module Aclize

The policy adopted by Aclize is:

1. By default all the controllers and paths are denied
2. On rules conflict, the more restrictive rule will be used
3. When permit and deny rules have the same restriction,
   deny rule will be used

The policy for paths ACLs is slightly different from the controllers policy, because on rules conflicts, the deny rule always wins. Here is a brief description of the policy:

  1. By default all the paths are not permitted

  2. On rule conflict, the deny rule always wins

  3. A path is permitted only if there's an explicit permit rule

Constants

VERSION

Public Class Methods

included(base) click to toggle source
# File lib/aclize.rb, line 9
def self.included(base)
  base.extend ClassMethods
  base.send :prepend, Initializer
end

Protected Instance Methods

acl_for(role = :all, &block) click to toggle source

setup the ACL for a role

# File lib/aclize.rb, line 59
def acl_for(role = :all, &block)
  @_aclize_acl.setup(role, &block)
end
filter_access!() click to toggle source

use the current_role value to apply ACL

# File lib/aclize.rb, line 80
def filter_access!
  treat_as get_current_role
end
get_acl_definition() click to toggle source

Returns the ACL definition

# File lib/aclize.rb, line 44
def get_acl_definition
  return @_aclize_acl
end
get_current_role() click to toggle source
# File lib/aclize.rb, line 53
def get_current_role
  return @_aclize_current_role || :all
end
register_callback(&block) click to toggle source

register a callback to call when the user is not authorized to access the page

# File lib/aclize.rb, line 102
def register_callback(&block)
  @_aclize_callback = block
end
set_current_role(role) click to toggle source
# File lib/aclize.rb, line 49
def set_current_role(role)
  @_aclize_current_role = role
end
treat_as(role) click to toggle source

apply the ACL for a specific role and unauthorize if the user is not permitted to access controller action or the path

# File lib/aclize.rb, line 66
def treat_as(role)
  acl  = @_aclize_acl.get_acl_for(role)
  path = request.path.gsub(/^#{relative_url_root}/, '')
  unauthorize! unless acl

  if acl.controllers.permitted?(controller_path, action_name)
    unauthorize! if acl.paths.denied?(path)
  else
    unauthorize! unless acl.paths.permitted?(path)
  end
end
unauthorize!() click to toggle source

In no callbacks were defined for unauthorized access, Aclize will render a default 403 Forbidden page. Otherwise, the control will be passed to the callback.

# File lib/aclize.rb, line 87
def unauthorize!
  path = request.path
  flash.now[:alert] = I18n.t("aclize.unauthorized", path: path)

  if @_aclize_callback.nil?
    prepend_view_path File.expand_path("../../app/views", __FILE__)
    respond_to do |format|
      format.html { render 'aclize/403', disposition: "inline", status: 403, layout: false }
    end
  else
    self.instance_eval(&@_aclize_callback)
  end
end