class Lanes::API::AuthenticationProvider

Attributes

request[R]

Public Class Methods

new(request) click to toggle source
# File lib/lanes/access/authentication_provider.rb, line 15
def initialize(request)
    @request=request
end
user_for_request(request) click to toggle source
# File lib/lanes/access/authentication_provider.rb, line 5
def self.user_for_request(request)
    token = request.params['jwt']
    uid = token ?
              JWT.decode(token, Lanes.config.session_secret_key_base, true, { :algorithm => 'HS256' })
                  .first['uid'] : nil
    uid ? Lanes::User.where(id: uid).first : nil
end

Public Instance Methods

allowed_access_to?(klass, options = {}) click to toggle source
# File lib/lanes/access/authentication_provider.rb, line 37
def allowed_access_to?(klass, options = {})
    return true if options[:public] == true and current_user.nil?
    return false if current_user.nil?
    case request.request_method
    when 'GET'
        klass.can_read_attributes?(request.params, current_user)
    when 'POST', 'PATCH', 'PUT'
        klass.can_write_attributes?(request.params, current_user)
    when 'DELETE'
        klass.can_delete_attributes?(request.params, current_user)
    else
        false
    end
end
current_user() click to toggle source
# File lib/lanes/access/authentication_provider.rb, line 19
def current_user
    @current_user ||= AuthenticationProvider.user_for_request(request)
end
error_message() click to toggle source
# File lib/lanes/access/authentication_provider.rb, line 23
def error_message
    current_user ? "User not found" : error_message_for_access
end
error_message_for_access() click to toggle source
# File lib/lanes/access/authentication_provider.rb, line 27
def error_message_for_access
    return "Unable to " + case request.request_method
                          when 'GET' then "read"
                          when 'POST','PATCH','PUT' then "write"
                          when 'DELETE' then "delete"
                          else
                              "perform action"
                          end
end
fail_request(req) click to toggle source
# File lib/lanes/access/authentication_provider.rb, line 72
def fail_request(req)
    Lanes.logger.warn request.env['HTTP_X_TESTING_USER']
    Lanes.logger.warn "Unauthorized access attempted to #{req.url}"
    req.halt( 401, Oj.dump({
        success:false, errors: {user: "Access Denied"}, message: "Access Denied"
    }))
end
wrap_model_access(model, req, options = {}) { || ... } click to toggle source
# File lib/lanes/access/authentication_provider.rb, line 62
def wrap_model_access(model, req, options = {})
    if allowed_access_to?(model, options)
        ::Lanes::User.scoped_to(current_user) do | user |
            yield
        end
    else
        fail_request(req)
    end
end
wrap_request(req) { || ... } click to toggle source
# File lib/lanes/access/authentication_provider.rb, line 52
def wrap_request(req)
    if current_user
        ::Lanes::User.scoped_to(current_user) do | user |
            yield
        end
    else
        fail_request(req)
    end
end