class HaveAPI::Authorization

Public Class Methods

new(&block) click to toggle source
# File lib/haveapi/authorization.rb, line 3
def initialize(&block)
  @blocks = [block]
end

Public Instance Methods

allow() click to toggle source
# File lib/haveapi/authorization.rb, line 56
def allow
  throw(:rule, true)
end
authorized?(user, path_params) click to toggle source

Returns true if user is authorized. Block must call allow to authorize user, default rule is deny.

# File lib/haveapi/authorization.rb, line 14
def authorized?(user, path_params)
  @restrict = []

  catch(:rule) do
    @blocks.each do |block|
      instance_exec(user, path_params, &block)
    end

    deny # will not be called if some block throws allow
  end
end
deny() click to toggle source
# File lib/haveapi/authorization.rb, line 60
def deny
  throw(:rule, false)
end
filter_input(input, params) click to toggle source
# File lib/haveapi/authorization.rb, line 74
def filter_input(input, params)
  filter_inner(input, @input, params, false)
end
filter_output(output, params, format = false) click to toggle source
# File lib/haveapi/authorization.rb, line 78
def filter_output(output, params, format = false)
  filter_inner(output, @output, params, format)
end
initialize_clone(other) click to toggle source
Calls superclass method
# File lib/haveapi/authorization.rb, line 7
def initialize_clone(other)
  super
  @blocks = other.instance_variable_get('@blocks').clone
end
input(whitelist: nil, blacklist: nil) click to toggle source

Restrict parameters client can set/change. @param whitelist [Array<Symbol>] allow only listed parameters @param blacklist [Array<Symbol>] allow all parameters except listed ones

# File lib/haveapi/authorization.rb, line 39
def input(whitelist: nil, blacklist: nil)
  @input = {
    whitelist:,
    blacklist:
  }
end
output(whitelist: nil, blacklist: nil) click to toggle source

Restrict parameters client can retrieve. @param whitelist [Array<Symbol>] allow only listed parameters @param blacklist [Array<Symbol>] allow all parameters except listed ones

# File lib/haveapi/authorization.rb, line 49
def output(whitelist: nil, blacklist: nil)
  @output = {
    whitelist:,
    blacklist:
  }
end
prepend_block(block) click to toggle source
# File lib/haveapi/authorization.rb, line 26
def prepend_block(block)
  @blocks.insert(0, block)
end
restrict(**kwargs) click to toggle source

Apply restrictions on query which selects objects from database. Most common usage is restrict user to access only objects he owns.

# File lib/haveapi/authorization.rb, line 32
def restrict(**kwargs)
  @restrict << kwargs
end
restrictions() click to toggle source
# File lib/haveapi/authorization.rb, line 64
def restrictions
  ret = {}

  @restrict.each do |r|
    ret.update(r)
  end

  ret
end

Private Instance Methods

filter_inner(allowed_params, direction, params, format) click to toggle source
# File lib/haveapi/authorization.rb, line 84
def filter_inner(allowed_params, direction, params, format)
  allowed = {}

  allowed_params.each do |p|
    if params.has_param?(p.name)
      allowed[p.name] = format ? p.format_output(params[p.name]) : params[p.name]

    elsif params.has_param?(p.name.to_s) # FIXME: remove double checking
      allowed[p.name] = format ? p.format_output(params[p.name.to_s]) : params[p.name.to_s]
    end
  end

  return allowed unless direction

  if direction[:whitelist]
    ret = {}

    direction[:whitelist].each do |p|
      ret[p] = allowed[p] if allowed.has_key?(p)
    end

    ret

  elsif direction[:blacklist]
    ret = allowed.dup

    direction[:blacklist].each do |p|
      ret.delete(p)
    end

    ret

  else
    allowed
  end
end