Class: RoadForest::RemoteHost::AuthorizationDecider

Inherits:

Object

• Object
• RoadForest::RemoteHost::AuthorizationDecider

Includes:

Graph::Normalization

Defined in:

lib/roadforest/remote-host.rb

Constant Summary

Constants included from Graph::Normalization

Graph::Normalization::Vocabs

Instance Attribute Summary

• #grant_list_pattern ⇒ Object readonly

  Returns the value of attribute grant_list_pattern.

• #graph ⇒ Object readonly

  Returns the value of attribute graph.

• #keychain ⇒ Object readonly

  Returns the value of attribute keychain.

• #resource ⇒ Object readonly

  Returns the value of attribute resource.

Instance Method Summary

• #affordance_type(method) ⇒ Object
• #authby_query(method) ⇒ Object
• #direct_check(url) ⇒ Object
• #forbidden?(method) ⇒ Boolean
• #grant_list(creds) ⇒ Object
• #have_grant?(url) ⇒ Boolean
• #initialize(remote_host, focus) ⇒ AuthorizationDecider constructor

  A new instance of AuthorizationDecider.

• #list_pattern_query(url) ⇒ Object

Methods included from Graph::Normalization

#expand_curie, #expand_curie_pair, #interned_uri, #literal, #normalize_context, #normalize_property, #normalize_resource, #normalize_statement, #normalize_term, #normalize_tuple, #normalize_uri, #relevant_prefixes_for_graph, #root_url, #uri, #vocabularies_in_graph

Constructor Details

#initialize(remote_host, focus) ⇒ AuthorizationDecider

Returns a new instance of AuthorizationDecider.

# File 'lib/roadforest/remote-host.rb', line 107

def initialize(remote_host, focus)
  @graph = SourceRigor::RetrieveManager.new
  graph.rigor = remote_host.source_rigor
  graph.source_graph = focus.access_manager.source_graph

  @resource = focus.subject
  @keychain = remote_host.user_agent.keychain
end

Instance Attribute Details

#grant_list_pattern ⇒ Object (readonly)

Returns the value of attribute grant_list_pattern.

# File 'lib/roadforest/remote-host.rb', line 116

def grant_list_pattern
  @grant_list_pattern
end

#graph ⇒ Object (readonly)

Returns the value of attribute graph.

# File 'lib/roadforest/remote-host.rb', line 116

def graph
  @graph
end

#keychain ⇒ Object (readonly)

Returns the value of attribute keychain.

# File 'lib/roadforest/remote-host.rb', line 116

def keychain
  @keychain
end

#resource ⇒ Object (readonly)

Returns the value of attribute resource.

# File 'lib/roadforest/remote-host.rb', line 116

def resource
  @resource
end

Instance Method Details

#affordance_type(method) ⇒ Object

# File 'lib/roadforest/remote-host.rb', line 179

def affordance_type(method)
  case method.downcase
  when "get"
    Graph::Af.Navigate
  when "post"
    Graph::Af.Create
  when "put"
    Graph::Af.Update
  when "delete"
    Graph::Af.Destroy
  else
    Graph::Af[method] #allow passthrough
  end
end

#authby_query(method) ⇒ Object

# File 'lib/roadforest/remote-host.rb', line 194

def authby_query(method)
  af_type = affordance_type(method)
  resource = self.resource
  SourceRigor::ResourceQuery.new([], {:subject_context => resource}) do
    pattern [:aff, Graph::Af.target, resource]
    pattern [:aff, ::RDF.type, af_type]
    pattern [:aff, Graph::Af.authorizedBy, :authz]
  end
end

#direct_check(url) ⇒ Object

# File 'lib/roadforest/remote-host.rb', line 147

def direct_check(url)
  statements = graph.query(:subject => url)
  if !statements.empty?
    return true
  else
    annealer = SourceRigor::CredenceAnnealer.new(graph.source_graph)
    annealer.resolve do
      graph.query(list_pattern_query(url)) do |solution|
        @grant_list_pattern = solution[:pattern].value
      end
    end
    return false
  end
end

#forbidden?(method) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/roadforest/remote-host.rb', line 118

def forbidden?(method)
  annealer = SourceRigor::CredenceAnnealer.new(graph.source_graph)

  permissions = []
  annealer.resolve do
    permissions.clear
    @grant_list_pattern = nil

    graph.query(authby_query(method)) do |solution|
      permissions << solution[:authz]
    end
    permissions.each do |grant|
      return false if have_grant?(grant)
    end
  end

  return false if permissions.empty?
  return true
end

#grant_list(creds) ⇒ Object

# File 'lib/roadforest/remote-host.rb', line 162

def grant_list(creds)
  return [] if grant_list_pattern.nil?
  template = Addressable::Template.new(grant_list_pattern)
  grant_list_url = uri(template.expand( :username => creds.user.to_s ).to_s)
  graph.query_resource_pattern(grant_list_url, :subject => grant_list_url, :predicate => Graph::Af.grants).map do |stmt|
    stmt.object
  end
end

#have_grant?(url) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/roadforest/remote-host.rb', line 138

def have_grant?(url)
  creds = keychain.credentials_for(url)
  if grant_list_pattern.nil? or creds.nil?
    direct_check(url)
  else
    grant_list(creds).include?(url)
  end
end

#list_pattern_query(url) ⇒ Object

# File 'lib/roadforest/remote-host.rb', line 171

def list_pattern_query(url)
  SourceRigor::ResourceQuery.new([], :subject_context => url) do
    pattern [:af, ::RDF.type, Graph::Af.Navigate]
    pattern [:af, Graph::Af.target, :pnode]
    pattern [:pnode, Graph::Af.pattern, :pattern]
  end
end