From 53a6d76d44543ba8109bc6fa1a609e30dd7e91ff Mon Sep 17 00:00:00 2001 From: mguetlein Date: Wed, 26 Jan 2011 16:08:57 +0100 Subject: documented new autorization function --- lib/authorization.rb | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'lib/authorization.rb') diff --git a/lib/authorization.rb b/lib/authorization.rb index c6f39c1..6a8a174 100644 --- a/lib/authorization.rb +++ b/lib/authorization.rb @@ -322,7 +322,11 @@ module OpenTox alias :token_valid? :is_token_valid end - #Check Authorization for URI with method and subjectid. + # Check Authorization for a resource (identified via URI) with method and subjectid. + # @param [String] uri + # @param [String] request_method, should be GET, POST, PUT, DELETE + # @param [String] subjectid + # @return [Boolean] true if access granted, else otherwise def self.authorized?(uri, request_method, subjectid) return true if OpenTox::Authorization.whitelisted?(uri, request_method) if CONFIG[:authorization][:authorize_request].include?(request_method) @@ -349,6 +353,9 @@ module OpenTox end public + # adds uri/regexp-for-matching-uri to the whitelist for a request-method (i.e. access will be granted without cheking the A&A service) + # @param [String or Regexp] uri_match if string match must be ecaxt + # @param [String] request_method, must be GET, POST, PUT, DELETE def self.whitelist(uri_match, request_method) if uri_match.is_a?(Regexp) uri_regex = uri_match @@ -357,7 +364,7 @@ module OpenTox else raise "uri-match param is neither string(->exact uri match) nor regexp: "+uri_match.class end - LOGGER.info("whitelisted "+request_method+" "+uri_regex.to_s) + LOGGER.info("whitelisted "+request_method.to_s+" "+uri_regex.to_s) @@whitelist[request_method] = [] unless @@whitelist[request_method] @@whitelist[request_method] << uri_regex end -- cgit v1.2.3