Class: Trust::Authorization

Inherits:

Object

• Object
• Trust::Authorization

Defined in:

lib/trust/authorization.rb

Overview

Trust Authorization

Defined Under Namespace

Classes: ResourceNotLoaded

Instance Attribute Summary

• #action ⇒ Object readonly

  Returns the value of attribute action.

• #actor ⇒ Object readonly

  Returns the value of attribute actor.

• #authorization ⇒ Object readonly

  Returns the value of attribute authorization.

• #klass ⇒ Object readonly

  Returns the value of attribute klass.

• #object ⇒ Object readonly

  Returns the value of attribute object.

• #parent ⇒ Object readonly

  Returns the value of attribute parent.

• #resource ⇒ Object readonly

  Returns the value of attribute resource.

Class Method Summary

• .authorize!(action, object_or_class_or_resource, *args) ⇒ Object

  Tests if user is authorized to perform action on object or class, with the optional parent and raises Trust::AccessDenied exception if not permitted.

• .authorized?(action, object_or_class_or_resource, *args) ⇒ Boolean

  Returns true if user is authorized to perform action on object or class.

• .user ⇒ Object

  Returns the current user being used in the authorization process.

• .user=(user) ⇒ Object

  Sets the current user to be used in the authorization process.

Instance Method Summary

• #access_denied!(message = nil, action = nil, subject = nil, parent = nil) ⇒ Object

  :nodoc:.

• #authorize! ⇒ Object
• #authorized? ⇒ Boolean
• #initialize(action, resource_object_or_class, *args) ⇒ Authorization constructor

  A new instance of Authorization.

• #instance_loaded(instance) ⇒ Object
• #permissions ⇒ Object
• #preload ⇒ Object

  Preloads resource require and permit attributes, so that new objects can be initialized properly raises ResourceNotLoaded if Authorization object was not initialized with a resource object.

Constructor Details

#initialize(action, resource_object_or_class, *args) ⇒ Authorization

Returns a new instance of Authorization.

# File 'lib/trust/authorization.rb', line 85

def initialize(action, resource_object_or_class, *args)
  options = args.extract_options!
  @action = action.to_sym
  if resource_object_or_class.is_a? Trust::Controller::Resource
    @resource = resource_object_or_class
    @klass = resource.klass
    @object = resource.instance
    @actor = options[:by] || user
    @parent = resource.parent
  else
    @parent = options[:parent] || options[:for] || args.first
    @actor = options[:by] || user
    if resource_object_or_class.is_a? Class
      @klass = resource_object_or_class
      @object = nil
    else
      @klass = resource_object_or_class.class
      @object = resource_object_or_class
    end
  end
  auth = authorizing_class
  # Rails.logger.debug "Trust: Authorizing class for #{klass.name} is #{auth.name}"
  @authorization = auth.new(@actor, @action, @klass, @object, @parent)
end

Instance Attribute Details

#action ⇒ Object (readonly)

Returns the value of attribute action.

# File 'lib/trust/authorization.rb', line 81

def action
  @action
end

#actor ⇒ Object (readonly)

Returns the value of attribute actor.

# File 'lib/trust/authorization.rb', line 81

def actor
  @actor
end

#authorization ⇒ Object (readonly)

Returns the value of attribute authorization.

# File 'lib/trust/authorization.rb', line 81

def authorization
  @authorization
end

#klass ⇒ Object (readonly)

Returns the value of attribute klass.

# File 'lib/trust/authorization.rb', line 81

def klass
  @klass
end

#object ⇒ Object (readonly)

Returns the value of attribute object.

# File 'lib/trust/authorization.rb', line 81

def object
  @object
end

#parent ⇒ Object (readonly)

Returns the value of attribute parent.

# File 'lib/trust/authorization.rb', line 81

def parent
  @parent
end

#resource ⇒ Object (readonly)

Returns the value of attribute resource.

# File 'lib/trust/authorization.rb', line 81

def resource
  @resource
end

Class Method Details

.authorize!(action, object_or_class_or_resource, *args) ⇒ Object

Tests if user is authorized to perform action on object or class, with the optional parent and raises Trust::AccessDenied exception if not permitted. If user is authorized, sets the params_handler for the resource.

Options:

• :parent - the parent class to associate the subject with, can also be specified after the object or class. If parent is given, parent may be tested in the implemented Permissions class. :parent is also aliased to :for.

• :by - Spoecify an actor instead of the user currently logged in

• :message - The message to be passed onto the AccessDenied exception class

This method is used by the access_control method in Trust::Controller

# File 'lib/trust/authorization.rb', line 65

def authorize!(action, object_or_class_or_resource, *args)
  new(action, object_or_class_or_resource, *args).authorize!
end

.authorized?(action, object_or_class_or_resource, *args) ⇒ Boolean

Returns true if user is authorized to perform action on object or class.

Options:

• :parent - the parent class to associate the subject with, can also be specified after the object or class. If parent is given, parent may be tested in the implemented Permissions class. :parent is also aliased to :for.

• :by - Spoecify an actor instead of the user currently logged in

This method is called by the can? method in Trust::Controller, and is normally not necessary to call directly.

Returns:

• (Boolean)

# File 'lib/trust/authorization.rb', line 46

def authorized?(action, object_or_class_or_resource, *args)
  new(action, object_or_class_or_resource, *args).authorized?
end

.user ⇒ Object

Returns the current user being used in the authorization process

# File 'lib/trust/authorization.rb', line 70

def user
  Thread.current["current_user"] 
end

.user=(user) ⇒ Object

Sets the current user to be used in the authorization process. The user is thread safe.

# File 'lib/trust/authorization.rb', line 76

def user=(user)
  Thread.current["current_user"] = user
end

Instance Method Details

#access_denied!(message = nil, action = nil, subject = nil, parent = nil) ⇒ Object

:nodoc:

Raises:

• (AccessDenied)

# File 'lib/trust/authorization.rb', line 110

def access_denied!(message = nil, action = nil, subject = nil, parent = nil) #:nodoc:
  raise AccessDenied.new(message, action, subject)
end

#authorize! ⇒ Object

# File 'lib/trust/authorization.rb', line 114

def authorize!
  if perm = permissions
    resource.params_handler = perm
  else
    access_denied!(nil, action, object || klass)
  end
end

#authorized? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/trust/authorization.rb', line 122

def authorized?
  !!permissions
end

#instance_loaded(instance) ⇒ Object

# File 'lib/trust/authorization.rb', line 126

def instance_loaded(instance)
  @authorization.subject = instance
end

#permissions ⇒ Object

# File 'lib/trust/authorization.rb', line 137

def permissions
  authorization.authorized?
end

#preload ⇒ Object

Preloads resource require and permit attributes, so that new objects can be initialized properly raises ResourceNotLoaded if Authorization object was not initialized with a resource object

Raises:

• (ResourceNotLoaded)

# File 'lib/trust/authorization.rb', line 132

def preload
  raise ResourceNotLoaded unless resource
  resource.params_handler = authorization.preload
end