diff options
author | mguetlein <martin.guetlein@gmail.com> | 2011-01-26 15:54:05 +0100 |
---|---|---|
committer | mguetlein <martin.guetlein@gmail.com> | 2011-01-26 15:54:05 +0100 |
commit | ce93b07bb253df3c548c59bacc869839aa78bb4c (patch) | |
tree | 49089ce84a319fb46136fb4e4f0f4407ee7b1fb3 /lib/authorization.rb | |
parent | 2528891633d838a383f5a0e07712a0a8ee839f32 (diff) |
add whitlisting concept for A&A, some minor modifications
Diffstat (limited to 'lib/authorization.rb')
-rw-r--r-- | lib/authorization.rb | 42 |
1 files changed, 41 insertions, 1 deletions
diff --git a/lib/authorization.rb b/lib/authorization.rb index 5bc690a..c6f39c1 100644 --- a/lib/authorization.rb +++ b/lib/authorization.rb @@ -322,7 +322,47 @@ module OpenTox alias :token_valid? :is_token_valid end - end + #Check Authorization for URI with method and subjectid. + def self.authorized?(uri, request_method, subjectid) + return true if OpenTox::Authorization.whitelisted?(uri, request_method) + if CONFIG[:authorization][:authorize_request].include?(request_method) + ret = OpenTox::Authorization.authorize(uri, request_method, subjectid) + LOGGER.debug "OpenTox helpers OpenTox::Authorization authorized? method: #{request_method} , URI: #{uri}, subjectid: #{subjectid} with return >>#{ret}<<" + return ret + end + if CONFIG[:authorization][:authenticate_request].include?(request_method) + return true if OpenTox::Authorization.is_token_valid(subjectid) + end + LOGGER.debug "Not authorized for: #{uri} with Method: #{request_method} with Token #{subjectid}" + return false + end + + @@whitelist = {} + + private + def self.whitelisted?(uri, request_method) + return false unless @@whitelist[request_method] + @@whitelist[request_method].each do |r| + return true if r.match(uri) + end + return false + end + + public + def self.whitelist(uri_match, request_method) + if uri_match.is_a?(Regexp) + uri_regex = uri_match + elsif uri_match.is_a?(String) + uri_regex = Regexp.new("^"+uri_match+"$") + else + raise "uri-match param is neither string(->exact uri match) nor regexp: "+uri_match.class + end + LOGGER.info("whitelisted "+request_method+" "+uri_regex.to_s) + @@whitelist[request_method] = [] unless @@whitelist[request_method] + @@whitelist[request_method] << uri_regex + end + + end end |