module AuthorizeRbac

Constants

VERSION

Public Class Methods

configuration() click to toggle source
# File lib/authorize_rbac.rb, line 11
def self.configuration
  @configration ||= Configuration.new
end
configure() { |configuration| ... } click to toggle source
# File lib/authorize_rbac.rb, line 15
def self.configure
  yield(configuration)
end
included(base) click to toggle source
# File lib/authorize_rbac.rb, line 7
def self.included(base)
  base.extend(AuthorizeRbacMethods)
end

Public Instance Methods

access_allowed?() click to toggle source
# File lib/authorize_rbac.rb, line 44
def access_allowed?
  return true if action_roles.nil?

  allowed_from_source = action_roles.include? user_role.to_sym
  allowed_from_db     = user_permissions.include?(permission_name(self.class, action_name))

  allowed_from_source || allowed_from_db
end
action_name() click to toggle source
# File lib/authorize_rbac.rb, line 40
def action_name
  request.parameters[:action].to_sym
end
action_roles() click to toggle source
# File lib/authorize_rbac.rb, line 36
def action_roles
  self.class.rbac[action_name]
end
auth_user() click to toggle source
# File lib/authorize_rbac.rb, line 57
def auth_user
  self.send(AuthorizeRbac.configuration.current_user_method)
end
authorization_filter() click to toggle source
# File lib/authorize_rbac.rb, line 19
def authorization_filter
  if access_allowed?
    logger.debug "Authorized to access #{request.original_url}, User: #{auth_user.user_name} (role: #{user_role})"
    return true
  else
    logger.info "#{auth_user.user_name} (role: #{user_role}) attempted to access\
      #{self.class}##{action_name} without the proper permissions."
    flash[:notice] = "Not authorized to access #{request.original_url}!"
    redirect_to :controller => AuthorizeRbac.configuration.default_controller , :action => AuthorizeRbac.configuration.default_action
    return false
  end
end
permission_name(cotroller, action) click to toggle source
# File lib/authorize_rbac.rb, line 53
def permission_name(cotroller, action)
  "#{cotroller.to_s.chomp("Controller").downcase}_#{action}"
end
user_permissions() click to toggle source
# File lib/authorize_rbac.rb, line 61
def user_permissions
  auth_user.role.permissions
end
user_role() click to toggle source
# File lib/authorize_rbac.rb, line 32
def user_role
  auth_user.role.nil? ? "user" : auth_user.role.name.to_s
end