class HaveAPI::Authorization
Public Class Methods
Source
# File lib/haveapi/authorization.rb, line 3 def initialize(&block) @blocks = [block] end
Public Instance Methods
Source
# File lib/haveapi/authorization.rb, line 74 def filter_input(input, params) filter_inner(input, @input, params, false) end
Source
# File lib/haveapi/authorization.rb, line 78 def filter_output(output, params, format = false) filter_inner(output, @output, params, format) end
Source
# File lib/haveapi/authorization.rb, line 7 def initialize_clone(other) super @blocks = other.instance_variable_get('@blocks').clone end
Calls superclass method
Source
# File lib/haveapi/authorization.rb, line 39 def input(whitelist: nil, blacklist: nil) @input = { whitelist:, blacklist: } end
Restrict parameters client can set/change. @param whitelist [Array<Symbol>] allow only listed parameters @param blacklist [Array<Symbol>] allow all parameters except listed ones
Source
# File lib/haveapi/authorization.rb, line 49 def output(whitelist: nil, blacklist: nil) @output = { whitelist:, blacklist: } end
Restrict parameters client can retrieve. @param whitelist [Array<Symbol>] allow only listed parameters @param blacklist [Array<Symbol>] allow all parameters except listed ones
Source
# File lib/haveapi/authorization.rb, line 26 def prepend_block(block) @blocks.insert(0, block) end
Source
# File lib/haveapi/authorization.rb, line 32 def restrict(**kwargs) @restrict << kwargs end
Apply restrictions on query which selects objects from database. Most common usage is restrict user to access only objects he owns.
Source
# File lib/haveapi/authorization.rb, line 64 def restrictions ret = {} @restrict.each do |r| ret.update(r) end ret end
Private Instance Methods
Source
# File lib/haveapi/authorization.rb, line 84 def filter_inner(allowed_params, direction, params, format) allowed = {} allowed_params.each do |p| if params.has_param?(p.name) allowed[p.name] = format ? p.format_output(params[p.name]) : params[p.name] elsif params.has_param?(p.name.to_s) # FIXME: remove double checking allowed[p.name] = format ? p.format_output(params[p.name.to_s]) : params[p.name.to_s] end end return allowed unless direction if direction[:whitelist] ret = {} direction[:whitelist].each do |p| ret[p] = allowed[p] if allowed.has_key?(p) end ret elsif direction[:blacklist] ret = allowed.dup direction[:blacklist].each do |p| ret.delete(p) end ret else allowed end end