Class: RoadForest::RemoteHost::AuthorizationDecider
- Inherits:
-
Object
- Object
- RoadForest::RemoteHost::AuthorizationDecider
show all
- Includes:
- Graph::Normalization
- Defined in:
- lib/roadforest/remote-host.rb
Constant Summary
Graph::Normalization::Vocabs
Instance Attribute Summary collapse
Instance Method Summary
collapse
#expand_curie, #expand_curie_pair, #interned_uri, #literal, #normalize_context, #normalize_property, #normalize_resource, #normalize_statement, #normalize_term, #normalize_tuple, #normalize_uri, #relevant_prefixes_for_graph, #root_url, #uri, #vocabularies_in_graph
Constructor Details
Returns a new instance of AuthorizationDecider.
107
108
109
110
111
112
113
114
|
# File 'lib/roadforest/remote-host.rb', line 107
def initialize(remote_host, focus)
@graph = SourceRigor::RetrieveManager.new
graph.rigor = remote_host.source_rigor
graph.source_graph = focus.access_manager.source_graph
@resource = focus.subject
@keychain = remote_host.user_agent.keychain
end
|
Instance Attribute Details
#grant_list_pattern ⇒ Object
Returns the value of attribute grant_list_pattern.
116
117
118
|
# File 'lib/roadforest/remote-host.rb', line 116
def grant_list_pattern
@grant_list_pattern
end
|
#graph ⇒ Object
Returns the value of attribute graph.
116
117
118
|
# File 'lib/roadforest/remote-host.rb', line 116
def graph
@graph
end
|
#keychain ⇒ Object
Returns the value of attribute keychain.
116
117
118
|
# File 'lib/roadforest/remote-host.rb', line 116
def keychain
@keychain
end
|
#resource ⇒ Object
Returns the value of attribute resource.
116
117
118
|
# File 'lib/roadforest/remote-host.rb', line 116
def resource
@resource
end
|
Instance Method Details
#affordance_type(method) ⇒ Object
179
180
181
182
183
184
185
186
187
188
189
190
191
192
|
# File 'lib/roadforest/remote-host.rb', line 179
def affordance_type(method)
case method.downcase
when "get"
Graph::Af.Navigate
when "post"
Graph::Af.Create
when "put"
Graph::Af.Update
when "delete"
Graph::Af.Destroy
else
Graph::Af[method] end
end
|
#authby_query(method) ⇒ Object
194
195
196
197
198
199
200
201
202
|
# File 'lib/roadforest/remote-host.rb', line 194
def authby_query(method)
af_type = affordance_type(method)
resource = self.resource
SourceRigor::ResourceQuery.new([], {:subject_context => resource}) do
pattern [:aff, Graph::Af.target, resource]
pattern [:aff, ::RDF.type, af_type]
pattern [:aff, Graph::Af.authorizedBy, :authz]
end
end
|
#direct_check(url) ⇒ Object
147
148
149
150
151
152
153
154
155
156
157
158
159
160
|
# File 'lib/roadforest/remote-host.rb', line 147
def direct_check(url)
statements = graph.query(:subject => url)
if !statements.empty?
return true
else
annealer = SourceRigor::CredenceAnnealer.new(graph.source_graph)
annealer.resolve do
graph.query(list_pattern_query(url)) do |solution|
@grant_list_pattern = solution[:pattern].value
end
end
return false
end
end
|
#forbidden?(method) ⇒ Boolean
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
|
# File 'lib/roadforest/remote-host.rb', line 118
def forbidden?(method)
annealer = SourceRigor::CredenceAnnealer.new(graph.source_graph)
permissions = []
annealer.resolve do
permissions.clear
@grant_list_pattern = nil
graph.query(authby_query(method)) do |solution|
permissions << solution[:authz]
end
permissions.each do |grant|
return false if have_grant?(grant)
end
end
return false if permissions.empty?
return true
end
|
#grant_list(creds) ⇒ Object
162
163
164
165
166
167
168
169
|
# File 'lib/roadforest/remote-host.rb', line 162
def grant_list(creds)
return [] if grant_list_pattern.nil?
template = Addressable::Template.new(grant_list_pattern)
grant_list_url = uri(template.expand( :username => creds.user.to_s ).to_s)
graph.query_resource_pattern(grant_list_url, :subject => grant_list_url, :predicate => Graph::Af.grants).map do |stmt|
stmt.object
end
end
|
#have_grant?(url) ⇒ Boolean
138
139
140
141
142
143
144
145
|
# File 'lib/roadforest/remote-host.rb', line 138
def have_grant?(url)
creds = keychain.credentials_for(url)
if grant_list_pattern.nil? or creds.nil?
direct_check(url)
else
grant_list(creds).include?(url)
end
end
|
#list_pattern_query(url) ⇒ Object
171
172
173
174
175
176
177
|
# File 'lib/roadforest/remote-host.rb', line 171
def list_pattern_query(url)
SourceRigor::ResourceQuery.new([], :subject_context => url) do
pattern [:af, ::RDF.type, Graph::Af.Navigate]
pattern [:af, Graph::Af.target, :pnode]
pattern [:pnode, Graph::Af.pattern, :pattern]
end
end
|