class AccessChecker::AccessControl

Public Instance Methods

before( controller ) click to toggle source

possible states and resultant handlings

limit_type           action_list                  permitted handling

:allow, :to, :only    [] empty, action matched     permitted
                         action not matched        denied

 :deny, :except       [] empty, action matched     denied
                         action not matched        permitted

if current_user.nil?, proceed as :anonymous if so referenced in role_control_hash if user's role is not referenced, proceed as :all if so referenced in role_control_hash else proceed with user's role


# File lib/access_checker/access_control.rb, line 25
def before( controller )

   if controller.current_user.nil?   # no user defined; anonymous permitted?
     
      if self.role_control_hash.member?( :anonymous )  # if anonymous is referenced, continue...
         my_role = :anonymous    # ...then handle anonymously
      else   # unauthorized access of controller
         raise AccessChecker::AccessDenied 
      end   # if..then..else anonymous check

   elsif !self.role_control_hash.member?( my_role = controller.current_user.get_role.name.to_sym )
     
      if self.role_control_hash.member?( :all )  # if all is referenced, continue...
         my_role = :all    # ...then handle as all
      else   # unauthorized access of controller
         raise AccessChecker::AccessDenied 
      end   # if..then..else anonymous check

   end   # if..elsif check for anonymous or role not allowed

   expected_action = controller.action_name.to_sym  # action being attempted

   permitted = true   # presume authorized

       # now check the action_hash for action access
       # shown as a loop, but only the first entry is meaningful
   self.role_control_hash[my_role].each do |limit_type, action_list|

      unless action_list.kind_of?( Array )
         raise AccessChecker::SyntaxError, "all action lists should be arrays of symbols"
      end

      permitted = ( action_list.empty? || action_list.include?( expected_action ) )
    
      case limit_type
         when :allow, :to, :only then  permitted
         when :deny, :except then permitted = !permitted
      else
         raise AccessChecker::SyntaxError, "Unrecognized access_control limit_type: #{limit_type}"
      end  # case

    
      unless permitted      # ... figure out the type of exception
         if action_list.any?{ |actn|  actn.class.name != "Symbol" }
            raise AccessChecker::SyntaxError, "all actions should be symbols"
         else
            raise AccessChecker::AccessDenied 
         end  # syntax checking
      end  # unless

      break   # always break the loop at success

   end  # do check if role

   return permitted
end