Class: SiriusApi::BaseAuthorizer

Inherits:
Object
  • Object
show all
Defined in:
lib/sirius_api/base_authorizer.rb

Direct Known Subclasses

EventsAuthorizer, PeopleAuthorizer

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(current_user) ⇒ BaseAuthorizer

Creates a new authorizer.


61
62
63
# File 'lib/sirius_api/base_authorizer.rb', line 61

def initialize(current_user)
  @current_user = current_user
end

Instance Attribute Details

#current_userObject (readonly)

Returns the value of attribute current_user


14
15
16
# File 'lib/sirius_api/base_authorizer.rb', line 14

def current_user
  @current_user
end

Class Method Details

.permit(http_method, url, options = {}) ⇒ Object

Defines a new access rule.

This should be only called inside the .scope block, because a scope definition is required for every rule definition.

Options Hash (options):

  • :only (Proc)

    Proc for optionally restricting the defined access rule. If set, the access will be only allowed if the block returns true.


42
43
44
45
46
# File 'lib/sirius_api/base_authorizer.rb', line 42

def permit(http_method, url, options = {})
  @current_scopes.each do |scope|
    (scope_registry[scope] ||= []) << Permission.new(http_method, url, options)
  end
end

.scope(*scopes, &block) ⇒ Object

Sets scope(s) for access rule definitions (defined by .permit).

Calling .permit inside the given block will define a new access rule for all the specified scopes.


25
26
27
28
# File 'lib/sirius_api/base_authorizer.rb', line 25

def scope(*scopes, &block)
  @current_scopes = Scopes.new(scopes)
  yield
end

.scope_registryHash


50
51
52
# File 'lib/sirius_api/base_authorizer.rb', line 50

def scope_registry
  @scope_registry ||= {}
end

Instance Method Details

#authorize_request!(http_method, url, route_params = {}) ⇒ Object

Performs access check for an HTTP request.

Access check is done by searching for an access rule matching the current request. The set of searched rules is limited by specified scopes. If no matching rule is found, access is denied, otherwise matching rule is evaluated and access is granted / denied according to rule parameters.

Raises:


79
80
81
82
83
84
# File 'lib/sirius_api/base_authorizer.rb', line 79

def authorize_request!(http_method, url, route_params = {})
  unless check_access(current_user.scopes, http_method, url, route_params)
    fail SiriusApi::Errors::Authorization,
      "Access not permitted for #{current_user} on #{http_method.upcase} #{url}."
  end
end