class Lanes::API::AuthenticationProvider
Attributes
request[R]
Public Class Methods
new(request)
click to toggle source
# File lib/lanes/access/authentication_provider.rb, line 15 def initialize(request) @request=request end
user_for_request(request)
click to toggle source
# File lib/lanes/access/authentication_provider.rb, line 5 def self.user_for_request(request) token = request.params['jwt'] uid = token ? JWT.decode(token, Lanes.config.session_secret_key_base, true, { :algorithm => 'HS256' }) .first['uid'] : nil uid ? Lanes::User.where(id: uid).first : nil end
Public Instance Methods
allowed_access_to?(klass, options = {})
click to toggle source
# File lib/lanes/access/authentication_provider.rb, line 37 def allowed_access_to?(klass, options = {}) return true if options[:public] == true and current_user.nil? return false if current_user.nil? case request.request_method when 'GET' klass.can_read_attributes?(request.params, current_user) when 'POST', 'PATCH', 'PUT' klass.can_write_attributes?(request.params, current_user) when 'DELETE' klass.can_delete_attributes?(request.params, current_user) else false end end
current_user()
click to toggle source
# File lib/lanes/access/authentication_provider.rb, line 19 def current_user @current_user ||= AuthenticationProvider.user_for_request(request) end
error_message()
click to toggle source
# File lib/lanes/access/authentication_provider.rb, line 23 def error_message current_user ? "User not found" : error_message_for_access end
error_message_for_access()
click to toggle source
# File lib/lanes/access/authentication_provider.rb, line 27 def error_message_for_access return "Unable to " + case request.request_method when 'GET' then "read" when 'POST','PATCH','PUT' then "write" when 'DELETE' then "delete" else "perform action" end end
fail_request(req)
click to toggle source
# File lib/lanes/access/authentication_provider.rb, line 72 def fail_request(req) Lanes.logger.warn request.env['HTTP_X_TESTING_USER'] Lanes.logger.warn "Unauthorized access attempted to #{req.url}" req.halt( 401, Oj.dump({ success:false, errors: {user: "Access Denied"}, message: "Access Denied" })) end
wrap_model_access(model, req, options = {}) { || ... }
click to toggle source
# File lib/lanes/access/authentication_provider.rb, line 62 def wrap_model_access(model, req, options = {}) if allowed_access_to?(model, options) ::Lanes::User.scoped_to(current_user) do | user | yield end else fail_request(req) end end
wrap_request(req) { || ... }
click to toggle source
# File lib/lanes/access/authentication_provider.rb, line 52 def wrap_request(req) if current_user ::Lanes::User.scoped_to(current_user) do | user | yield end else fail_request(req) end end