Allow host apps to customize public authorization

It's very useful when you want to make some things available to only a
selected group of logged users.

app/controllers/comfy/cms/content_controller.rb

@@ -3,9 +3,13 @@ class Comfy::Cms::ContentController < Comfy::Cms::BaseController
   # Authentication module must have `authenticate` method
   include ComfortableMexicanSofa.config.public_auth.to_s.constantize
 
+  # Authorization module must have `authorize` method
+  include ComfortableMexicanSofa.config.public_authorization.to_s.constantize
+
   before_action :load_fixtures
   before_action :load_cms_page,
                 :authenticate,
+                :authorize,
                 :only => :show
 
   rescue_from ActiveRecord::RecordNotFound, :with => :page_not_found

config/initializers/comfortable_mexican_sofa.rb

@@ -21,6 +21,11 @@
   # your logic. Default module doesn't do anything.
   #   config.public_auth = 'ComfyPublicAuthentication'
 
+  # Module responsible for public authorization. It should have #authorize
+  # method that returns true or false based on params and loaded instance
+  # variables available for a given controller.
+  #   config.public_authorization = 'ComfyPublicAuthorization'
+
   # When arriving at /cms-admin you may chose to redirect to arbirtary path,
   # for example '/cms-admin/users'
   #   config.admin_route_redirect = ''
@@ -119,3 +124,10 @@
 #     return true
 #   end
 # end
+
+# Uncomment this module and `config.public_authorization` above to use custom public authorization
+# module ComfyPublicAuthorization
+#   def authorize
+#     return true
+#   end
+# end

lib/comfortable_mexican_sofa.rb

@@ -10,6 +10,7 @@
 require_relative 'comfortable_mexican_sofa/access_control/admin_authentication'
 require_relative 'comfortable_mexican_sofa/access_control/admin_authorization'
 require_relative 'comfortable_mexican_sofa/access_control/public_authentication'
+require_relative 'comfortable_mexican_sofa/access_control/public_authorization'
 require_relative 'comfortable_mexican_sofa/render_methods'
 require_relative 'comfortable_mexican_sofa/view_hooks'
 require_relative 'comfortable_mexican_sofa/form_builder'

lib/comfortable_mexican_sofa/access_control/public_authorization.rb

@@ -0,0 +1,8 @@
+module ComfortableMexicanSofa::AccessControl
+  module PublicAuthorization
+    # By default there's no authorization of any kind
+    def authorize
+      true
+    end
+  end
+end

lib/comfortable_mexican_sofa/configuration.rb

@@ -18,6 +18,9 @@ class ComfortableMexicanSofa::Configuration
   # Module that will handle authentication for public pages
   attr_accessor :public_auth
 
+  # Module that will handle authorization against public resources
+  attr_accessor :public_authorization
+
   # When arriving at /cms-admin you may chose to redirect to arbirtary path,
   # for example '/cms-admin/users'
   attr_accessor :admin_route_redirect
@@ -82,6 +85,7 @@ def initialize
     @admin_auth           = 'ComfortableMexicanSofa::AccessControl::AdminAuthentication'
     @admin_authorization  = 'ComfortableMexicanSofa::AccessControl::AdminAuthorization'
     @public_auth          = 'ComfortableMexicanSofa::AccessControl::PublicAuthentication'
+    @public_authorization = 'ComfortableMexicanSofa::AccessControl::PublicAuthorization'
     @seed_data_path       = nil
     @admin_route_redirect = ''
     @enable_sitemap       = true

test/integration/access_control_test.rb

@@ -24,13 +24,15 @@ def authorize
     end
 
     # faking ComfortableMexicanSofa.config.admin_authorization = 'AccessControlTest::TestAuthorization'
+    # faking ComfortableMexicanSofa.config.public_authorization = 'AccessControlTest::TestAuthorization'
     class SitesController       < Comfy::Admin::Cms::SitesController;       include Authorize; end
     class LayoutsController     < Comfy::Admin::Cms::LayoutsController;     include Authorize; end
     class PagesController       < Comfy::Admin::Cms::PagesController;       include Authorize; end
     class SnippetsController    < Comfy::Admin::Cms::SnippetsController;    include Authorize; end
     class FilesController       < Comfy::Admin::Cms::FilesController;       include Authorize; end
     class CategoriesController  < Comfy::Admin::Cms::CategoriesController;  include Authorize; end
     class RevisionsController   < Comfy::Admin::Cms::RevisionsController;   include Authorize; end
+    class ContentController     < Comfy::Cms::ContentController;            include Authorize; end
   end
 
 
@@ -127,6 +129,14 @@ def test_public_authentication_default
     assert_response :success, response.body
   end
 
+  def test_public_authorization_default
+    assert_equal 'ComfortableMexicanSofa::AccessControl::PublicAuthorization',
+      ComfortableMexicanSofa.config.public_authorization
+
+    get '/'
+    assert_response :success, response.body
+  end
+
   def test_public_authentication_custom
     with_routing do |routes|
       routes.draw do
@@ -138,4 +148,17 @@ def test_public_authentication_custom
       assert_equal 'Test Login Denied', response.body
     end
   end
-end
+
+  def test_public_authorization_custom
+    with_routing do |routes|
+      routes.draw do
+        get '/:format' => 'access_control_test/test_authorization/content#show', :path => "(*cms_path)"
+      end
+
+      get '/'
+      assert_response :forbidden
+      assert_equal 'Test Access Denied', response.body
+    end
+  end
+
+end

test/test_helper.rb

@@ -30,6 +30,7 @@ def reset_config
       config.admin_auth           = 'ComfortableMexicanSofa::AccessControl::AdminAuthentication'
       config.admin_authorization  = 'ComfortableMexicanSofa::AccessControl::AdminAuthorization'
       config.public_auth          = 'ComfortableMexicanSofa::AccessControl::PublicAuthentication'
+      config.public_authorization = 'ComfortableMexicanSofa::AccessControl::PublicAuthorization'
       config.admin_route_redirect = ''
       config.enable_fixtures      = false
       config.fixtures_path        = File.expand_path('db/cms_fixtures', Rails.root)
@@ -161,4 +162,4 @@ def read_file(filename)
     )
   end
 
-end
+end