module Authority::Controller

Gets included into the app's controllers automatically by the railtie

Attributes

authorization_performed[W]

Public Class Methods

security_violation_callback() click to toggle source
# File lib/authority/controller.rb, line 8
def self.security_violation_callback
  Proc.new do |exception|
    # Through the magic of `instance_exec` `ActionController::Base#rescue_from`
    # can call this proc and make `self` the actual controller instance
    self.send(Authority.configuration.security_violation_handler, exception)
  end
end

Public Instance Methods

authorization_performed?() click to toggle source
# File lib/authority/controller.rb, line 24
def authorization_performed?
  !!@authorization_performed
end
ensure_authorization_performed(options = {}) click to toggle source
# File lib/authority/controller.rb, line 28
def ensure_authorization_performed(options = {})
  return if authorization_performed?
  return if options[:if]     && !send(options[:if])
  return if options[:unless] && send(options[:unless])
  raise AuthorizationNotPerformed, "No authorization was performed for #{self.class.to_s}##{self.action_name}"
end

Protected Instance Methods

authority_forbidden(error) click to toggle source

Renders a static file to minimize the chances of further errors.

@param [Exception] error, an error that indicates the user tried to perform a forbidden action.

# File lib/authority/controller.rb, line 146
def authority_forbidden(error)
  Authority.logger.warn(error.message)
  render :file => Rails.root.join('public', '403.html'), :status => 403, :layout => false
end
authority_success(user, action, resource) click to toggle source

This method can be overloaded inside the application controller, similar to authority_forbidden.

# File lib/authority/controller.rb, line 152
def authority_success(user, action, resource)
  # Do nothing by default, but provide the option for users to override if they will.
end
authorize_action_for(authority_resource, *options) click to toggle source

To be run in a `before_filter`; ensure this controller action is allowed for the user Can be used directly within a controller action as well, given an instance or class with or without options to delegate to the authorizer.

@param [Class] authority_resource, the model class associated with this controller @param [Hash] options, arbitrary options hash to forward up the chain to the authorizer @raise [MissingAction] if controller action isn't a key in `config.controller_action_map`

# File lib/authority/controller.rb, line 128
def authorize_action_for(authority_resource, *options)
  # `action_name` comes from ActionController
  authority_action = self.class.authority_action_map[action_name.to_sym]
  if authority_action.nil?
    raise MissingAction.new("No authority action defined for #{action_name}")
  end

  Authority.enforce(authority_action, authority_resource, authority_user, *options)

  # This method is always invoked, but will only log if it's overriden
  authority_success(authority_user, authority_action, authority_resource)
  
  self.authorization_performed = true
end

Private Instance Methods

authority_user() click to toggle source

Convenience wrapper for sending configured `user_method` to extract the request's current user

@return [Object] the user object returned from sending the user_method

# File lib/authority/controller.rb, line 188
def authority_user
  send(Authority.configuration.user_method)
end
instance_authority_resource() click to toggle source
# File lib/authority/controller.rb, line 171
def instance_authority_resource
  case self.class.authority_resource
  when Class          then self.class.authority_resource
  when String, Symbol then send(self.class.authority_resource)
  end
rescue NoMethodError
  raise MissingResource.new(
      "Trying to authorize actions for '#{self.class.authority_resource}', but can't. \
      Must be either a resource class OR the name of a controller instance method that \
      returns one.".squeeze(' ')
  )
end
run_authorization_check() click to toggle source

The `before_filter` that will be setup to run when the class method `authorize_actions_for` is called

# File lib/authority/controller.rb, line 160
def run_authorization_check
  if instance_authority_resource.is_a?(Array)
    # Array includes options; pass as separate args
    authorize_action_for(*instance_authority_resource, *authority_arguments)
  else
    # *resource would be interpreted as resource.to_a, which is wrong and
    # actually triggers a query if it's a Sequel model
    authorize_action_for(instance_authority_resource, *authority_arguments)
  end
end