Class: Tasker::Authorization::BaseCoordinator

Inherits:

Object

• Object
• Tasker::Authorization::BaseCoordinator

Defined in:

lib/tasker/authorization/base_coordinator.rb

Overview

Base authorization coordinator providing the foundation for authorization logic.

This class implements the core authorization interface that can be extended by host applications to provide custom authorization logic. It follows the same dependency injection pattern as the authentication system.

Host applications should inherit from this class and implement the authorized? method to provide their authorization logic.

Examples:

Basic usage

coordinator = BaseCoordinator.new(current_user)
coordinator.authorize!('tasker.task', :show, { task_id: 123 })

Custom implementation

class MyAuthorizationCoordinator < BaseCoordinator
  protected

  def authorized?(resource, action, context = {})
    case resource
    when 'tasker.task'
      user.can_access_tasks?
    else
      false
    end
  end
end

Instance Attribute Summary

• #user ⇒ Object^? readonly protected

  The user object for authorization checks.

Instance Method Summary

• #authorization_enabled? ⇒ Boolean protected

  Check if authorization is enabled in the configuration.

• #authorize!(resource, action, context = {}) ⇒ true

  Authorize an action and raise an exception if not permitted.

• #authorized?(_resource, _action, _context = {}) ⇒ Boolean protected

  Authorization logic to be implemented by subclasses.

• #can?(resource, action, context = {}) ⇒ Boolean

  Check if an action is authorized.

• #initialize(user = nil) ⇒ BaseCoordinator constructor

  Initialize the authorization coordinator.

Constructor Details

#initialize(user = nil) ⇒ BaseCoordinator

Initialize the authorization coordinator

Parameters:

• user (Object, nil) (defaults to: nil) —

  The user object to authorize against

# File 'lib/tasker/authorization/base_coordinator.rb', line 35

def initialize(user = nil)
  @user = user
end

Instance Attribute Details

#user ⇒ Object^? (readonly, protected)

The user object for authorization checks

Returns:

• (Object, nil) —

  The current user

# File 'lib/tasker/authorization/base_coordinator.rb', line 109

def user
  @user
end

Instance Method Details

#authorization_enabled? ⇒ Boolean (protected)

Check if authorization is enabled in the configuration

Returns:

• (Boolean) —

  True if authorization is enabled

# File 'lib/tasker/authorization/base_coordinator.rb', line 102

def authorization_enabled?
  Tasker::Configuration.configuration.auth.authorization_enabled
end

#authorize!(resource, action, context = {}) ⇒ true

Authorize an action and raise an exception if not permitted

This method checks authorization and raises an UnauthorizedError if the action is not permitted.

Parameters:

• resource (String) —

  The resource being accessed (e.g., 'tasker.task')

• action (Symbol, String) —

  The action being performed (e.g., :show)

• context (Hash) (defaults to: {}) —

  Additional context for authorization decisions

Returns:

• (true) —

  When the action is authorized

Raises:

• (UnauthorizedError) —

  When the action is not authorized

# File 'lib/tasker/authorization/base_coordinator.rb', line 49

def authorize!(resource, action, context = {})
  unless can?(resource, action, context)
    raise UnauthorizedError,
          "Not authorized to #{action} on #{resource}"
  end

  true
end

#authorized?(_resource, _action, _context = {}) ⇒ Boolean (protected)

Authorization logic to be implemented by subclasses

This method should be overridden by host applications to provide their specific authorization logic. The default implementation denies all access.

Parameters:

• _resource (String) —

  The resource being accessed (unused in base implementation)

• _action (Symbol, String) —

  The action being performed (unused in base implementation)

• _context (Hash) (defaults to: {}) —

  Additional context for authorization decisions (unused in base implementation)

Returns:

• (Boolean) —

  True if the action should be authorized

# File 'lib/tasker/authorization/base_coordinator.rb', line 93

def authorized?(_resource, _action, _context = {})
  # Default implementation: deny all access
  # Subclasses should override this method
  false
end

#can?(resource, action, context = {}) ⇒ Boolean

Check if an action is authorized

This method performs the authorization check without raising an exception. It validates the resource and action exist, then delegates to the authorized? method for the actual authorization logic.

Parameters:

• resource (String) —

  The resource being accessed

• action (Symbol, String) —

  The action being performed

• context (Hash) (defaults to: {}) —

  Additional context for authorization decisions

Returns:

• (Boolean) —

  True if the action is authorized

# File 'lib/tasker/authorization/base_coordinator.rb', line 68

def can?(resource, action, context = {})
  # Allow all actions if authorization is disabled
  return true unless authorization_enabled?

  # Validate resource and action exist in the registry
  unless ResourceRegistry.action_exists?(resource, action)
    raise ArgumentError, "Unknown resource:action '#{resource}:#{action}'"
  end

  # Delegate to subclass implementation
  authorized?(resource, action, context)
end