module Strelka::App::Auth::ClassMethods
Class methods to add to app classes that enable Auth
Attributes
The Strelka::AuthProvider
subclass that will be used to provide authentication and authorization to instances of the app.
Hashes of criteria for applying and skipping auth for a request, keyed by request pattern
Hashes of criteria for applying and skipping authorization for a request, keyed by request pattern
Hashes of criteria for applying and skipping auth for a request, keyed by request pattern
Hashes of criteria for applying and skipping authorization for a request, keyed by request pattern
Public Class Methods
Extension callback – register objects that are extended so when the auth plugin is configured, it can set the configured auto provider.
# File lib/strelka/app/auth.rb, line 276 def self::extended( obj ) super Strelka::App::Auth.extended_apps << obj obj.auth_provider = Strelka::App::Auth::DEFAULT_AUTH_PROVIDER end
Public Instance Methods
Get/set the AuthProvider for the app to type
, where type
can be an AuthProvider class object or the name of one.
# File lib/strelka/app/auth.rb, line 320 def auth_provider=( type ) @auth_provider = Strelka::AuthProvider.get_subclass( type ) self.log.debug "Auth provider set to %p" % [ @auth_provider ] return @auth_provider end
Returns true
if there are any criteria for determining whether or not a request needs auth.
# File lib/strelka/app/auth.rb, line 329 def has_auth_criteria? return self.has_positive_auth_criteria? || self.has_negative_auth_criteria? end
Returns true
if the app has been set up so that all methods but ones that match declared criteria require auth.
# File lib/strelka/app/auth.rb, line 343 def has_negative_auth_criteria? return !self.negative_auth_criteria.empty? end
Returns true
if the app has been set up so that only some methods require auth.
# File lib/strelka/app/auth.rb, line 336 def has_positive_auth_criteria? return !self.positive_auth_criteria.empty? end
Extension callback – add instance variables to extending objects.
# File lib/strelka/app/auth.rb, line 307 def inherited( subclass ) super Strelka::App::Auth.extended_apps << subclass subclass.instance_variable_set( :@auth_provider, @auth_provider ) subclass.instance_variable_set( :@positive_auth_criteria, @positive_auth_criteria.dup ) subclass.instance_variable_set( :@negative_auth_criteria, @negative_auth_criteria.dup ) subclass.instance_variable_set( :@positive_perms_criteria, @positive_perms_criteria.dup ) subclass.instance_variable_set( :@negative_perms_criteria, @negative_perms_criteria.dup ) end
Constrain authentication to apply to requests except those whose #app_path matches the given string
or regexp
, and/or for which the given block
returns a true value.
# File lib/strelka/app/auth.rb, line 390 def no_auth_for( *criteria, &block ) if self.has_positive_auth_criteria? raise ScriptError, "defining both positive and negative auth criteria is unsupported." end criteria << nil if criteria.empty? block ||= Proc.new { true } criteria.each do |pattern| pattern = pattern.gsub( %r{^/+|/+$}, '' ) if pattern.respond_to?( :gsub ) self.log.debug " adding no_auth for %p" % [ pattern ] self.negative_auth_criteria[ pattern ] = block end end
Register one or more exceptions to the permissions policy in effect for requests whose #app_path matches the specified pattern
. The block
form should return true
if the request it's called with should be allowed without authorization checks.
# File lib/strelka/app/auth.rb, line 431 def no_perms_for( pattern=nil, &block ) raise LocalJumpError, "no block or pattern given" unless pattern || block block ||= Proc.new { true } pattern ||= /(?##{block.object_id})/ pattern = pattern.gsub( %r{^/+|/+$}, '' ) if pattern.respond_to?( :gsub ) self.log.debug " adding no_auth for %p" % [ pattern ] self.negative_perms_criteria << [ pattern, block ] end
Constrain authentication to apply only to requests whose #app_path matches the given string
or regexp
, and/or for which the given block
returns a true value. regexp
patterns are matched as-is, and string
patterns are matched exactly via ==
after stripping leading and trailing '/' characters from both it and the app_path. NOTE: using this declaration inverts the default security policy of restricting access to all requests.
# File lib/strelka/app/auth.rb, line 362 def require_auth_for( *criteria, &block ) if self.has_negative_auth_criteria? raise ScriptError, "defining both positive and negative auth criteria is unsupported." end criteria << nil if criteria.empty? block ||= Proc.new { true } criteria.each do |pattern| pattern = pattern.gsub( %r{^/+|/+$}, '' ) if pattern.respond_to?( :gsub ) self.log.debug " adding require_auth for %p" % [ pattern ] self.positive_auth_criteria[ pattern ] = block end end
Constrain authorization to apply only to requests which match the given pattern
. The pattern
is either a String or a Regexp which is tested against the request’s #app_path. The perms
should be Symbols which indicate a set of permission types that must have been granted in order to carry out the request. The block, if given, should evaluate to true
if the request should undergo authorization, or false if it should not. NOTE: using this declaration inverts the default security policy of restricting access to all requests.
# File lib/strelka/app/auth.rb, line 415 def require_perms_for( pattern=nil, *perms, &block ) block ||= Proc.new { self.log.debug " using default perms: %p" % [ perms ] true } pattern = pattern.gsub( %r{^/+|/+$}, '' ) if pattern.respond_to?( :gsub ) self.log.debug " adding require_perms (%p) for %p" % [ perms, pattern ] self.positive_perms_criteria << [ pattern, block, perms.freeze ] end