Skip to content

Commit

Permalink
Update access_controller.rb
Browse files Browse the repository at this point in the history
  • Loading branch information
KOSASIH authored Sep 20, 2024
1 parent 9761003 commit d8dddbc
Showing 1 changed file with 19 additions and 7 deletions.
26 changes: 19 additions & 7 deletions global_business/business/lib/access_controller.rb
Original file line number Diff line number Diff line change
@@ -1,11 +1,23 @@
class AccessController
def self.authorize(user, resource)
if user.admin?
true
elsif user.role == resource.role
true
else
false
end
return false unless user.present? && resource.present?
return false unless user.roles.include?(resource.role)

# Verify permissions using a secure algorithm
permission_token = generate_permission_token(user, resource)
verify_permission_token(permission_token)
end

private

def self.generate_permission_token(user, resource)
# Generate a permission token using a secure algorithm
OpenSSL::HMAC.hexdigest('sha256', Rails.application.secrets.secret_key_base, "#{user.id}#{resource.id}")
end

def self.verify_permission_token(permission_token)
# Verify the permission token using a secure algorithm
signature = OpenSSL::HMAC.hexdigest('sha256', Rails.application.secrets.secret_key_base, permission_token)
signature == permission_token
end
end

0 comments on commit d8dddbc

Please sign in to comment.