class Tuersteher::AccessRulesStorage

Constants

DEFAULT_RULES_CONFIG_FILE

Attributes

check_intervall[RW]
path_prefix[RW]
rules_config_file[W]

Public Class Methods

new() click to toggle source

private initializer why this class is a singleton

# File lib/tuersteher.rb, line 46
def initialize
  @path_rules = []
  @model_rules = []
  @check_intervall = 300 # set default check interval to 5 minutes
  @mutex = Mutex.new
end

Public Instance Methods

deny() click to toggle source

create new rule as deny-rule and add this to the model_rules array

# File lib/tuersteher.rb, line 166
def deny
  rule = grant
  rule.deny
end
eval_rules(rules_definitions) click to toggle source

evaluated rules_definitions and create path-/model-rules

# File lib/tuersteher.rb, line 95
def eval_rules rules_definitions
  @path_rules = []
  @model_rules = []
  eval rules_definitions, binding, (@rules_config_file||'no file')
  @was_read = true
  Tuersteher::TLogger.logger.info "Tuersteher::AccessRulesStorage: #{@path_rules.size} path-rules and #{@model_rules.size} model-rules loaded"
  extend_path_rules_with_prefix
end
grant() click to toggle source

create new rule as grant-rule and add this to the model_rules array

# File lib/tuersteher.rb, line 158
def grant
  rule = @current_rule_class.new(@current_rule_init)
  @current_rule_storage << rule
  rule.grant
end
model(model_class) { || ... } click to toggle source

definiert Model-basierende Zugriffsregel

model_class: Model-Klassenname(als CLass oder String) oder :all fuer alle

# File lib/tuersteher.rb, line 142
def model model_class
  if block_given?
    @current_rule_class = ModelAccessRule
    @current_rule_init = model_class
    @current_rule_storage = @model_rules
    yield
    @current_rule_class = @current_rule_init = @current_rule_storage = nil
  else
    rule = ModelAccessRule.new(model_class)
    @model_rules << rule
    rule
  end
end
model_rules() click to toggle source

get all model_rules as array of ModelAccessRule-Instances

# File lib/tuersteher.rb, line 64
def model_rules
  read_rules_if_needed
  @model_rules
end
path(url_path) { || ... } click to toggle source

definiert HTTP-Pfad-basierende Zugriffsregel

path: :all fuer beliebig, sonst String mit der http-path beginnen muss,

wird als RegEX-Ausdruck ausgewertet
# File lib/tuersteher.rb, line 124
def path url_path
  if block_given?
    @current_rule_class = PathAccessRule
    @current_rule_init = url_path
    @current_rule_storage = @path_rules
    yield
    @current_rule_class = @current_rule_init = nil
  else
    rule = PathAccessRule.new(url_path)
    @path_rules << rule
    rule
  end
end
path_rules() click to toggle source

get all path_rules as array of PathAccessRule-Instances

# File lib/tuersteher.rb, line 58
def path_rules
  read_rules_if_needed
  @path_rules
end
read_rules() click to toggle source

Load AccesRules from file

config/access_rules.rb
# File lib/tuersteher.rb, line 106
def read_rules
  @was_read = false
  @mutex.synchronize do
    return if @was_read # dann hat ein anderer Thread bereits gelesen
    content = File.read self.rules_config_file
    if content
      eval_rules content
    end
  end
rescue => ex
  Tuersteher::TLogger.logger.error "Tuersteher::AccessRulesStorage - Error in rules: #{ex.message}\n\t"+ex.backtrace.join("\n\t")
end
read_rules_if_needed() click to toggle source
# File lib/tuersteher.rb, line 70
def read_rules_if_needed
  if @was_read
    # im check_intervall pruefen ob AccessRules-File sich geändert hat
    t = Time.now.to_i
    @last_read_check ||= t
    if (t - @last_read_check) > @check_intervall
      @last_read_check = t
      cur_mtime = File.mtime(self.rules_config_file)
      @last_mtime ||= cur_mtime
      if cur_mtime > @last_mtime
        @last_mtime = cur_mtime
        read_rules
      end
    end
  else
    read_rules
  end
end
ready?() click to toggle source
# File lib/tuersteher.rb, line 53
def ready?
  @was_read
end
rules_config_file() click to toggle source
# File lib/tuersteher.rb, line 90
def rules_config_file
  @rules_config_file ||= File.join(Rails.root, 'config', DEFAULT_RULES_CONFIG_FILE)
end

Private Instance Methods

extend_path_rules_with_prefix() click to toggle source

Erweitern des Path um einen Prefix Ist notwenig wenn z.B. die Rails-Anwendung nicht als root-Anwendung läuft also root_path != '/' ist.'

# File lib/tuersteher.rb, line 177
def extend_path_rules_with_prefix
  return if @path_prefix.nil? || @path_rules.nil?
  prefix = @path_prefix.chomp('/') # das abschliessende / entfernen
  @path_rules.each do |rule|
    path_spec = rule.path_spezification
    if path_spec
      path_spec.path = "#{prefix}#{path_spec.path}"
    end
  end
  Tuersteher::TLogger.logger.info "extend_path_rules_with_prefix: #{prefix}"
end