Class: BetterAuth::Plugins::Role
- Inherits:
-
Object
- Object
- BetterAuth::Plugins::Role
- Defined in:
- lib/better_auth/plugins/access.rb
Instance Attribute Summary collapse
-
#statements ⇒ Object
readonly
Returns the value of attribute statements.
Instance Method Summary collapse
- #authorize(request, connector = "AND") ⇒ Object
-
#initialize(statements) ⇒ Role
constructor
A new instance of Role.
Constructor Details
#initialize(statements) ⇒ Role
Returns a new instance of Role.
8 9 10 |
# File 'lib/better_auth/plugins/access.rb', line 8 def initialize(statements) @statements = stringify_statements(statements) end |
Instance Attribute Details
#statements ⇒ Object (readonly)
Returns the value of attribute statements.
6 7 8 |
# File 'lib/better_auth/plugins/access.rb', line 6 def statements @statements end |
Instance Method Details
#authorize(request, connector = "AND") ⇒ Object
12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 |
# File 'lib/better_auth/plugins/access.rb', line 12 def (request, connector = "AND") success = false stringify_request(request).each do |resource, requested_actions| allowed_actions = statements[resource] unless allowed_actions return {success: false, error: "You are not allowed to access resource: #{resource}"} end success = if requested_actions.is_a?(Array) requested_actions.all? { |action| allowed_actions.include?(action.to_s) } elsif requested_actions.is_a?(Hash) unless requested_actions.key?("actions") || requested_actions.key?(:actions) raise Error, "Invalid access control request" end raw_actions = requested_actions["actions"] || requested_actions[:actions] raise Error, "Invalid access control request" if raw_actions.nil? actions = Array(raw_actions).map(&:to_s) action_connector = (requested_actions["connector"] || requested_actions[:connector] || "AND").to_s.upcase if action_connector == "OR" actions.any? { |action| allowed_actions.include?(action) } else actions.all? { |action| allowed_actions.include?(action) } end else raise Error, "Invalid access control request" end return {success: true} if success && connector.to_s.upcase == "OR" return {success: false, error: "unauthorized to access resource \"#{resource}\""} if !success && connector.to_s.upcase == "AND" end success ? {success: true} : {success: false, error: "Not authorized"} end |