module Padrino::Access

Padrino authorization module.

@example

class Nifty::Application < Padrino::Application
  # optional settings
  set :credentials_reader, :visitor # the name of getter method in helpers
  # required statement
  register Padrino::Access
  # example persistance storage
  enable :sessions
end

# optional helpers
Nifty::Application.helpers do
  def visitor
    session[:visitor] ||= Visitor.guest_account
  end
end

# example visitor model
module Visitor
  extend self
  def guest_account
    OpenStruct.new(:role => :guest, :id => 1)
  end
end

# example controllers
Nifty::Application.controller :public_area do
  set_access :*
  get(:index){ 'public content' }
end
Nifty::Application.controller :members_area do
  set_access :member
  get(:index){ 'secret content' }
end
Nifty::Application.controller :login do
  set_access :*
  get(:index){ session[:visitor] = OpenStruct.new(:role => :guest, :id => 1) }
end

Public Class Methods

included(base) click to toggle source
# File lib/padrino-auth/access.rb, line 60
def included(base)
  base.send(:include, InstanceMethods)
  base.extend(ClassMethods)
end
registered(app) click to toggle source
# File lib/padrino-auth/access.rb, line 48
def registered(app)
  included(app)
  app.default(:credentials_reader, :credentials)
  app.default(:access_errors, true)
  app.send :attr_reader, app.credentials_reader unless app.instance_methods.include?(app.credentials_reader)
  app.set :permissions, Permissions.new
  app.login_permissions if app.respond_to?(:login_permissions)
  app.before do
    authorized? || error(403, '403 Forbidden')
  end
end