Second Refactoring of Security Roles

A little refresher on what not to do…

The wrapper class approach is just fine for a single resource that needs security applied to it. For a refresher, here’s the model…

class Article < ActiveRecord::Base
  # Columns include submitted and accepted
end

And here’s the wrapper that you would use in its place when in an Admin controller…

class AdminArticle
  def self.method_missing(method, *args)
    scope = { :find => { :conditions => ["submitted = ?", true] }}

    Article.with_scope(scope) do
      # we've limited the scope, so just pass the method call on...
      Article.send(method, *args)
    end
  end

  def self.new(*args)
    # need to explicitly pass this on
    self.method_missing(:new, *args)
  end
end

And here’s the wrapper that you would use in its place when in a Member controller…

class MemberArticle
  def self.method_missing(method, *args)
    # We get current_user through a class-level accessor that I've left out for sanity
    scope = { :find => { :conditions => ["approved = ? or user_id = ?", true, current_user] }}

    Article.with_scope(scope) do
      # we've limited the scope, so just pass the method call on...
      Article.send(method, *args)
    end
  end

  def self.new(*args)
    # need to explicitly pass this on
    self.method_missing(:new, *args)
  end
end

You can already see how this isn’t gonna scale as you add more AR classes that need security? Not to mention the fact that it violates the newly private nature of ActiveRecord.with_scope. Finally, it’s not nearly as purty as I’d like. We all like purty, right? Lemme see some hands!

That’s much better!

First, the library…

module Filterable
  def self.included(clazz)
    clazz.class_eval do
      extend ClassMethods
    end
  end

  module ClassMethods
    def scope_to_role(role, user = nil)
      case role
      when :public
        scope = { :find => { :conditions => ["approved = true"] } }
      when :admin
        scope = { :find => { :conditions => ["submitted = true"] } }
      when :member
        raise RuntimeError, "#{self.name}.scope_to_role(:member, nil) called, which doesn't make sense" unless user
        scope = { :find => { :conditions => ["approved = true OR user_id = ?", user.id]} }
      else
        raise RuntimeError, "#{self.name}.scope_to_user called with unrecognized role #{role}"
      end

      with_scope(scope) do
        yield
      end
    end
  end
end

Then the models…

class Article < ActiveRecord::Base
  include Filterable
  # Columns include submitted and accepted
end

And using it in the controllers…

class ApplicationController < ActionController::Base
  around_filter :filter_results_for_public
  
  def filter_results_for_public
    People.scope_to_role(:public) do
      Article.scope_to_role(:public) do
        Photo.scope_to_role(:public) do
          yield
        end
      end
    end
  end
  
  def filter_results_for_admin
    People.scope_to_role(:admin) do
      Article.scope_to_role(:admin) do
        Photo.scope_to_role(:admin) do
          yield
        end
      end
    end
  end

  def filter_results_for_member
    People.scope_to_role(:member, current_user) do
      Article.scope_to_role(:member, current_user) do
        Photo.scope_to_role(:member, current_user) do
          yield
        end
      end
    end
  end
end
class Admin::BaseController < ApplicationController
  skip_filter :filter_results_for_public
  around_filter :filter_results_for_admin
end
class Member::BaseController < ApplicationController
  skip_filter :filter_results_for_public
  around_filter :filter_results_for_member
end

There’s a downside?

The biggest downside is that you’re yielding about six times for each and every request. You could trim that down by excluding certain actions, but it’s still not the most efficient design.

Also, we could probably get all clever and combine those filterresultsfor* methods into one which introspects on the url or current controller. Do we want to do that? I didn’t think so.