module Eaco::Controller

An ActionController extension to verify authorization in Rails applications.

Tested on Rails 3.2 and up on Ruby 2.0 and up.

Protected Instance Methods

confront_eaco() click to toggle source

Asks Eaco whether thou shalt pass or not.

The implementation is left in this method's body, despite a bit long for many's taste, as it is pretty imperative and simple code. Moreover, the less we pollute ActionController's namespace, the better.

@return [void]

@raise [Error] if the instance variable configured in {.authorize} is not found @raise [Forbidden] if the current_user is not granted access.

La Guardiana

                                       /\
                      .-_-.           /  \
             ||   .-.(    .' .-.   // \  /
              \\\/ (((\   /)))  \ / // )(
               ) '._  ,-.   ___. )/ //(__)
               \_((( (  :)  \)))/ ,  / ||
                \_  \ '-' /_   /| ),// ||
                  \ (_._.'_ \ (o__//  _||_
                   \ )\  .(/ /  __)   \   \
                   ( \ '_  .'  /(      |-. \
                    \_'._'.\__/))))    (__)'.'.
                   _._   |  |    _.-._ ||   \ '.
                  / //--'  / '--//'-'/\||____\  '.
                  \---.\ .----.//  //  ||//  '\   \
                 /   ' \/    ' \\__\\ ,||\\_______.'
                 \\___//\\____//\____\ ||
      _.-'''---. /\___/  \____/  \\/   ||
   ..'_.''''---.|   /.  \        /     ||
 .'.-'O    __  /  _/  )_.--.____(      ||
/ / /  \__/  /'  /\ \(__.--._____)     ||
| |    /\ \  \_.' | |   \      |       ||
\  '.__\,_.'.__/./ /     ) .   |\      ||
 '..__ O --' ___..'     /\     /|'.    ||
      ''----'           | \/\.' / /'.  ||
                        |\(()).' /   \ ||
                      _/ \ \/   /     \||
              __..--''    '.   |      |||
          .-''            / '._|/     |||
         /                __.- /      /||
         \   ____..-----''    /      | ||
          '.     )).         |       / ||
            ''._//  \        .-----./  ||
                '.   \      (.-----.)  ||
                  '.  \      |    /    ||
                    )_ \     |   |     ||
                   /__'O\    ( ) (     ||
     _______mrf,-'____/|/__   |\  \    ||
                              |    |   ||
                              |____)  (__)
                              '-----'  ||
                               \   |   ||
                                \  |   ||
                                 \ |   ||
                                  | \  ||
                                  |_ \ ||
                                  /_'O\||
                               .-'___/(__)

                               http://ascii.co.uk/art/guardiana
# File lib/eaco/controller.rb, line 161
    def confront_eaco
      action = params[:action].intern
      resource_ivar, permission = self.class.permission_for(action)

      if resource_ivar && permission
        resource = instance_variable_get(['@', resource_ivar].join.intern)

        if resource.nil?
          raise Error, <<-EOF
            @#{resource_ivar} is not set, can't authorize #{self}##{action}
          EOF
        end

        unless current_user.can? permission, resource
          raise Forbidden, <<-EOF
            `#{current_user}' not authorized to `#{action}' on `#{resource}'
          EOF
        end
      end
    end