Module: Authorization

Included in:
ApplicationController
Defined in:
app/models/authorization.rb

Overview

Authorization module allows you to specify rules for access based on role

Defined Under Namespace

Modules: AuthorizationMethods

Class Method Summary (collapse)

Instance Method Summary (collapse)

Class Method Details

+ (Object) included(controller)

When the module is included, it’s extended with the class methods and sets up the before_filter

Parameters:

  • controller (ActionController)

    controller to extend



6
7
8
9
10
11
12
13
14
15
# File 'app/models/authorization.rb', line 6

def self.included(controller)
  controller.extend AuthorizationMethods
  controller.before_filter :authorize_action
  
  User.class_eval do
    def poster?
      self.auth_detail.role == User::Role[:poster]
    end
  end
end

+ (Boolean) ri?(rule, role)

Defines the hiearchy of roles and determines whether the specified role is allowed

Examples:

# Defined roles (in hierarchy)
:master # Master admin, highest level of access only granted for HES
  :reseller # Strategic partnerships allow access to multiple organizations
    :coordinator # Access for the organizational level
      :user # Standard user level access

Returns:

  • (Boolean)


24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# File 'app/models/authorization.rb', line 24

def self.ri?(rule,role)
  role = role.to_s.downcase.to_sym
  if rule == :master
    [ :master ].include?(role)
  elsif rule == :poster
    [ :poster, :master ].include?(role)
  elsif rule == :reseller
    [ :reseller, :master ].include?(role)
  elsif rule == :coordinator
    [ :coordinator, :reseller, :master ].include?(role)
  elsif rule == :user
    [ :user, :poster, :coordinator, :reseller, :master ].include?(role)
  elsif rule == :public
    [ :public, :user, :poster, :coordinator, :reseller, :master ].include?(role)
  else
    false
  end
end

Instance Method Details

- (Boolean) role_included?(rule, role)

Helper method to test the rule

Returns:

  • (Boolean)

See Also:



80
81
82
# File 'app/models/authorization.rb', line 80

def role_included?(rule,role)
  Authorization.ri?(rule,role)
end

- (Object) set_promotion_for_public_request

Attempts to get the promotion from the subdomain of the request, defaults to first available promotion. Returns 424 Failed Dependency if unable to find a valid promotion



86
87
88
89
# File 'app/models/authorization.rb', line 86

def set_promotion_for_public_request
  @promotion = Promotion.find_by_subdomain(request.subdomain) || Promotion.first rescue nil
  head :failed_dependency and return if @promotion.nil?
end