Module: Strongbolt

Extended by:

Forwardable

Defined in:

lib/strongbolt.rb,
lib/strongbolt/base.rb,
lib/strongbolt/role.rb,
lib/strongbolt/bolted.rb,
lib/strongbolt/engine.rb,
lib/strongbolt/errors.rb,
lib/strongbolt/helpers.rb,
lib/strongbolt/version.rb,
lib/strongbolt/capability.rb,
lib/strongbolt/tenantable.rb,
lib/strongbolt/user_group.rb,
lib/strongbolt/users_tenant.rb,
lib/strongbolt/configuration.rb,
lib/strongbolt/user_abilities.rb,
lib/strongbolt/roles_user_group.rb,
lib/strongbolt/user_groups_user.rb,
lib/strongbolt/bolted_controller.rb,
lib/strongbolt/capabilities_role.rb,
lib/strongbolt/generators/migration.rb,
lib/strongbolt/controllers/url_helpers.rb,
lib/generators/strongbolt/fix_generator.rb,
lib/generators/strongbolt/views_generator.rb,
app/controllers/strongbolt/roles_controller.rb,
lib/generators/strongbolt/indexes_generator.rb,
lib/generators/strongbolt/install_generator.rb,
app/controllers/strongbolt/security_controller.rb,
app/controllers/strongbolt/user_groups_controller.rb,
app/controllers/strongbolt/capabilities_controller.rb,
app/controllers/strongbolt/user_groups_users_controller.rb,
lib/generators/strongbolt/fix_unique_group_members_generator.rb

Overview

Included in the base class of models (ActiveRecord::Base), this module is the entry point of all authorization.

It implements helper methods that will be used by a lot of other models

Defined Under Namespace

Modules: Bolted, BoltedController, Configuration, Controllers, Generators, Helpers, Tenantable, UserAbilities Classes: Base, CapabilitiesController, CapabilitiesRole, Capability, Engine, Role, RolesController, RolesUserGroup, SecurityController, Unauthorized, UserGroup, UserGroupsController, UserGroupsUser, UserGroupsUsersController, UsersTenant

Constant Summary

StrongboltError =

Class.new StandardError

ModelNotFound =

Class.new StrongboltError

ActionNotConfigured =

Class.new StrongboltError

WrongUserClass =

Class.new StrongboltError

ModelNotOwned =

Class.new StrongboltError

TenantError =

Class.new StrongboltError

InverseAssociationNotConfigured =

Class.new TenantError

DirectAssociationNotConfigured =

Class.new TenantError

VERSION =

'0.3.16'.freeze

@@parent_controller =

'ApplicationController'

Class Method Summary

• .access_denied ⇒ Object
• .current_user ⇒ Object

  Current User.

• .current_user=(user) ⇒ Object

  We keep an hash so we don’t have each time to test if the module is included in the list.

• .default_capabilities ⇒ Object
• .disable_authorization ⇒ Object

  Disable authorization checking.

• .disabled? ⇒ Boolean
• .enable_authorization ⇒ Object
• .enabled? ⇒ Boolean
• .include_helpers(scope) ⇒ Object

  Include helpers in the given scope to AC and AV.

• .logger ⇒ Object
• .setup(&block) ⇒ Object

  Setting up Strongbolt.

• .switch_to_monothread ⇒ Object
• .switch_to_multithread ⇒ Object
• .table_name_prefix ⇒ Object
• .tenants ⇒ Object
• .user_class ⇒ Object
• .user_class_constant ⇒ Object
• .with_authorization(&block) ⇒ Object

  Perform the block with grant.

• .without_authorization(&block) ⇒ Object

  Perform the block without grant.

Class Method Details

.access_denied ⇒ Object

.current_user ⇒ Object

Current User

# File 'lib/strongbolt.rb', line 82

def self.current_user
  Grant::User.current_user
end

.current_user=(user) ⇒ Object

We keep an hash so we don’t have each time to test if the module is included in the list

# File 'lib/strongbolt.rb', line 88

def self.current_user=(user)
  # If user is an instance of something and different from what we have
  if user.present?
    # Raise error if wrong user class
    raise Strongbolt::WrongUserClass unless valid_user? user

    # If the user class doesn't have included the module yet
    unless user.class.included_modules.include? Strongbolt::UserAbilities
      user.class.send :include, Strongbolt::UserAbilities
    end
  end

  # Then we call the original grant method
  Grant::User.current_user = user unless Grant::User.current_user == user
end

.default_capabilities ⇒ Object

.disable_authorization ⇒ Object

Disable authorization checking

# File 'lib/strongbolt.rb', line 155

def self.disable_authorization
  Grant::Status.disable_grant
end

.disabled? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/strongbolt.rb', line 167

def self.disabled?
  !enabled?
end

.enable_authorization ⇒ Object

# File 'lib/strongbolt.rb', line 159

def self.enable_authorization
  Grant::Status.enable_grant
end

.enabled? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/strongbolt.rb', line 163

def self.enabled?
  Grant::Status.grant_enabled?
end

.include_helpers(scope) ⇒ Object

Include helpers in the given scope to AC and AV.

# File 'lib/strongbolt.rb', line 183

def self.include_helpers(scope)
  ActiveSupport.on_load(:action_controller) do
    include scope::UrlHelpers
  end

  ActiveSupport.on_load(:action_view) do
    include scope::UrlHelpers
  end
end

.logger ⇒ Object

.setup(&block) ⇒ Object

Setting up Strongbolt

# File 'lib/strongbolt.rb', line 107

def self.setup(&block)
  # Configuration by user
  block.call Configuration

  # Include the User::Abilities
  begin
    user_class = Configuration.user_class
    user_class = user_class.constantize if user_class.is_a? String
    user_class.send(:include, Strongbolt::UserAbilities) unless user_class.included_modules.include?(Strongbolt::UserAbilities)
  rescue NameError
    logger.warn "User class #{Configuration.user_class} wasn't found"
  end
rescue => e
  error = <<~CONTENT
    [ERROR] Strongbolt could not initialized successfully.
      This can happen when running migrations, and in this situation, you can ignore this message.
      If it happens in test, make sure you've run `rake db:test:prepare` so that test database is ready.
      Otherwise, please review the error below to check what happened:

    Error message:
      #{e.message}

      #{e.backtrace.join("\n")}
  CONTENT
  logger.fatal error
  # Display in the console when error test env
  puts error if defined?(Rails) && Rails.env.test?
  # If not being done in a rake task, this should propagate the error
  raise e unless $PROGRAM_NAME =~ /rake$/ # && ARGV.join(" ").include?("db:")
end

.switch_to_monothread ⇒ Object

.switch_to_multithread ⇒ Object

.table_name_prefix ⇒ Object

# File 'lib/strongbolt.rb', line 58

def self.table_name_prefix
  'strongbolt_'
end

.tenants ⇒ Object

.user_class ⇒ Object

.user_class_constant ⇒ Object

.with_authorization(&block) ⇒ Object

Perform the block with grant

# File 'lib/strongbolt.rb', line 148

def self.with_authorization(&block)
  Grant::Status.with_grant(&block)
end

.without_authorization(&block) ⇒ Object

Perform the block without grant

# File 'lib/strongbolt.rb', line 141

def self.without_authorization(&block)
  Grant::Status.without_grant(&block)
end