126 127 128 |
# File 'lib/trust/authorization.rb', line 126 def instance_loaded(instance) @authorization.subject = instance end |
#permissions ⇒ Object
137 138 139 |
# File 'lib/trust/authorization.rb', line 137 def . end |
#preload ⇒ Object
Preloads resource require and permit attributes, so that new objects can be initialized properly raises ResourceNotLoaded if Authorization object was not initialized with a resource object
132 133 134 135 |
# File 'lib/trust/authorization.rb', line 132 def preload raise ResourceNotLoaded unless resource resource.params_handler = .preload end |