module JunglePath::Authorization::Paths

Public Class Methods

exact_match?(paths, request_path) click to toggle source
# File lib/jungle_path/authorization/paths.rb, line 52
def self.exact_match? paths, request_path
        return paths.include?(request_path) if paths
end
is_authenticated_path?(request, route_access) click to toggle source
# File lib/jungle_path/authorization/paths.rb, line 23
def self.is_authenticated_path? request, route_access
        # Allowed paths for any authenticated user regardless of permissions or restrictions.
        if route_access
                if request.get? and route_access[:authenticated] and route_access[:authenticated][:get]
                        return true if exact_match?(route_access[:authenticated][:get][:routes], request.path_info)
                        return true if leading_segment_match?(route_access[:authenticated][:get][:routes_start_with], request.path_info)

                elsif request.put? and route_access[:authenticated] and route_access[:authenticated][:put]
                        return true if exact_match?(route_access[:authenticated][:put][:routes], request.path_info)
                        return true if leading_segment_match?(route_access[:authenticated][:put][:routes_start_with], request.path_info)

                elsif request.post? and route_access[:authenticated] and route_access[:authenticated][:post]
                        return true if exact_match?(route_access[:authenticated][:post][:routes], request.path_info)
                        return true if leading_segment_match?(route_access[:authenticated][:post][:routes_start_with], request.path_info)
                end
        end
        false
end
is_open_path?(request, route_access) click to toggle source
# File lib/jungle_path/authorization/paths.rb, line 4
def self.is_open_path? request, route_access
        # Allowed paths for any user even if not authenticated. (But to get to this point they will have already been authenticated...)
        if route_access
                if request.get? and route_access[:public] and route_access[:public][:get]
                        return true if exact_match?(route_access[:public][:get][:routes], request.path_info)
                        return true if leading_segment_match?(route_access[:public][:get][:routes_start_with], request.path_info)

                elsif request.put? and route_access[:public] and route_access[:public][:put]
                        return true if exact_match?(route_access[:public][:put][:routes], request.path_info)
                        return true if leading_segment_match?(route_access[:public][:put][:routes_start_with], request.path_info)

                elsif request.post? and route_access[:public] and route_access[:public][:post]
                        return true if exact_match?(ra[:public][:post][:routes], request.path_info)
                        return true if leading_segment_match?(ra[:public][:post][:routes_start_with], request.path_info)
                end
        end
        false
end
is_query_only_path?(request, current_auth) click to toggle source
# File lib/jungle_path/authorization/paths.rb, line 42
def self.is_query_only_path? request, current_auth
        is_it = false
        allowed_paths = {}
        allowed_paths["/query"] = true
        allowed_paths["/current/user"] = true
        allowed_paths["/current/user/auth"] = true
        is_it = allowed_paths[request.path_info]
        is_it
end
leading_segment_match?(paths, request_path) click to toggle source
# File lib/jungle_path/authorization/paths.rb, line 56
def self.leading_segment_match? paths, request_path
        result = false
        if paths
                paths.each do |path|
                        path = path + "/" unless path[-1] == "/"
                        if request_path[0, path.length] == path
                                result = true
                                break
                        end
                end
        end
        result
end