Module: LcpRuby::PageAuthorization
- Extended by:
- ActiveSupport::Concern
- Included in:
- ResourcesController
- Defined in:
- app/controllers/concerns/lcp_ruby/page_authorization.rb
Overview
Page-level access gate. Enforces ‘page.visible_when:` at request time. Decision logic lives in `LcpRuby::Authorization::PageGate` (pure function); this concern is the controller wiring.
The host controller registers ‘before_action :authorize_page_if_present` explicitly (NOT via `included do`) so it sequences AFTER `:set_record` — Rails runs before_actions in declaration order, so registering here would fire the gate before @record is populated.
See docs/design/authorization_hardening.md § “Concern include order in ResourcesController is load-bearing”.
Constant Summary collapse
- MISCONFIGURED_CODES =
{ misconfigured_no_gate: LcpRuby::Authorization::Codes::AUTH_002_RUNTIME, misconfigured_malformed: LcpRuby::Authorization::Codes::AUTH_003 }.freeze
Class Method Summary collapse
-
.before_action_filter_names(klass) ⇒ Object
Encapsulates ‘_process_action_callbacks` introspection (Rails internal API).
Class Method Details
.before_action_filter_names(klass) ⇒ Object
Encapsulates ‘_process_action_callbacks` introspection (Rails internal API). One place to patch if Rails changes the API.
18 19 20 21 |
# File 'app/controllers/concerns/lcp_ruby/page_authorization.rb', line 18 def self.before_action_filter_names(klass) klass._process_action_callbacks .filter_map { |cb| cb.filter if cb.kind == :before } end |