Merge pull request #1484 from opf/feature/authorization_service_refactoring

Refactored Authorization service
pull/1516/head
ulferts 11 years ago
commit 9b1186ca10
  1. 3
      app/controllers/application_controller.rb
  2. 26
      app/services/authorization_service.rb
  3. 10
      lib/api/root.rb
  4. 4
      lib/api/v3/queries/queries_api.rb
  5. 2
      lib/api/v3/work_packages/work_packages_api.rb

@ -288,7 +288,8 @@ class ApplicationController < ActionController::Base
# Authorize the user for the requested action
def authorize(ctrl = params[:controller], action = params[:action], global = false)
is_authorized = AuthorizationService.new(ctrl, action, @project, @projects, global).perform
context = @project || @projects
is_authorized = AuthorizationService.new(ctrl, action, context: context, global: global).call
unless is_authorized
if @project && @project.archived?

@ -27,22 +27,26 @@
# See doc/COPYRIGHT.rdoc for more details.
#++
# project, projects, global, user = nil
class AuthorizationService
def initialize(ctrl, action, project, projects, global, user = nil)
# @params
# ctrl - controller
# action - action
# @named params
# context - single project or array of projects - default nil
# global - global - default false
# user - user - default current user
def initialize(ctrl, action, context: nil , global: false, user: User.current)
@ctrl = ctrl
@action = action
@project = project
@projects = projects
@context = context
@global = global
@user = user || User.current
@user = user
end
def perform
allowed = @user.allowed_to?({:controller => @ctrl, :action => @action}, @project || @projects, :global => @global)
if allowed
true
else
false
end
def call
@user.allowed_to?({:controller => @ctrl, :action => @action}, @context, :global => @global)
end
end

@ -48,13 +48,9 @@ module API
raise API::Errors::Unauthenticated.new if current_user.nil? || current_user.anonymous?
end
def authorize(api, endpoint, options)
unless options[:allow].nil?
raise API::Errors::Unauthorized.new(current_user) unless options[:allow]
end
is_authorized = AuthorizationService.new(api, endpoint, options[:project], options[:projects],
!!options[:global], current_user).perform
raise API::Errors::Unauthorized.new(current_user) unless is_authorized
def authorize(api, endpoint, context: nil, global: false, user: current_user, allow: true)
is_authorized = AuthorizationService.new(api, endpoint, context: context, global: global, user: user).call
raise API::Errors::Unauthorized.new(current_user) unless is_authorized && allow
is_authorized
end
end

@ -25,7 +25,7 @@ module API
end
patch :star do
authorize(:queries, :star, project: @query.project, allow: allowed_to_manage_stars?)
authorize(:queries, :star, context: @query.project, allow: allowed_to_manage_stars?)
normalized_query_name = @query.name.parameterize.underscore
query_menu_item = MenuItems::QueryMenuItem.find_or_initialize_by_name_and_navigatable_id(
normalized_query_name, @query.id, title: @query.name
@ -35,7 +35,7 @@ module API
end
patch :unstar do
authorize(:queries, :unstar, project: @query.project, allow: allowed_to_manage_stars?)
authorize(:queries, :unstar, context: @query.project, allow: allowed_to_manage_stars?)
query_menu_item = @query.query_menu_item
return @representer.to_json if @query.query_menu_item.nil?
query_menu_item.destroy

@ -17,7 +17,7 @@ module API
end
get do
authorize(:work_packages_api, :get, project: @work_package.project)
authorize(:work_packages_api, :get, context: @work_package.project)
@representer.to_json
end

Loading…
Cancel
Save