class Tuersteher::AccessRulesStorage
Constants
- DEFAULT_RULES_CONFIG_FILE
Attributes
Public Class Methods
private initializer why this class is a singleton
# File lib/tuersteher.rb, line 46 def initialize @path_rules = [] @model_rules = [] @check_intervall = 300 # set default check interval to 5 minutes @mutex = Mutex.new end
Public Instance Methods
create new rule as deny-rule and add this to the model_rules
array
# File lib/tuersteher.rb, line 166 def deny rule = grant rule.deny end
evaluated rules_definitions and create path-/model-rules
# File lib/tuersteher.rb, line 95 def eval_rules rules_definitions @path_rules = [] @model_rules = [] eval rules_definitions, binding, (@rules_config_file||'no file') @was_read = true Tuersteher::TLogger.logger.info "Tuersteher::AccessRulesStorage: #{@path_rules.size} path-rules and #{@model_rules.size} model-rules loaded" extend_path_rules_with_prefix end
create new rule as grant-rule and add this to the model_rules
array
# File lib/tuersteher.rb, line 158 def grant rule = @current_rule_class.new(@current_rule_init) @current_rule_storage << rule rule.grant end
definiert Model-basierende Zugriffsregel
model_class: Model-Klassenname(als CLass oder String) oder :all fuer alle
# File lib/tuersteher.rb, line 142 def model model_class if block_given? @current_rule_class = ModelAccessRule @current_rule_init = model_class @current_rule_storage = @model_rules yield @current_rule_class = @current_rule_init = @current_rule_storage = nil else rule = ModelAccessRule.new(model_class) @model_rules << rule rule end end
get all model_rules
as array of ModelAccessRule-Instances
# File lib/tuersteher.rb, line 64 def model_rules read_rules_if_needed @model_rules end
definiert HTTP-Pfad-basierende Zugriffsregel
path: :all fuer beliebig, sonst String mit der http-path beginnen muss,
wird als RegEX-Ausdruck ausgewertet
# File lib/tuersteher.rb, line 124 def path url_path if block_given? @current_rule_class = PathAccessRule @current_rule_init = url_path @current_rule_storage = @path_rules yield @current_rule_class = @current_rule_init = nil else rule = PathAccessRule.new(url_path) @path_rules << rule rule end end
get all path_rules
as array of PathAccessRule-Instances
# File lib/tuersteher.rb, line 58 def path_rules read_rules_if_needed @path_rules end
Load AccesRules from file
config/access_rules.rb
# File lib/tuersteher.rb, line 106 def read_rules @was_read = false @mutex.synchronize do return if @was_read # dann hat ein anderer Thread bereits gelesen content = File.read self.rules_config_file if content eval_rules content end end rescue => ex Tuersteher::TLogger.logger.error "Tuersteher::AccessRulesStorage - Error in rules: #{ex.message}\n\t"+ex.backtrace.join("\n\t") end
# File lib/tuersteher.rb, line 70 def read_rules_if_needed if @was_read # im check_intervall pruefen ob AccessRules-File sich geändert hat t = Time.now.to_i @last_read_check ||= t if (t - @last_read_check) > @check_intervall @last_read_check = t cur_mtime = File.mtime(self.rules_config_file) @last_mtime ||= cur_mtime if cur_mtime > @last_mtime @last_mtime = cur_mtime read_rules end end else read_rules end end
# File lib/tuersteher.rb, line 53 def ready? @was_read end
# File lib/tuersteher.rb, line 90 def rules_config_file @rules_config_file ||= File.join(Rails.root, 'config', DEFAULT_RULES_CONFIG_FILE) end
Private Instance Methods
Erweitern des Path um einen Prefix Ist notwenig wenn z.B. die Rails-Anwendung nicht als root-Anwendung läuft also root_path != '/' ist.'
# File lib/tuersteher.rb, line 177 def extend_path_rules_with_prefix return if @path_prefix.nil? || @path_rules.nil? prefix = @path_prefix.chomp('/') # das abschliessende / entfernen @path_rules.each do |rule| path_spec = rule.path_spezification if path_spec path_spec.path = "#{prefix}#{path_spec.path}" end end Tuersteher::TLogger.logger.info "extend_path_rules_with_prefix: #{prefix}" end