lib/gds-sso/controller_methods.rb in gds-sso-13.0.0 vs lib/gds-sso/controller_methods.rb in gds-sso-13.1.0
- old
+ new
@@ -11,17 +11,30 @@
base.helper_method :user_signed_in?
base.helper_method :current_user
end
- def authorise_user!(permission)
+ def authorise_user!(permissions)
# Ensure that we're authenticated (and by extension that current_user is set).
# Otherwise current_user might be nil, and we'd error out
authenticate_user!
- if not current_user.has_permission?(permission)
- raise PermissionDeniedException, "Sorry, you don't seem to have the #{permission} permission for this app."
+ case permissions
+ when String
+ unless current_user.has_permission?(permissions)
+ raise PermissionDeniedException, "Sorry, you don't seem to have the #{permissions} permission for this app."
+ end
+ when Hash
+ raise ArgumentError, "Must be either `any_of` or `all_of`" unless permissions.keys.size == 1
+
+ if permissions[:any_of]
+ authorise_user_with_at_least_one_of_permissions!(permissions[:any_of])
+ elsif permissions[:all_of]
+ authorise_user_with_all_permissions!(permissions[:all_of])
+ else
+ raise ArgumentError, "Must be either `any_of` or `all_of`"
+ end
end
end
def require_signin_permission!
authorise_user!('signin')
@@ -49,9 +62,25 @@
warden.logout
end
def warden
request.env['warden']
+ end
+
+ private
+
+ def authorise_user_with_at_least_one_of_permissions!(permissions)
+ if permissions.none? { |permission| current_user.has_permission?(permission) }
+ raise PermissionDeniedException,
+ "Sorry, you don't seem to have any of the permissions: #{permissions.to_sentence} for this app."
+ end
+ end
+
+ def authorise_user_with_all_permissions!(permissions)
+ unless permissions.all? { |permission| current_user.has_permission?(permission) }
+ raise PermissionDeniedException,
+ "Sorry, you don't seem to have all of the permissions: #{permissions.to_sentence} for this app."
+ end
end
end
end
end