module Aclize
The policy adopted by Aclize
is:
1. By default all the controllers and paths are denied 2. On rules conflict, the more restrictive rule will be used 3. When permit and deny rules have the same restriction, deny rule will be used
The policy for paths ACLs is slightly different from the controllers policy, because on rules conflicts, the deny rule always wins. Here is a brief description of the policy:
-
By default all the paths are not permitted
-
On rule conflict, the deny rule always wins
-
A path is permitted only if there's an explicit permit rule
Constants
- VERSION
Public Class Methods
included(base)
click to toggle source
# File lib/aclize.rb, line 9 def self.included(base) base.extend ClassMethods base.send :prepend, Initializer end
Protected Instance Methods
acl_for(role = :all, &block)
click to toggle source
setup the ACL for a role
# File lib/aclize.rb, line 59 def acl_for(role = :all, &block) @_aclize_acl.setup(role, &block) end
filter_access!()
click to toggle source
use the current_role value to apply ACL
# File lib/aclize.rb, line 80 def filter_access! treat_as get_current_role end
get_acl_definition()
click to toggle source
Returns the ACL definition
# File lib/aclize.rb, line 44 def get_acl_definition return @_aclize_acl end
get_current_role()
click to toggle source
# File lib/aclize.rb, line 53 def get_current_role return @_aclize_current_role || :all end
register_callback(&block)
click to toggle source
register a callback to call when the user is not authorized to access the page
# File lib/aclize.rb, line 102 def register_callback(&block) @_aclize_callback = block end
set_current_role(role)
click to toggle source
# File lib/aclize.rb, line 49 def set_current_role(role) @_aclize_current_role = role end
treat_as(role)
click to toggle source
apply the ACL for a specific role and unauthorize if the user is not permitted to access controller action or the path
# File lib/aclize.rb, line 66 def treat_as(role) acl = @_aclize_acl.get_acl_for(role) path = request.path.gsub(/^#{relative_url_root}/, '') unauthorize! unless acl if acl.controllers.permitted?(controller_path, action_name) unauthorize! if acl.paths.denied?(path) else unauthorize! unless acl.paths.permitted?(path) end end